OTL logfile created on: 8/2/2011 12:45:41 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = G:\ 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.79 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 58.05% Memory free 7.58 Gb Paging File | 5.91 Gb Available in Paging File | 77.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 237.90 Gb Total Space | 215.56 Gb Free Space | 90.61% Space Free | Partition Type: NTFS Drive D: | 342.34 Gb Total Space | 342.20 Gb Free Space | 99.96% Space Free | Partition Type: NTFS Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 3.73 Gb Total Space | 3.12 Gb Free Space | 83.63% Space Free | Partition Type: FAT32 Computer Name: bfm-PC | User Name: bfm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/08/02 16:51:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\tol.exe PRC - [2010/09/28 22:02:56 | 000,779,872 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe PRC - [2010/09/28 22:01:36 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe PRC - [2010/08/26 20:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2010/08/15 20:24:30 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/08/11 02:34:40 | 004,384,560 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2010/08/09 04:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/07/30 03:20:18 | 001,752,680 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2010/06/24 05:11:08 | 000,273,680 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\mswinext.exe PRC - [2010/05/23 00:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe PRC - [2010/02/10 09:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2010/02/03 17:19:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/02/03 17:19:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe PRC - [2009/06/03 06:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 09:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2009/04/14 21:21:12 | 000,307,200 | ---- | M] () -- C:\Windows\SetDisplayResolution.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011/08/02 16:51:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\tol.exe MOD - [2010/08/16 13:46:00 | 000,100,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvinit.dll MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010/06/07 01:39:40 | 000,911,872 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv) SRV:[b]64bit:[/b] - [2010/06/07 01:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent) SRV:[b]64bit:[/b] - [2010/03/04 20:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2010/03/04 20:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2010/03/04 20:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/08/15 20:24:30 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/06/01 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/05/23 00:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe -- (NIS) SRV - [2010/02/03 17:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010/02/03 17:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010/08/30 20:13:02 | 000,118,664 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2010/08/30 09:45:48 | 000,394,016 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:[b]64bit:[/b] - [2010/08/30 07:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:[b]64bit:[/b] - [2010/08/25 15:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2010/08/16 13:46:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2010/06/17 20:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:[b]64bit:[/b] - [2010/05/30 22:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:[b]64bit:[/b] - [2010/05/16 03:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel(R) Centrino(R) DRV:[b]64bit:[/b] - [2010/05/16 03:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) DRV:[b]64bit:[/b] - [2010/05/16 03:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) DRV:[b]64bit:[/b] - [2010/04/27 18:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2010/04/27 02:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:[b]64bit:[/b] - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/05/28 01:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3685146816-85811682-3049726123-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com IE - HKU\S-1-5-21-3685146816-85811682-3049726123-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com IE - HKU\S-1-5-21-3685146816-85811682-3049726123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010/09/28 22:55:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/28 22:55:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/09/28 22:55:57 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3685146816-85811682-3049726123-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3685146816-85811682-3049726123-1001..\Run: [Best Buy pc app] C:\Users\bfm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-21-3685146816-85811682-3049726123-1000..\RunOnce: [mctadmin] File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3685146816-85811682-3049726123-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/08/02 12:32:43 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Roaming\Macromedia [2011/08/02 12:27:05 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Roaming\Adobe [2011/08/02 12:23:48 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Local\SRS Labs [2011/08/02 12:23:46 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy [2011/08/02 12:23:21 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Roaming\Intel [2011/08/02 12:23:19 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Local\Apps [2011/08/02 12:23:14 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Local\Deployment [2011/08/02 12:23:11 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Local\Power2Go [2011/08/02 12:21:58 | 000,000,000 | R--D | C] -- C:\Users\bfm\Searches [2011/08/02 12:21:58 | 000,000,000 | R--D | C] -- C:\Users\bfm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011/08/02 12:21:57 | 000,000,000 | -H-D | C] -- C:\Users\bfm\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2011/08/02 12:21:50 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Roaming\Identities [2011/08/02 12:21:48 | 000,000,000 | R--D | C] -- C:\Users\bfm\Contacts [2011/08/02 12:21:45 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Local\VirtualStore [2011/08/02 12:20:49 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam [2011/08/02 12:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2011/08/02 12:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\AppData\Local\Temporary Internet Files [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\Templates [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\Start Menu [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\SendTo [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\Recent [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\PrintHood [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\NetHood [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\Documents\My Videos [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\Documents\My Pictures [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\Documents\My Music [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\My Documents [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\Local Settings [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\AppData\Local\History [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\Cookies [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\Application Data [2011/08/02 12:18:24 | 000,000,000 | -HSD | C] -- C:\Users\bfm\AppData\Local\Application Data [2011/08/02 12:18:23 | 000,000,000 | --SD | C] -- C:\Users\bfm\AppData\Roaming\Microsoft [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\Videos [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\Saved Games [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\Pictures [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\Music [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\Links [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\Favorites [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\Downloads [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\Documents [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\Desktop [2011/08/02 12:18:23 | 000,000,000 | R--D | C] -- C:\Users\bfm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011/08/02 12:18:23 | 000,000,000 | -H-D | C] -- C:\Users\bfm\AppData [2011/08/02 12:18:23 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Local\Temp [2011/08/02 12:18:23 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Local\Microsoft [2011/08/02 12:18:23 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Roaming\Media Center Programs [2011/08/02 12:18:23 | 000,000,000 | ---D | C] -- C:\Users\bfm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite [2011/08/02 12:17:55 | 000,000,000 | -HSD | C] -- C:\Recovery [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/08/02 12:45:10 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2011/08/02 12:45:10 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2011/08/02 12:45:10 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2011/08/02 12:31:44 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/08/02 12:31:44 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/08/02 12:26:02 | 000,001,437 | ---- | M] () -- C:\Users\bfm\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/08/02 12:23:46 | 000,000,398 | ---- | M] () -- C:\Users\bfm\Desktop\pc app.appref-ms [2011/08/02 12:21:35 | 000,001,076 | ---- | M] () -- C:\Users\bfm\Desktop\Your Feedback is Important.lnk [2011/08/02 12:19:37 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\MultimediaPOP.lnk [2011/08/02 12:19:07 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_QX310_03MX.mrk [2011/08/02 08:17:05 | 000,039,219 | ---- | M] () -- C:\windows\SysWow64\license.rtf [2011/08/02 08:17:05 | 000,039,219 | ---- | M] () -- C:\windows\SysNative\license.rtf [2011/08/02 08:16:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/08/02 08:16:10 | 4070,748,160 | -HS- | M] () -- C:\hiberfil.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/08/02 12:26:02 | 000,001,437 | ---- | C] () -- C:\Users\bfm\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/08/02 12:23:46 | 000,000,398 | ---- | C] () -- C:\Users\bfm\Desktop\pc app.appref-ms [2011/08/02 12:23:02 | 000,001,409 | ---- | C] () -- C:\Users\bfm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011/08/02 12:22:15 | 000,001,443 | ---- | C] () -- C:\Users\bfm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/08/02 12:21:35 | 000,001,076 | ---- | C] () -- C:\Users\bfm\Desktop\Your Feedback is Important.lnk [2011/08/02 12:19:37 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\MultimediaPOP.lnk [2011/08/02 12:19:07 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_QX310_03MX.mrk [2011/08/02 12:18:23 | 000,000,290 | ---- | C] () -- C:\Users\bfm\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2011/08/02 12:18:23 | 000,000,272 | ---- | C] () -- C:\Users\bfm\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2010/09/29 14:16:02 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin [2010/09/29 14:16:02 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll [2010/09/29 14:16:02 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll [2010/09/29 14:16:01 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin [2010/09/29 14:15:59 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin [2010/09/28 22:53:31 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2010/09/28 22:13:28 | 000,002,134 | ---- | C] () -- C:\windows\HotFixList.ini [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin [2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin [2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin [2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [color=#E56717]========== LOP Check ==========[/color] [2009/07/14 00:08:49 | 000,003,122 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] < End of report >