OTL logfile created on: 3/19/2012 4:37:20 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 90.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.51 Gb Total Space | 50.26 Gb Free Space | 67.45% Space Free | Partition Type: NTFS Drive D: | 127.99 Gb Total Space | 108.70 Gb Free Space | 84.93% Space Free | Partition Type: NTFS Drive E: | 337.77 Gb Total Space | 319.43 Gb Free Space | 94.57% Space Free | Partition Type: NTFS Drive F: | 1.86 Gb Total Space | 0.90 Gb Free Space | 48.37% Space Free | Partition Type: FAT Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011/12/06 17:00:14 | 000,214,896 | -H-- | M] () [Auto] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2011/06/13 12:06:13 | 000,651,720 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2006/08/28 01:58:10 | 000,126,976 | -H-- | M] (Visioneer Inc.) [Auto] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (SetupNTGLM7X) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (NTACCESS) DRV - File not found [Kernel | On_Demand] -- -- (MSICPL) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2011/04/04 15:55:38 | 000,020,480 | -H-- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp) DRV - [2010/05/20 11:36:36 | 000,054,016 | -H-- | M] (HTL) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TSUSB2.sys -- (TSUSB2) DRV - [2010/03/30 23:50:26 | 000,911,400 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2010/01/14 17:53:18 | 000,037,160 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2010/01/14 17:53:16 | 000,037,032 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2009/11/18 18:13:04 | 000,556,200 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2009/11/18 18:12:56 | 000,118,440 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2009/11/18 18:12:54 | 000,059,688 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2009/11/18 18:12:46 | 000,047,656 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2009/07/10 14:01:06 | 000,025,856 | -H-- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb) DRV - [2009/01/29 18:18:00 | 000,008,320 | -H-- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2007/11/02 16:51:30 | 000,006,400 | -H-- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2006/11/02 19:51:58 | 000,013,560 | -H-- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) DRV - [2006/08/28 19:10:06 | 000,158,208 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006/07/17 17:07:28 | 000,017,290 | RH-- | M] (Broadcom Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btpmw32.sys -- (BCMTPM) DRV - [2005/10/09 22:35:32 | 000,017,792 | -H-- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibm.com IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibm.com IE - HKU\Administrator_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.* IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibm.com IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibm.com [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&source=mpes" FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AD2&o=102164&locale=en_US&apn_uid=AD0D054D-AA01-4CAB-82DF-8F625A581DF4&apn_ptnrs=JH&apn_sauid=A3DFCE32-916F-4D52-9780-B49773E63369&apn_dtid=YYYYYYSEUS&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/27 11:02:57 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 10:11:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2012/03/05 07:50:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m3kf9q9r.default\extensions [2012/03/05 07:50:38 | 000,000,000 | -H-D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m3kf9q9r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012/03/05 07:50:37 | 000,000,000 | -H-D | M] (Roomy Bookmarks Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m3kf9q9r.default\extensions\ALone-live@ya.ru [2012/02/01 10:01:17 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m3kf9q9r.default\extensions\toolbar@ask.com [2010/09/28 23:39:14 | 000,002,333 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m3kf9q9r.default\searchplugins\askcom.xml [2012/01/06 12:59:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M3KF9Q9R.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M3KF9Q9R.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M3KF9Q9R.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI [2011/12/05 09:50:51 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/06/14 18:32:46 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012/02/17 12:23:17 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/10/05 08:41:35 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/10 07:15:01 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2004/08/03 22:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [ldmtqETJLYi.exe] C:\Documents and Settings\All Users\Application Data\ldmtqETJLYi.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OP14 Reminder] C:\Program Files\ScanSoft\OmniPagePro14.0\EregEng\Ereg.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [OpScheduler] C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [Opware14] C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [Passport Web Edition Client] C:\Program Files\NCR\Passport Web Edition\pwecsrvc.exe (NCR Corporation) O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe () O4 - HKLM..