OTL logfile created on: 6/14/2013 5:18:51 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.08% Memory free 4.21 Gb Paging File | 2.69 Gb Available in Paging File | 64.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 7.33 Gb Free Space | 9.84% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/06/14 15:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2013/06/11 19:35:41 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe PRC - [2013/05/15 12:38:24 | 001,298,240 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2013/05/15 10:09:14 | 000,806,776 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe PRC - [2013/03/06 07:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) -- C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe PRC - [2013/01/24 11:45:24 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe PRC - [2012/08/08 17:27:06 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/04/24 02:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/04/20 21:51:46 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011/04/20 21:51:45 | 001,378,040 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/04/04 18:35:29 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2007/08/15 13:33:20 | 000,192,512 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2007/06/12 18:50:30 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/06/12 18:50:28 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007/03/23 19:04:54 | 004,423,680 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006/12/26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2006/11/17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2006/08/29 09:26:32 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe PRC - [2005/07/25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/04/20 21:51:58 | 000,250,736 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll MOD - [2010/01/23 15:45:41 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2006/08/29 09:26:32 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe MOD - [2005/07/25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2013/06/11 19:35:42 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/15 10:09:14 | 000,806,776 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2013/03/06 07:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service) SRV - [2013/01/24 11:45:24 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks) SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/12/22 06:06:00 | 003,935,448 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011/04/20 21:51:45 | 001,378,040 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/06/12 18:50:30 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2006/11/17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sertouch.sys -- (sertouch) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\NetmarbleGlobal\GV Online Eg\GameGuard\dump_wmimmc.sys -- (dump_wmimmc) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013/05/03 04:07:12 | 000,024,704 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtscsibus.sys -- (dtscsibus) DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/11/03 22:03:36 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/06/16 21:16:16 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd) DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008/01/19 02:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem) DRV - [2007/05/03 12:21:08 | 000,029,056 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C) DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtipci21.sys -- (GTIPCI21) DRV - [2005/01/02 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) DRV - [2003/04/28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={10880EA7-B3D1-11E2-AFBB-000AE41569CF} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={10880EA7-B3D1-11E2-AFBB-000AE41569CF} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\..\SearchScopes,DefaultScope = {E890BF81-D6EA-4B52-A914-C30C1214229D} IE - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\..\SearchScopes\{E890BF81-D6EA-4B52-A914-C30C1214229D}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} IE - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={10880EA7-B3D1-11E2-AFBB-000AE41569CF} IE - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/31 04:03:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/05/03 04:09:35 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={10880EA7-B3D1-11E2-AFBB-000AE41569CF} CHR - homepage: http://search.yahoo.com?type=994519&fr=spigot-yhp-ch CHR - Extension: Updater By SweetPacks = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.566_0\ O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O2 - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000..\Run: [DAEMON Tools Ultra Agent] C:\Program Files\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd) O4 - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found O4 - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe File not found O4 - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000..\Run: [SubliminalEzy] C:\Program Files\SubliminalEzy\SubLiminalEzy.exe File not found O4 - HKU\S-1-5-21-3737368752-3882928279-3981311943-1000..