OTL logfile created on: 5/12/2012 9:47:31 AM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\joe brewen\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.17 Mb Total Physical Memory | 475.55 Mb Available Physical Memory | 46.84% Memory free 2.38 Gb Paging File | 1.68 Gb Available in Paging File | 70.42% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.12 Gb Total Space | 14.71 Gb Free Space | 10.21% Space Free | Partition Type: NTFS Computer Name: LIVINGROOM | User Name: joe brewen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/05/12 09:39:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joe brewen\Desktop\OTL.exe PRC - [2012/02/27 09:44:06 | 001,006,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe PRC - [2012/02/27 09:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe PRC - [2011/10/05 00:52:17 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe PRC - [2011/10/05 00:52:17 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\joe brewen\Application Data\HP SimpleSave Application\uUACTokenSvc.exe PRC - [2010/03/08 21:10:05 | 000,283,992 | ---- | M] () -- C:\Program Files\Common Files\eMail ID\IconixService.exe PRC - [2010/03/08 21:10:02 | 000,342,872 | ---- | M] () -- C:\Program Files\eMail ID\OEAddOn\OEdmn_6.exe PRC - [2010/01/29 04:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe PRC - [2008/11/06 12:33:56 | 000,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe PRC - [2008/11/06 12:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011/10/05 00:52:30 | 000,174,624 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll MOD - [2011/10/05 00:52:20 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll MOD - [2011/10/05 00:52:18 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll MOD - [2011/10/05 00:52:17 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll MOD - [2011/10/05 00:52:17 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll MOD - [2011/10/05 00:52:17 | 000,012,288 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_36.dll MOD - [2011/09/27 00:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 00:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011/05/28 15:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2010/03/08 21:10:05 | 000,283,992 | ---- | M] () -- C:\Program Files\Common Files\eMail ID\IconixService.exe MOD - [2010/03/08 21:10:03 | 000,312,152 | ---- | M] () -- C:\Program Files\eMail ID\OEAddOn\OEldr_7.dll MOD - [2010/03/08 21:10:02 | 000,342,872 | ---- | M] () -- C:\Program Files\eMail ID\OEAddOn\OEdmn_6.exe MOD - [2010/01/29 04:23:40 | 000,161,768 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Enumeration.dll MOD - [2010/01/29 04:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe MOD - [2010/01/29 04:17:26 | 000,120,808 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\ClientSocket.dll MOD - [2009/08/27 17:29:08 | 000,182,240 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Parser.dll MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/01/29 06:19:34 | 000,151,552 | ---- | M] () -- C:\Program Files\Trend Micro\RUBotted\libexpat.dll MOD - [2007/12/15 05:41:56 | 000,430,174 | ---- | M] () -- C:\Program Files\Trend Micro\RUBotted\sqlite3.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Documents and Settings\joe brewen\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService) SRV - [2010/03/08 21:10:05 | 000,283,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\eMail ID\IconixService.exe -- (IconixService) SRV - [2009/08/28 17:15:30 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService) SRV - [2008/11/06 12:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio) DRV - File not found [Kernel | Disabled | Running] -- System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln) DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\JOEBRE~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AmUStor.SYS -- (AmUStor) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\9e7ql0ne.sys -- (9e7ql0ne.sys) DRV - [2011/10/05 00:52:22 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2011/10/05 00:52:22 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2011/10/05 00:52:22 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2011/10/05 00:52:22 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2009/08/25 20:08:51 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2009/08/25 20:08:51 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) DRV - [2009/07/10 21:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2009/07/06 03:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009/04/27 07:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/03/14 02:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009/03/13 19:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009/03/02 01:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009/02/06 21:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2008/11/19 04:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf) DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008/04/08 18:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) DRV - [2008/03/02 04:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthruMP) DRV - [2008/03/02 04:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthru) DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8MP IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 9A 8B EE D9 7E CC 01 [binary data] IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559 IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\joe brewen\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/05/11 07:44:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/01 15:07:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/05/11 07:45:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 14:43:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/01 