\Run: [WorkFlowTray] C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe (ScanSoft, Inc.) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/06/13 11:47:49 | 000,000,000 | -H-D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2011/05/05 17:49:36 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/10/20 15:06:15 | 000,000,000 | -H-D | M] - D:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2010/09/30 15:38:55 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{31f30b5c-b849-11e0-9196-001a6b4e4812}\Shell - "" = AutoRun O33 - MountPoints2\{31f30b5c-b849-11e0-9196-001a6b4e4812}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{31f30b5c-b849-11e0-9196-001a6b4e4812}\Shell\AutoRun\command - "" = G:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/03/19 14:45:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2012/03/19 14:35:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink PowerDVD [2012/03/19 07:34:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\System Check [2012/03/15 08:21:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Banking [2012/03/12 12:09:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Purchase Orders and templates [2012/03/02 10:39:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\First Citizens Bank [2012/03/02 10:33:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Silver Bullet Technology [2012/03/02 10:32:16 | 000,000,000 | -H-D | C] -- C:\Program Files\DIFX [2012/03/02 10:32:14 | 000,054,016 | -H-- | C] (HTL) -- C:\WINDOWS\System32\drivers\TSUSB2.sys [2012/03/02 10:32:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Passport Web Edition Client [2012/03/02 10:32:10 | 000,000,000 | -H-D | C] -- C:\Program Files\NCR [2012/02/28 12:24:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\PNC Banking [2012/02/28 11:41:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2012/02/28 11:41:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/28 11:41:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/02/28 11:41:49 | 000,020,464 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/02/28 11:41:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/02/27 11:02:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2012/02/27 11:02:35 | 000,000,000 | -H-D | C] -- C:\Program Files\QuickTime [2012/02/21 09:48:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Sales Brochures [2012/02/20 08:36:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Mellow Mushroom Pictures Greenville [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/03/19 15:20:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/03/19 15:18:13 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2012/03/19 15:02:18 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/03/19 14:46:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/03/19 14:26:13 | 000,001,010 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1336601894-725345543-500UA.job [2012/03/19 14:04:25 | 000,000,456 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\MLs25E1fQV00QG [2012/03/19 14:02:44 | 000,000,264 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~MLs25E1fQV00QG [2012/03/19 13:52:08 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~MLs25E1fQV00QGr [2012/03/19 13:51:57 | 000,000,853 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk [2012/03/19 07:34:39 | 000,000,835 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\System Check.lnk [2012/03/19 07:34:31 | 000,352,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\MLs25E1fQV00QG.exe [2012/03/19 07:26:57 | 000,026,590 | -H-- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2012/03/19 07:24:15 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup [2012/03/19 07:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Software995 [2012/03/19 07:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft PaperPort 11.0 [2012/03/19 07:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage Pro 14.0 [2012/03/19 07:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2012/03/19 07:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Passport Web Edition Client [2012/03/19 07:24:14 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games [2012/03/19 07:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero [2012/03/19 07:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office [2012/03/19 07:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/03/19 07:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2012/03/19 07:24:13 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools [2012/03/19 07:24:13 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories [2012/03/19 07:19:06 | 000,450,560 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ldmtqETJLYi.exe [2012/03/19 06:26:00 | 000,000,958 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1336601894-725345543-500Core.job [2012/03/19 06:21:45 | 000,013,312 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/16 09:09:01 | 000,000,354 | -H-- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job [2012/03/16 08:01:28 | 001,880,481 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\HMS-BradyParts Account Statement.pdf [2012/03/15 14:21:18 | 001,448,272 | -H-- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/03/15 11:55:00 | 000,000,037 | -H-- | M] () -- C:\WINDOWS\PVX.INI [2012/03/15 08:14:39 | 001,471,603 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\M-1 rowan bldg 11-3-10.dwg [2012/03/15 07:37:43 | 001,721,266 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Best_Ketchup_Ad_Ever.wmv [2012/03/15 06:57:31 | 000,000,855 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\PM WORK ORDERS.lnk [2012/03/15 06:42:29 | 000,000,142 | -H-- | M] () -- C:\WINDOWS\ccolwiz.ini [2012/03/15 06:40:17 | 005,835,364 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\smithfield+nc+permit+set+mep+3of3+08-16-11_Version_1.pdf [2012/03/15 06:11:46 | 000,370,488 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/03/15 06:06:24 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK [2012/03/12 09:20:01 | 000,000,059 | -H-- | M] () -- C:\WINDOWS\wpd99.drv [2012/03/12 06:06:23 | 000,435,688 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/03/12 06:06:23 | 000,068,584 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/03/08 10:01:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\BRWMARK.INI [2012/03/07 06:48:17 | 000,001,052 | -H-- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk [2012/03/01 13:11:45 | 000,041,522 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Price list East Coast 03.01.12.pdf [2012/03/01 07:57:01 | 000,104,718 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Stamps.pdf [2012/02/29 09:03:07 | 000,288,079 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Katadyn Vario Multi Flow Water Microfilter Amazon.pdf [2012/02/28 08:39:58 | 000,134,958 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\PIPE LABOR CALCULATOR.pdf [2012/02/24 16:16:29 | 003,098,135 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\PNC New Account Information Back Pages.pdf [2012/02/24 16:14:59 | 007,623,706 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\PNC New Account Information Front Pages.pdf [2012/02/24 08:10:18 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2012/02/24 08:10:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf [2012/02/24 08:10:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf [2012/02/23 10:10:20 | 000,000,567 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CAD.lnk [2012/02/23 07:54:34 | 000,000,567 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Drawing.lnk [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/03/19 15:18:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012/03/19 13:51:57 | 000,000,853 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk [2012/03/19 07:34:40 | 000,000,264 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~MLs25E1fQV00QG [2012/03/19 07:34:40 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~MLs25E1fQV00QGr [2012/03/19 07:34:39 | 000,000,835 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\System Check.lnk [2012/03/19 07:34:36 | 000,000,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\MLs25E1fQV00QG [2012/03/19 07:34:31 | 000,352,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\MLs25E1fQV00QG.exe [2012/03/19 07:22:06 | 000,450,560 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ldmtqETJLYi.exe [2012/03/19 06:35:57 | 000,052,569 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\EQUIPMENT SCHEDULES ETC.zip [2012/03/16 08:01:27 | 001,880,481 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\HMS-BradyParts Account Statement.pdf [2012/03/15 08:14:39 | 001,471,603 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\M-1 rowan bldg 11-3-10.dwg [2012/03/15 07:37:40 | 001,721,266 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Best_Ketchup_Ad_Ever.wmv [2012/03/15 06:39:53 | 005,835,364 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\smithfield+nc+permit+set+mep+3of3+08-16-11_Version_1.pdf [2012/03/01 13:11:45 | 000,041,522 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Price list East Coast 03.01.12.pdf [2012/03/01 07:57:00 | 000,104,718 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Stamps.pdf [2012/02/29 09:03:05 | 000,288,079 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Katadyn Vario Multi Flow Water Microfilter Amazon.pdf [2012/02/24 16:16:29 | 003,098,135 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\PNC New Account Information Back Pages.pdf [2012/02/24 16:14:58 | 007,623,706 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\PNC New Account Information Front Pages.pdf [2012/02/24 08:10:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf [2012/02/24 08:10:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf [2012/02/23 15:15:41 | 000,027,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\01017512.xlt [2012/02/23 10:00:33 | 000,000,567 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CAD.lnk [2012/02/23 07:54:34 | 000,000,567 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Drawing.lnk [2012/02/16 06:47:25 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/16 