\Run: [user] C:\Users\user\user.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0E2C268-B05E-4D37-BB70-9CB67D6C68BB}: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4509575-F103-48EB-BF49-C11F580A3D64}: DhcpNameServer = 192.168.0.1 205.171.2.25 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{230945fc-b2a7-11e2-afbb-000ae41569cf}\Shell - "" = AutoRun O33 - MountPoints2\{230945fc-b2a7-11e2-afbb-000ae41569cf}\Shell\AutoRun\command - "" = E:\LaunchEAWG.exe O33 - MountPoints2\{996b22a3-9862-11de-bdc2-000ae41569cf}\Shell\Auto\command - "" = Start.exe O33 - MountPoints2\{996b22a3-9862-11de-bdc2-000ae41569cf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe O33 - MountPoints2\{996b232b-9862-11de-bdc2-000ae41569cf}\Shell - "" = AutoRun O33 - MountPoints2\{996b232b-9862-11de-bdc2-000ae41569cf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{ddae6204-9864-11de-9864-000ae41569cf}\Shell\Auto\command - "" = Start.exe O33 - MountPoints2\{ddae6204-9864-11de-9864-000ae41569cf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe O33 - MountPoints2\{ddae6214-9864-11de-9864-000ae41569cf}\Shell - "" = AutoRun O33 - MountPoints2\{ddae6214-9864-11de-9864-000ae41569cf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{fa8782b6-9855-11de-b229-000ae41569cf}\Shell\Auto\command - "" = Start.exe O33 - MountPoints2\{fa8782b6-9855-11de-b229-000ae41569cf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Installer.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/06/14 15:21:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013/06/14 15:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/06/14 15:08:14 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/06/14 15:08:03 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/06/14 15:08:03 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/06/14 15:08:03 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/06/13 03:04:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/06/13 03:04:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/06/13 03:04:27 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/06/13 03:04:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/06/13 03:04:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/06/13 03:04:26 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/06/13 03:04:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/06/13 03:04:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/06/12 08:10:21 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2013/06/12 08:10:17 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013/06/12 08:10:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013/06/12 08:10:13 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/06/12 08:10:12 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/06/10 04:30:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Slick Savings [2013/06/10 04:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze Remote Toolbar [2013/06/10 04:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2013/06/10 04:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/06/14 16:55:30 | 000,006,384 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/14 16:55:30 | 000,006,384 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/14 16:35:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/14 15:43:40 | 002,092,792 | ---- | M] () -- C:\Users\user\Desktop\avira_free_antivirus.exe [2013/06/14 15:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013/06/14 15:07:49 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/06/14 15:07:45 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/06/14 15:07:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/06/14 15:07:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/06/14 15:07:43 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013/06/14 15:07:43 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/06/14 11:59:59 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Security Platform Backup Schedule.job [2013/06/13 03:23:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/13 03:23:03 | 2136,973,312 | -HS- | M] () -- C:\hiberfil.sys [2013/06/11 19:35:41 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/06/11 19:35:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/06/11 18:32:10 | 000,222,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/06/03 15:40:57 | 000,000,838 | ---- | M] () -- C:\Users\user\Desktop\Star Trek Online.lnk [2013/05/26 21:19:52 | 000,000,881 | ---- | M] () -- C:\Users\user\Desktop\Document.rtf [2013/05/26 14:35:26 | 000,648,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/05/26 14:35:26 | 000,122,302 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/05/25 14:47:11 | 108,941,349 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/05/16 17:39:39 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/05/16 17:27:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/05/16 17:26:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/05/16 17:23:35 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/05/16 17:21:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/05/16 17:19:25 