15:07:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/28 09:13:58 | 000,000,000 | ---D | M] [2011/10/03 14:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joe brewen\Application Data\Mozilla\Extensions [2012/04/23 13:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/23 13:34:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/03/01 15:07:29 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2010/02/03 19:13:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012/05/11 07:44:41 | 000,000,000 | ---D | M] (Trend Micro BEP Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.1.1102\7.1.1102\FIREFOXEXTENSION [2012/05/11 07:45:46 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\FXEXT\FIREFOXEXTENSION [2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\joe brewen\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\joe brewen\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Documents and Settings\joe brewen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\joe brewen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\joe brewen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Documents and Settings\joe brewen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (IconixBHOClass Class) - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_46.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O3 - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [IconixOEAddOn] C:\Program Files\eMail ID\OEAddOn\OEdmn_6.exe () O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe () O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKU\S-1-5-21-4197362544-953040410-2358175516-1006..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found O4 - HKU\S-1-5-21-4197362544-953040410-2358175516-1006..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKU\S-1-5-21-4197362544-953040410-2358175516-1006..\Run: [Facebook Update] C:\Documents and Settings\joe brewen\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_46.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_46.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\..Trusted Domains: syncada.com ([network] https in Trusted sites) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5920/mcfscan.cab (McFreeScan Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.207.234.14 66.207.224.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA927C5B-ABF8-4137-918C-402BBEB075FE}: DhcpNameServer = 66.207.234.14 66.207.224.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\joe brewen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\joe brewen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/08/11 09:16:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{2d7a9c82-b2c3-11df-aa40-0025d38bf17d}\Shell - "" = AutoRun O33 - MountPoints2\{2d7a9c82-b2c3-11df-aa40-0025d38bf17d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2d7a9c82-b2c3-11df-aa40-0025d38bf17d}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{55a0f828-1111-11e0-aa67-0025d38bf17d}\Shell\AutoRun\command - "" = F:\PMBP_Win.exe O33 - MountPoints2\{5f1b6854-a34e-11df-aa32-0025d38bf17d}\Shell\AutoRun\command - "" = WDSetup.exe O33 - MountPoints2\{7489f2b6-3d09-11e0-aa83-0025d38bf17d}\Shell - "" = AutoRun O33 - MountPoints2\{7489f2b6-3d09-11e0-aa83-0025d38bf17d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7489f2b6-3d09-11e0-aa83-0025d38bf17d}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{fb1cff58-6042-11e0-aa99-0025d38bf17d}\Shell - "" = AutoRun O33 - MountPoints2\{fb1cff58-6042-11e0-aa99-0025d38bf17d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fb1cff58-6042-11e0-aa99-0025d38bf17d}\Shell\AutoRun\command - "" = E:\HPLauncher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-4197362544-953040410-2358175516-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Unable to start System Restore Service. Error code 1056 [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/05/12 09:39:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\joe brewen\Desktop\OTL.exe [2012/05/12 08:08:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\joe brewen\Desktop\aswMBR.exe [2012/05/10 20:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2012/05/10 20:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft [2012/05/10 20:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2012/05/10 20:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE [2012/05/10 20:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6 [2012/05/07 21:26:51 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hppldcoi.dll [2012/04/23 13:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/04/23 13:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/05/12 09:39:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joe brewen\Desktop\OTL.exe [2012/05/12 09:38:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\joe brewen\Desktop\MBR.dat [2012/05/12 08:41:12 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4197362544-953040410-2358175516-1006UA.job [2012/05/12 08:08:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\joe brewen\Desktop\aswMBR.exe [2012/05/12 08:07:30 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5F0E6D44-3077-41FB-8340-F45E75F16DAC}.job [2012/05/11 20:41:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4197362544-953040410-2358175516-1006Core.job [2012/05/11 08:05:33 | 000,006,529 | ---- | M] () -- C:\Documents and Settings\joe brewen\My Documents\[isoHunt] Sunbelt_CounterSpy_Antispyware_4.0.3904___Keygen_[RH].5828600.TPB.torrent [2012/05/11 07:47:45 | 000,114,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/05/11 07:47:45 | 000,043,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/05/11 07:42:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/05/11 07:42:48 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/05/11 