08:59:53 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/10/25 09:10:33 | 000,077,448 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/10/11 14:01:49 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\pdf995.ini [2011/10/06 09:39:16 | 000,051,716 | -H-- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2011/10/06 09:39:16 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\wpd99.drv [2011/09/29 09:02:38 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/09/01 10:23:28 | 000,000,033 | -H-- | C] () -- C:\WINDOWS\BiMonitor.ini [2011/09/01 10:23:27 | 000,031,249 | -H-- | C] () -- C:\WINDOWS\maxlink.ini [2011/06/14 18:38:13 | 001,448,272 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/06/08 16:16:38 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\PVX.INI [2011/06/08 16:08:31 | 000,000,142 | -H-- | C] () -- C:\WINDOWS\ccolwiz.ini [2011/06/08 10:11:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2011/06/08 09:53:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\msicpl.ini [2011/06/08 06:37:55 | 000,000,426 | -H-- | C] () -- C:\WINDOWS\BRWMARK.INI [2011/06/08 06:37:55 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\BD5250DN.DAT [2011/06/07 14:38:28 | 000,013,312 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/06 13:11:57 | 000,131,072 | RH-- | C] () -- C:\WINDOWS\System32\smdll.dll [2011/06/06 13:11:55 | 000,258,048 | RH-- | C] () -- C:\WINDOWS\System32\HookMAp.dll [2011/06/06 13:11:55 | 000,032,768 | RH-- | C] () -- C:\WINDOWS\System32\Auxiliary.dll [2011/06/06 13:11:54 | 000,262,144 | RH-- | C] () -- C:\WINDOWS\System32\HookShield.dll [2011/06/06 13:11:54 | 000,208,896 | RH-- | C] () -- C:\WINDOWS\System32\WinSys2.exe [2011/05/05 18:49:23 | 002,215,364 | -H-- | C] () -- C:\WINDOWS\System32\igklg400.bin [2011/05/05 18:49:23 | 001,971,732 | -H-- | C] () -- C:\WINDOWS\System32\igklg450.bin [2011/05/05 18:49:23 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4924.dll [2011/05/05 18:49:23 | 000,029,932 | -H-- | C] () -- C:\WINDOWS\System32\igmedcompkrn.bin [2011/05/05 17:51:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/05/05 17:47:23 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/05/05 10:43:39 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/05/05 10:41:01 | 000,370,488 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/03/30 23:33:10 | 002,860,384 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll [2009/01/20 13:32:04 | 000,024,056 | -H-- | C] () -- C:\WINDOWS\System32\providers.bin [2008/05/02 23:16:00 | 001,703,936 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/02 23:16:00 | 001,630,208 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008/05/02 23:16:00 | 001,486,848 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll [2008/05/02 23:16:00 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008/05/02 23:16:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/02 23:16:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/02 23:16:00 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008/05/02 23:16:00 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe [2008/05/02 23:16:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/09/07 12:00:44 | 000,257,536 | -H-- | C] () -- C:\WINDOWS\System32\BiImg.dll [2005/09/07 12:00:44 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\JPEG32.DLL [2004/08/03 22:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/03 22:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/03 22:00:00 | 000,435,688 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/03 22:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/03 22:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/03 22:00:00 | 000,068,584 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/03 22:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/03 22:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/03 22:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/03 22:00:00 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/03 22:00:00 | 000,002,505 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/08/03 22:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/03 22:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2001/11/14 13:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2011/06/15 15:13:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk [2011/10/28 12:40:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Avery [2012/03/19 07:27:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox [2011/09/01 10:26:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\LinkManager 4.0 [2011/12/28 10:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Motorola [2011/09/01 10:40:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\OneTouch 4.0 [2011/10/11 14:01:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995 [2011/09/01 10:32:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft [2012/03/02 10:33:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Silver Bullet Technology [2011/06/13 12:04:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2012/03/12 09:20:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2011/09/01 