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/05/16 17:16:57 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/05/16 17:12:55 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/06/14 15:43:40 | 002,092,792 | ---- | C] () -- C:\Users\user\Desktop\avira_free_antivirus.exe [2013/06/11 18:31:57 | 2136,973,312 | -HS- | C] () -- C:\hiberfil.sys [2013/06/03 15:40:57 | 000,000,838 | ---- | C] () -- C:\Users\user\Desktop\Star Trek Online.lnk [2013/05/26 21:19:52 | 000,000,881 | ---- | C] () -- C:\Users\user\Desktop\Document.rtf [2013/04/23 18:44:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\p6N6d7.dat [2013/04/23 18:43:50 | 000,000,001 | ---- | C] () -- C:\ProgramData\cY1532y3.exe_.b [2013/04/23 18:43:50 | 000,000,001 | ---- | C] () -- C:\ProgramData\cY1532y3.exe.b [2010/07/04 14:47:57 | 000,851,968 | -HS- | C] () -- C:\Users\user\ehthumbs_vista.db [2009/09/06 14:09:51 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat [2009/09/04 09:40:44 | 000,053,248 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/02 20:53:30 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "" = C:\Users\user\AppData\Local\Temp\scupyeb\siqcxpw\wow.dll [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2009/09/28 11:59:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\acccore [2013/06/10 04:36:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus [2013/05/03 04:18:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Ultra [2011/04/04 16:47:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HandBrake [2009/09/02 22:48:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Infineon [2010/05/22 04:36:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\iWin [2009/09/27 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech [2013/05/05 21:17:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Petroglyph [2012/08/10 15:08:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SecondLife [2013/02/17 19:42:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\thriXXX [2009/09/02 21:50:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TMP [2012/07/22 04:31:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Utherverse [2012/08/30 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\wargaming.net [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Base Services ==========[/color] SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc) SRV - [2008/01/19 02:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo) SRV - [2008/01/19 02:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG) SRV - [2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS) SRV - [2009/04/11 01:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE) SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso) SRV - [2009/04/11 01:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem) SRV - [2008/01/19 02:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser) SRV - [2013/04/23 23:00:30 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc) SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch) SRV - [2009/04/11 01:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp) SRV - [2011/03/02 10:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache) SRV - [2008/01/19 02:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost) SRV - [2009/04/11 01:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv) SRV - [2008/01/19 02:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2009/04/11 01:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV - [2009/04/11 01:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv) SRV - [2008/01/19 02:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS) SRV - [2008/01/19 02:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman) SRV - [2008/01/19 02:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm) SRV - [2008/01/19 02:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc) SRV - [2008/01/19 02:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi) SRV - [2009/04/11 01:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay) SRV - [2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler) SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage) SRV - [2009/04/11 01:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt) SRV - [2008/01/19 02:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto) SRV - [2009/04/11 01:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan) SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs) SRV - [2008/01/19 02:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon) SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs) SRV - [2009/04/11 01:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc) SRV - [2010/09/06 11:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer) SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection) SRV - [2009/04/11 01:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc) SRV - [2010/11/04 13:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule) SRV - [2009/04/11 01:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv) SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes) SRV - [2009/04/11 01:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc) SRV - [2009/04/11 01:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS) SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv) SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder) SRV - [2008/01/19 02:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC) SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/04/11 01:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog) SRV - [2009/04/11 01:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc) SRV - [2009/04/11 01:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc) SRV - [2009/04/11 01:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver) SRV - [2009/04/11 01:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt) SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv) SRV - [2009/04/11 01:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc) SRV - [2009/07/11 14:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc) SRV - [2009/09/03 05:40:09 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation) [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2009/09/03 05:12:52 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009/09/03 05:12:49 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009/09/03 05:12:48 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/09/03 06:15:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2009/09/03 06:15:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009/09/03 05:12:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old\Windows\explorer.exe [2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [color=#A23BEC]< MD5 for: SERVICES >[/color] [2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services [2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2008/01/19 02:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [2006/11/02 04:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe [2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe [2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe [color=#A23BEC]< MD5 for: SERVICES.EXE.MUI >[/color] [2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Users\user\AppData\Local\Temp\services.exe.mui [2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows.old\Documents and Settings\user\AppData\Local\Temp\services.exe.mui [2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui [2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui [color=#A23BEC]< MD5 for: SERVICES.LNK >[/color] [2009/09/09 02:29:50 | 000,001,688 | ---- | M] () MD5=8C20B9A953CE3F6B6569C8810FC02638 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/09/09 02:29:50 | 000,001,688 | ---- | M] () MD5=8C20B9A953CE3F6B6569C8810FC02638 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/09/09 02:29:50 | 000,001,688 | ---- | M] () MD5=8C20B9A953CE3F6B6569C8810FC02638 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/09/09 02:29:50 | 000,001,688 | ---- | M] () MD5=8C20B9A953CE3F6B6569C8810FC02638 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/09/09 02:29:50 | 000,001,688 | ---- | M] () MD5=8C20B9A953CE3F6B6569C8810FC02638 -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk [2009/09/09 02:29:50 | 000,001,688 | ---- | M] () MD5=8C20B9A953CE3F6B6569C8810FC02638 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [color=#A23BEC]< MD5 for: SERVICES.MOF >[/color] [2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof [2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof [2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof [2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof [color=#A23BEC]< MD5 for: SERVICES.MSC >[/color] [2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc [2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc [2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc [2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc [2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc [color=#A23BEC]< MD5 for: SERVICES.SBS >[/color] [2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe [2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe [2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#A23BEC]< dir "%systemdrive%\*" /S /A:L /C >[/color] Volume in drive C has no label. Volume Serial Number is E0E3-ADC4 Directory of C:\ 11/02/2006 08:02 AM Documents and Settings [C:\Users] 0 File(s) 0 bytes Directory of C:\ProgramData 11/02/2006 08:02 AM Application Data [C:\ProgramData] 11/02/2006 08:02 AM Desktop [C:\Users\Public\Desktop] 11/02/2006 08:02 AM Documents [C:\Users\Public\Documents] 11/02/2006 08:02 AM Favorites [C:\Users\Public\Favorites] 11/02/2006 08:02 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 11/02/2006 08:02 AM Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users 11/02/2006 08:02 AM All Users [C:\ProgramData] 11/02/2006 08:02 AM Default User [C:\Users\Default] 0 File(s) 0 bytes Directory of C:\Users\All Users 11/02/2006 08:02 AM Application Data [C:\ProgramData] 11/02/2006 08:02 AM Desktop [C:\Users\Public\Desktop] 11/02/2006 08:02 AM Documents [C:\Users\Public\Documents] 11/02/2006 08:02 AM Favorites [C:\Users\Public\Favorites] 11/02/2006 08:02 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 11/02/2006 08:02 