03:21:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/05/10 19:25:43 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\joe brewen\Desktop\HiJackThis.lnk [2012/05/10 09:14:58 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/05/08 21:20:55 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\joe brewen\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2012/05/08 21:20:55 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk [2012/05/08 20:53:57 | 003,006,984 | ---- | M] () -- C:\Documents and Settings\joe brewen\My Documents\aresregular218_installer.exe [2012/05/07 21:30:46 | 000,173,046 | ---- | M] () -- C:\WINDOWS\hpoins46.dat [2012/05/07 21:20:58 | 060,341,952 | ---- | M] () -- C:\Documents and Settings\joe brewen\My Documents\PS_AIO_07_D110_USW_Basic_Win_enu_140_126.exe [2012/05/07 21:12:15 | 048,220,160 | ---- | M] () -- C:\Documents and Settings\joe brewen\My Documents\ePrint_mobile-driver-win.exe [2012/05/02 15:22:51 | 000,042,462 | ---- | M] () -- C:\Documents and Settings\joe brewen\My Documents\3289382.pdf [2012/05/02 15:16:10 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\joe brewen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/28 18:29:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/04/25 19:24:03 | 000,360,763 | ---- | M] () -- C:\Documents and Settings\joe brewen\Desktop\Joe'sMWTuxsizes.pdf [2012/04/25 08:18:35 | 001,590,552 | ---- | M] () -- C:\Documents and Settings\joe brewen\My Documents\dtr_part_iv_app_k_3.pdf [2012/04/20 09:02:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/04/16 22:30:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/05/12 09:38:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\joe brewen\Desktop\MBR.dat [2012/05/11 08:05:45 | 000,006,529 | ---- | C] () -- C:\Documents and Settings\joe brewen\My Documents\[isoHunt] Sunbelt_CounterSpy_Antispyware_4.0.3904___Keygen_[RH].5828600.TPB.torrent [2012/05/08 20:54:01 | 003,006,984 | ---- | C] () -- C:\Documents and Settings\joe brewen\My Documents\aresregular218_installer.exe [2012/05/07 21:24:28 | 000,173,046 | ---- | C] () -- C:\WINDOWS\hpoins46.dat [2012/05/07 21:24:28 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat [2012/05/07 21:20:58 | 060,341,952 | ---- | C] () -- C:\Documents and Settings\joe brewen\My Documents\PS_AIO_07_D110_USW_Basic_Win_enu_140_126.exe [2012/05/07 21:12:15 | 048,220,160 | ---- | C] () -- C:\Documents and Settings\joe brewen\My Documents\ePrint_mobile-driver-win.exe [2012/05/07 20:55:11 | 000,205,870 | ---- | C] () -- C:\WINDOWS\hpoins46.dat.temp [2012/05/07 20:55:11 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat.temp [2012/05/02 15:23:00 | 000,042,462 | ---- | C] () -- C:\Documents and Settings\joe brewen\My Documents\3289382.pdf [2012/04/25 19:24:11 | 000,360,763 | ---- | C] () -- C:\Documents and Settings\joe brewen\Desktop\Joe'sMWTuxsizes.pdf [2012/04/25 08:18:34 | 001,590,552 | ---- | C] () -- C:\Documents and Settings\joe brewen\My Documents\dtr_part_iv_app_k_3.pdf [2012/03/03 12:23:21 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012/02/16 12:19:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/12/27 14:31:20 | 004,342,784 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll [2011/12/27 14:31:04 | 000,135,680 | ---- | C] () -- C:\WINDOWS\System32\IntelQuickSyncDecoder.dll [2011/12/21 12:10:32 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll [2011/12/21 12:10:26 | 006,266,784 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-53.dll [2011/12/21 12:10:26 | 000,977,648 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-53.dll [2011/12/21 12:10:26 | 000,353,984 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll [2011/12/21 12:10:26 | 000,202,728 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll [2011/12/21 12:10:26 | 000,127,384 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll [2011/12/20 14:50:04 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/12/20 14:49:56 | 000,099,328 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2011/12/20 14:49:54 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2011/12/20 14:49:54 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2011/12/20 14:49:52 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2011/12/20 14:49:52 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2011/12/20 14:49:52 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2011/12/20 14:49:50 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2011/12/20 14:49:50 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2011/12/20 14:49:50 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2011/10/05 11:41:04 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat [2011/09/08 10:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll [2011/09/08 10:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2011/09/08 10:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll [2011/09/08 10:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll [2011/09/08 10:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe [2011/09/08 10:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2011/09/08 10:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe [2011/09/08 10:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe [2011/09/08 09:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2011/09/08 09:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2011/06/05 09:03:04 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys [2011/05/30 09:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011/05/23 03:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011/03/03 07:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2011/03/03 07:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll [2011/03/03 07:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll [2010/10/31 13:22:33 | 