10:41:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2011/09/01 10:26:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Visioneer [2011/10/25 06:35:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/01/27 10:09:02 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job [2012/03/16 09:09:01 | 000,000,354 | -H-- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job [2012/01/27 10:09:01 | 000,000,370 | -H-- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job [2012/03/19 14:46:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004/08/03 22:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008/04/14 08:51:44 | 020,056,462 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008/04/14 08:51:44 | 020,056,462 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/14 03:10:48 | 000,062,976 | -H-- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/14 03:10:48 | 000,062,976 | -H-- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004/08/03 22:00:00 | 000,049,536 | -H-- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/14 08:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/14 08:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2004/08/03 22:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/04/14 08:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008/04/14 08:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe [2012/01/13 15:53:20 | 000,182,856 | -H-- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2004/08/03 22:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/03 22:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 08:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 08:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/03 22:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012/01/13 15:53:20 | 000,182,856 | -H-- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/04/14 08:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 08:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems /s >[/color] "Debug" = "Kmode" = %SystemRoot%\system32\win32k.sys -- [2012/02/03 05:22:18 | 001,860,096 | -H-- | M] (Microsoft Corporation) "Optional" = Posix [binary data] "Posix" = %SystemRoot%\system32\psxss.exe "Required" = DebugWindows [binary data] "Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >[/color] "Type" = 1 "Start" = 1 "ErrorControl" = 1 "Tag" = 5 "ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/14 03:51:02 | 000,162,816 | -H-- | M] (Microsoft Corporation) "DisplayName" = NetBios over Tcpip "Group" = PNP_TDI "DependOnService" = Tcpip [binary data] "DependOnGroup" = [binary data] "Description" = NetBios over Tcpip [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage] "OtherDependencies" = Tcpip [binary data] "Bind" = [Binary data over 100 bytes] "Route" = [Binary data over 100 bytes] "Export" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters] "NbProvider" = _tcp "NameServerPort" = 137 "CacheTimeout" = 600000 "BcastNameQueryCount" = 3 "BcastQueryTimeout" = 750 "NameSrvQueryCount" = 3 "NameSrvQueryTimeout" = 1500 "Size/Small/Medium/Large" = 1 "SessionKeepAlive" = 3600000 "TransportBindName" = \Device\ "EnableLMHOSTS" = 1 "DhcpNodeType" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{08F99A76-9012-4D33-9423-8992940AB0AD}] "NameServerList" = [binary data] "NetbiosOptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1B50A142-61F3-4807-8E35-F64D49B36B3E}] "NameServerList" = [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1EDFE4EC-B9C1-4130-A3BB-85F91A5EF3FB}] "NameServerList" = [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{690C0049-CD53-41C5-9E27-CA19172055B1}] "NameServerList" = [binary data] "NetbiosOptions" = 0 "DhcpNameServerList" = 192.168.1.10 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security] "Security" = [Binary data over 100 bytes] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >[/color] "Type" = 2 "Start" = 1 "ErrorControl" = 1 "Tag" = 1 "ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/14 03:26:04 | 000,034,688 | -H-- | M] (Microsoft Corporation) "DisplayName" = NetBIOS Interface "Group" = NetBIOSGroup "Description" = NetBIOS Interface [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage] "LanaMap" = 01 03 01 00 00 01 00 02 [binary data] "Bind" = [Binary data over 100 bytes] "Route" = [Binary data over 100 bytes] "Export" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters] "MaxLana" = 3 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock] "HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/03 22:00:00 | 000,007,168 | -H-- | M] (Microsoft Corporation) "MaxSockAddrLength" = 20 "MinSockAddrLength" = 20 "Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security] "Security" = [Binary data over 100 bytes] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation) [color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color] Invalid Environment Variable: %Temp%\smtmp\1\*.* Invalid Environment Variable: %Temp%\smtmp\2\*.* Invalid Environment Variable: %Temp%\smtmp\3\*.* Invalid Environment Variable: %Temp%\smtmp\4\*.* [color=#A23BEC]< CREATERESTOREPOINT >[/color] < End of report >