AM Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default 11/02/2006 08:02 AM Application Data [C:\Users\Default\AppData\Roaming] 11/02/2006 08:02 AM Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 11/02/2006 08:02 AM Local Settings [C:\Users\Default\AppData\Local] 11/02/2006 08:02 AM My Documents [C:\Users\Default\Documents] 11/02/2006 08:02 AM NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 11/02/2006 08:02 AM PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 11/02/2006 08:02 AM Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 11/02/2006 08:02 AM SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 11/02/2006 08:02 AM Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 11/02/2006 08:02 AM Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local 11/02/2006 08:02 AM Application Data [C:\Users\Default\AppData\Local] 11/02/2006 08:02 AM History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 11/02/2006 08:02 AM Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Default\Documents 11/02/2006 08:02 AM My Music [C:\Users\Default\Music] 11/02/2006 08:02 AM My Pictures [C:\Users\Default\Pictures] 11/02/2006 08:02 AM My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\Mcx1 11/14/2010 02:06 AM Application Data [C:\Users\Mcx1\AppData\Roaming] 11/14/2010 02:06 AM Cookies [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Cookies] 11/14/2010 02:06 AM Local Settings [C:\Users\Mcx1\AppData\Local] 11/14/2010 02:06 AM My Documents [C:\Users\Mcx1\Documents] 11/14/2010 02:06 AM NetHood [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 11/14/2010 02:06 AM PrintHood [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 11/14/2010 02:06 AM Recent [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Recent] 11/14/2010 02:06 AM SendTo [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\SendTo] 11/14/2010 02:06 AM Start Menu [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu] 11/14/2010 02:06 AM Templates [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Mcx1\AppData\Local 11/14/2010 02:06 AM Application Data [C:\Users\Mcx1\AppData\Local] 11/14/2010 02:06 AM History [C:\Users\Mcx1\AppData\Local\Microsoft\Windows\History] 11/14/2010 02:06 AM Temporary Internet Files [C:\Users\Mcx1\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Mcx1\Documents 11/14/2010 02:06 AM My Music [C:\Users\Mcx1\Music] 11/14/2010 02:06 AM My Pictures [C:\Users\Mcx1\Pictures] 11/14/2010 02:06 AM My Videos [C:\Users\Mcx1\Videos] 0 File(s) 0 bytes Directory of C:\Users\Public\Documents 11/02/2006 08:02 AM My Music [C:\Users\Public\Music] 11/02/2006 08:02 AM My Pictures [C:\Users\Public\Pictures] 11/02/2006 08:02 AM My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Users\user 09/02/2009 08:53 PM Application Data [C:\Users\user\AppData\Roaming] 09/02/2009 08:53 PM Cookies [C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies] 09/02/2009 08:53 PM Local Settings [C:\Users\user\AppData\Local] 09/02/2009 08:53 PM My Documents [C:\Users\user\Documents] 09/02/2009 08:53 PM NetHood [C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 09/02/2009 08:53 PM PrintHood [C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 09/02/2009 08:53 PM Recent [C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent] 09/02/2009 08:53 PM SendTo [C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo] 09/02/2009 08:53 PM Start Menu [C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu] 09/02/2009 08:53 PM Templates [C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\user\AppData\Local 09/02/2009 08:53 PM Application Data [C:\Users\user\AppData\Local] 09/02/2009 08:53 PM History [C:\Users\user\AppData\Local\Microsoft\Windows\History] 09/02/2009 08:53 PM Temporary Internet Files [C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\user\AppData\LocalLow 06/14/2010 11:21 PM PlayReady [C:\ProgramData\Microsoft\PlayReady] 0 File(s) 0 bytes Directory of C:\Users\user\Documents 09/02/2009 08:53 PM My Music [C:\Users\user\Music] 09/02/2009 08:53 PM My Pictures [C:\Users\user\Pictures] 09/02/2009 08:53 PM My Videos [C:\Users\user\Videos] 0 File(s) 0 bytes Directory of C:\Windows.old 11/02/2006 08:02 AM Documents and Settings [C:\Users] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings 11/02/2006 08:02 AM All Users [C:\ProgramData] 11/02/2006 08:02 AM Default User [C:\Users\Default] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\All Users 11/02/2006 08:02 AM Application Data [C:\ProgramData] 11/02/2006 08:02 AM Desktop [C:\Users\Public\Desktop] 11/02/2006 08:02 AM Documents [C:\Users\Public\Documents] 11/02/2006 08:02 AM Favorites [C:\Users\Public\Favorites] 11/02/2006 08:02 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 11/02/2006 08:02 AM Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\Default 11/02/2006 08:02 AM Application Data [C:\Users\Default\AppData\Roaming] 11/02/2006 08:02 AM Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 11/02/2006 08:02 AM Local Settings [C:\Users\Default\AppData\Local] 11/02/2006 08:02 AM My Documents [C:\Users\Default\Documents] 11/02/2006 08:02 AM NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 11/02/2006 08:02 AM PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 11/02/2006 08:02 AM Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 11/02/2006 08:02 AM SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 11/02/2006 08:02 AM Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 11/02/2006 08:02 AM Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local 11/02/2006 08:02 AM Application Data [C:\Users\Default\AppData\Local] 11/02/2006 08:02 AM History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 11/02/2006 08:02 AM Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\Default\Documents 11/02/2006 08:02 AM My Music [C:\Users\Default\Music] 11/02/2006 08:02 AM My Pictures [C:\Users\Default\Pictures] 11/02/2006 08:02 AM My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\Mcx1 11/14/2010 02:06 AM Application Data [C:\Users\Mcx1\AppData\Roaming] 11/14/2010 02:06 AM Cookies [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Cookies] 11/14/2010 02:06 AM Local Settings [C:\Users\Mcx1\AppData\Local] 11/14/2010 02:06 AM My Documents [C:\Users\Mcx1\Documents] 11/14/2010 02:06 AM NetHood [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 11/14/2010 02:06 AM PrintHood [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 11/14/2010 02:06 AM Recent [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Recent] 11/14/2010 02:06 AM SendTo [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\SendTo] 11/14/2010 02:06 AM Start Menu [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu] 11/14/2010 02:06 AM Templates [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\Mcx1\AppData\Local 11/14/2010 02:06 AM Application Data [C:\Users\Mcx1\AppData\Local] 11/14/2010 02:06 AM History [C:\Users\Mcx1\AppData\Local\Microsoft\Windows\History] 11/14/2010 02:06 AM Temporary Internet Files [C:\Users\Mcx1\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\Mcx1\Documents 11/14/2010 02:06 AM My Music [C:\Users\Mcx1\Music] 11/14/2010 02:06 AM My Pictures [C:\Users\Mcx1\Pictures] 11/14/2010 02:06 AM My Videos [C:\Users\Mcx1\Videos] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\Public\Documents 11/02/2006 08:02 AM My Music [C:\Users\Public\Music] 11/02/2006 08:02 AM My Pictures [C:\Users\Public\Pictures] 11/02/2006 08:02 AM My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\user 09/02/2009 08:53 PM Application Data [C:\Users\user\AppData\Roaming] 09/02/2009 08:53 PM Cookies [C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies] 09/02/2009 08:53 PM Local Settings [C:\Users\user\AppData\Local] 09/02/2009 08:53 PM My Documents [C:\Users\user\Documents] 09/02/2009 08:53 PM NetHood [C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 09/02/2009 08:53 PM PrintHood [C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 09/02/2009 08:53 PM Recent [C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent] 09/02/2009 08:53 PM SendTo [C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo] 09/02/2009 08:53 PM Start Menu [C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu] 09/02/2009 08:53 PM Templates [C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\user\AppData\Local 09/02/2009 08:53 PM Application Data [C:\Users\user\AppData\Local] 09/02/2009 08:53 PM History [C:\Users\user\AppData\Local\Microsoft\Windows\History] 09/02/2009 08:53 PM Temporary Internet Files [C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\user\AppData\LocalLow 06/14/2010 11:21 PM PlayReady [C:\ProgramData\Microsoft\PlayReady] 0 File(s) 0 bytes Directory of C:\Windows.old\Documents and Settings\user\Documents 09/02/2009 08:53 PM My Music [C:\Users\user\Music] 09/02/2009 08:53 PM My Pictures [C:\Users\user\Pictures] 09/02/2009 08:53 PM My Videos [C:\Users\user\Videos] 0 File(s) 0 bytes Directory of C:\Windows.old\ProgramData 11/02/2006 08:02 AM Application Data [C:\ProgramData] 11/02/2006 08:02 AM Desktop [C:\Users\Public\Desktop] 11/02/2006 08:02 AM Documents [C:\Users\Public\Documents] 11/02/2006 08:02 AM Favorites [C:\Users\Public\Favorites] 11/02/2006 08:02 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 11/02/2006 08:02 AM Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows.old\ProgramData\Application Data 11/02/2006 08:02 AM Application Data [C:\ProgramData] 11/02/2006 08:02 AM Desktop [C:\Users\Public\Desktop] 11/02/2006 08:02 AM Documents [C:\Users\Public\Documents] 11/02/2006 08:02 AM Favorites [C:\Users\Public\Favorites] 11/02/2006 08:02 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 11/02/2006 08:02 AM Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows.old\ProgramData\Documents 11/02/2006 08:02 AM My Music [C:\Users\Public\Music] 11/02/2006 08:02 AM My Pictures [C:\Users\Public\Pictures] 11/02/2006 08:02 AM My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Windows.old\Users 11/02/2006 08:02 AM All Users [C:\ProgramData] 11/02/2006 08:02 AM Default User [C:\Users\Default] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Administrator 11/02/2006 08:03 AM Application Data [C:\Users\Administrator\AppData\Roaming] 11/02/2006 08:03 AM Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies] 11/02/2006 08:03 AM Local Settings [C:\Users\Administrator\AppData\Local] 