000,054,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/09/24 17:16:18 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\joe brewen\Application Data\CountdownProPrefs.cdp [2010/08/18 15:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini [2010/06/12 15:44:51 | 000,077,377 | ---- | C] () -- C:\WINDOWS\hpqins05.dat [color=#E56717]========== LOP Check ==========[/color] [2012/01/04 00:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin [2010/03/08 21:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eMail ID [2012/05/10 20:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2012/05/10 20:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2009/08/20 08:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver [2011/07/06 15:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE [2010/09/09 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/05/11 18:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\BitTorrent [2011/01/02 15:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\BSplayer Pro [2010/02/15 00:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\eMail ID [2012/02/25 12:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\Garmin [2010/08/27 21:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\Leadertech [2012/03/03 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\Leawo [2010/12/31 20:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\Local [2012/03/03 11:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\NewzToolz [2011/04/10 10:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\PriceGong [2011/05/30 14:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\StreamTorrent [2012/03/03 12:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\tiger-k [2010/03/13 17:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joe brewen\Application Data\uTorrent [2012/05/11 20:41:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4197362544-953040410-2358175516-1006Core.job [2012/05/12 08:41:12 | 000,001,018 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4197362544-953040410-2358175516-1006UA.job [2012/05/12 08:07:30 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5F0E6D44-3077-41FB-8340-F45E75F16DAC}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >[/color] "Type" = 1 "Start" = 1 "ErrorControl" = 1 "Tag" = 5 "ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/14 08:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) "DisplayName" = NetBios over Tcpip "Group" = PNP_TDI "DependOnService" = Tcpip [binary data] "DependOnGroup" = [binary data] "Description" = NetBios over Tcpip [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage] "OtherDependencies" = Tcpip [binary data] "Bind" = [Binary data over 100 bytes] "Route" = [Binary data over 100 bytes] "Export" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters] "NbProvider" = _tcp "NameServerPort" = 137 "CacheTimeout" = 600000 "BcastNameQueryCount" = 3 "BcastQueryTimeout" = 750 "NameSrvQueryCount" = 3 "NameSrvQueryTimeout" = 1500 "Size/Small/Medium/Large" = 1 "SessionKeepAlive" = 3600000 "TransportBindName" = \Device\ "EnableLMHOSTS" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{20FCB5D7-CEED-4733-BC7F-2AA9043E427B}] "NameServerList" = [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{28A7C8F5-3FCA-45EE-8314-8EB2AC31ECCA}] "NameServerList" = [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7706CF45-B434-4106-BF83-D3E84CE259F9}] "NameServerList" = [binary data] "NetbiosOptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{CFADE86D-0DEA-40C8-9562-B63A2EF8151B}] "NameServerList" = [binary data] "NetbiosOptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DA927C5B-ABF8-4137-918C-402BBEB075FE}] "NameServerList" = [binary data] "NetbiosOptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security] "Security" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum] "0" = Root\LEGACY_NETBT\0000 "Count" = 1 "NextInstance" = 1 [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >[/color] "Type" = 2 "Start" = 1 "ErrorControl" = 1 "Tag" = 1 "ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/14 08:00:00 | 000,034,688 | ---- | M] (Microsoft Corporation) "DisplayName" = NetBIOS Interface "Group" = NetBIOSGroup "Description" = NetBIOS Interface [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage] "LanaMap" = 01 05 01 04 01 00 00 01 00 02 [binary data] "Bind" = [Binary data over 100 bytes] "Route" = [Binary data over 100 bytes] "Export" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters] "MaxLana" = 5 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock] "HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2008/04/14 08:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) "MaxSockAddrLength" = 20 "MinSockAddrLength" = 20 "Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security] "Security" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum] "0" = Root\LEGACY_NETBIOS\0000 "Count" = 1 "NextInstance" = 1 [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 17:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 02:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 17:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color] [color=#A23BEC]< C:\Program Files\Common Files\ComObjects\*.* /s >[/color] [color=#A23BEC]< C:\windows\*. /RP /s >[/color] [color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color] [color=#A23BEC]< type c:\diskreport.txt /c >[/color] Microsoft DiskPart version 5.1.3565 Copyright (C) 1999-2003 Microsoft Corporation. On computer: LIVINGROOM Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volume 0 C NTFS Partition 144 GB Healthy System [color=#A23BEC]< >[/color] [color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color] [C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction [C:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction < End of report >