11/02/2006 08:03 AM My Documents [C:\Users\Administrator\Documents] 11/02/2006 08:03 AM NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 11/02/2006 08:03 AM PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 11/02/2006 08:03 AM Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent] 11/02/2006 08:03 AM SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo] 11/02/2006 08:03 AM Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu] 11/02/2006 08:03 AM Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Administrator\AppData\Local 11/02/2006 08:03 AM Application Data [C:\Users\Administrator\AppData\Local] 11/02/2006 08:03 AM History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History] 11/02/2006 08:03 AM Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Administrator\Documents 11/02/2006 08:03 AM My Music [C:\Users\Administrator\Music] 11/02/2006 08:03 AM My Pictures [C:\Users\Administrator\Pictures] 11/02/2006 08:03 AM My Videos [C:\Users\Administrator\Videos] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\All Users 11/02/2006 08:02 AM Application Data [C:\ProgramData] 11/02/2006 08:02 AM Desktop [C:\Users\Public\Desktop] 11/02/2006 08:02 AM Documents [C:\Users\Public\Documents] 11/02/2006 08:02 AM Favorites [C:\Users\Public\Favorites] 11/02/2006 08:02 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 11/02/2006 08:02 AM Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Default 11/02/2006 08:02 AM Application Data [C:\Users\Default\AppData\Roaming] 11/02/2006 08:02 AM Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 11/02/2006 08:02 AM Local Settings [C:\Users\Default\AppData\Local] 11/02/2006 08:02 AM My Documents [C:\Users\Default\Documents] 11/02/2006 08:02 AM NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 11/02/2006 08:02 AM PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 11/02/2006 08:02 AM Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 11/02/2006 08:02 AM SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 11/02/2006 08:02 AM Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 11/02/2006 08:02 AM Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Default\AppData\Local 11/02/2006 08:02 AM Application Data [C:\Users\Default\AppData\Local] 11/02/2006 08:02 AM History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 11/02/2006 08:02 AM Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data 11/02/2006 08:02 AM Application Data [C:\Users\Default\AppData\Local] 11/02/2006 08:02 AM History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 11/02/2006 08:02 AM Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Default\Documents 11/02/2006 08:02 AM My Music [C:\Users\Default\Music] 11/02/2006 08:02 AM My Pictures [C:\Users\Default\Pictures] 11/02/2006 08:02 AM My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Default\Local Settings 11/02/2006 08:02 AM Application Data [C:\Users\Default\AppData\Local] 11/02/2006 08:02 AM History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 11/02/2006 08:02 AM Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Default\My Documents 11/02/2006 08:02 AM My Music [C:\Users\Default\Music] 11/02/2006 08:02 AM My Pictures [C:\Users\Default\Pictures] 11/02/2006 08:02 AM My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Default User 11/02/2006 08:02 AM Application Data [C:\Users\Default\AppData\Roaming] 11/02/2006 08:02 AM Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 11/02/2006 08:02 AM Local Settings [C:\Users\Default\AppData\Local] 11/02/2006 08:02 AM My Documents [C:\Users\Default\Documents] 11/02/2006 08:02 AM NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 11/02/2006 08:02 AM PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 11/02/2006 08:02 AM Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 11/02/2006 08:02 AM SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 11/02/2006 08:02 AM Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 11/02/2006 08:02 AM Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Default User\AppData\Local 11/02/2006 08:02 AM Application Data [C:\Users\Default\AppData\Local] 11/02/2006 08:02 AM History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 11/02/2006 08:02 AM Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Default User\Documents 11/02/2006 08:02 AM My Music [C:\Users\Default\Music] 11/02/2006 08:02 AM My Pictures [C:\Users\Default\Pictures] 11/02/2006 08:02 AM My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Windows.old\Users\Public\Documents 11/02/2006 08:02 AM My Music [C:\Users\Public\Music] 11/02/2006 08:02 AM My Pictures [C:\Users\Public\Pictures] 11/02/2006 08:02 AM My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Total Files Listed: 0 File(s) 0 bytes 211 Dir(s) 7,594,131,456 bytes free [color=#A23BEC]< >[/color] [2006/11/02 08:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006/11/02 08:01:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/09/13 14:39:42 | 000,000,312 | ---- | C] () -- C:\Windows\Tasks\Security Platform Backup Schedule.job [2012/12/04 23:07:13 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [color=#A23BEC]< >[/color] < End of report >