Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
This topic is locked
Member
|
GeekU Moderator
Member
OTS logfile created on: 6/12/2011 11:51:45 AM - Run 1 OTS by OldTimer - Version 3.1.43.0 Folder = C:\Users\Hegemon\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 363.71 Gb Total Space | 263.35 Gb Free Space | 72.41% Space Free | Partition Type: NTFS Drive D: | 8.90 Gb Total Space | 1.00 Gb Free Space | 11.25% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HEGEMON-PC Current User Name: Hegemon Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Quick Scan [Processes - Safe List] ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools) aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2011/05/13 02:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited) firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2011/05/10 05:20:45 | 000,924,632 | ---- | M] (Mozilla Corporation) awsc.exe -> C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe -> [2011/04/29 12:11:58 | 000,994,304 | ---- | M] () explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) [Modules - Safe List] ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (XAudioService) XAudioService [Disabled | Stopped] -> -> File not found (getPlusHelper) getPlusHelper [Unknown | Stopped] -> -> File not found (AntiVirService) Avira AntiVir Guard [Auto | Stopped] -> -> File not found (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Stopped] -> -> File not found (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) (avast! Antivirus) avast! Antivirus [Auto | Stopped] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) (FontCache) Windows Font Cache Service [Auto | Stopped] -> C:\Windows\System32\FntCache.dll -> [2011/02/22 06:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) (FreeAgentGoNext Service) Seagate Service [Disabled | Stopped] -> C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -> [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) (ioloSystemService) iolo System Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] () (ioloFileInfoList) iolo FileInfoList Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] () (NMSAccessU) NMSAccessU [Auto | Stopped] -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2007/10/12 09:34:56 | 000,071,096 | ---- | M] () (PSI_SVC_2) Protexis Licensing V2 [Disabled | Stopped] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) (ProtexisLicensing) ProtexisLicensing [Auto | Stopped] -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () (AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Disabled | Stopped] -> C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () (Remote UI Service) Intel(R) Remoting Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -> [2006/09/11 16:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) (MCLServiceATL) Intel(R) Application Tracker [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -> [2006/09/11 16:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) (ISSM) Intel(R) Software Services Manager [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -> [2006/09/11 15:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) (AlertService) Intel(R) Alert Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -> [2006/09/11 15:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) (DQLWinService) DQLWinService [Disabled | Stopped] -> C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -> [2006/09/03 10:32:28 | 000,208,896 | ---- | M] () (M1 Server) Intel(R) Viiv(TM) Media Server [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -> [2006/08/31 23:47:56 | 000,026,624 | ---- | M] () (IntelDHSvcConf) Intel DH Service [Auto | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -> [2006/05/10 09:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Driver Services - Safe List] (MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) (aswSnx) aswSnx [File_System | System | Stopped] -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) (aswSP) aswSP [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) (aswTdi) avast! Network Shield Support [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) (aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) (aswMonFlt) aswMonFlt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software) (aswFsBlk) aswFsBlk [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) (Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) (ElRawDisk) ElRawDisk [Kernel | System | Stopped] -> C:\Windows\System32\drivers\elrawdsk.sys -> [2008/12/09 15:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) (atksgt) atksgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | M] () (lirsgt) lirsgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | M] () (nvlddmkm) nvlddmkm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2007/08/27 17:59:00 | 007,574,976 | ---- | M] (NVIDIA Corporation) (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\e1e6032.sys -> [2007/04/13 06:22:56 | 000,228,224 | ---- | M] (Intel Corporation) (HCW85BDA) Hauppauge WinTV 885 Video Capture [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HCW85BDA.sys -> [2007/04/09 13:45:08 | 000,959,104 | ---- | M] (Hauppauge Computer Works) (VSTHWBS2) VSTHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTBS23.SYS -> [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) (MRVW245) Linksys Wireless-N USB Network Adapter WUSB300N [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\MRVW245.sys -> [2006/09/28 09:57:04 | 000,489,216 | ---- | M] (Marvell Semiconductor, Inc) (Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\PS2.sys -> [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.facebook.com/ -> HKEY_CURRENT_USER\: Main\\"StartPageCache" -> -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\prefs.js -> browser.startup.homepage -> "http://www.facebook.com/" -> extensions.enabledItems -> [email protected]:1.0.0.1 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 -> extensions.enabledItems -> {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 -> extensions.enabledItems -> [email protected]:1.85.20100407 -> < FireFox Settings [User.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> C:\USERS\HEGEMON\APPDATA\LOCAL\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/10 05:21:18 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/05/15 19:34:49 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Extensions -> [2008/09/14 20:32:04 | 000,000,000 | ---D | M] -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M] Microsoft .NET Framework Assistant -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/04 20:11:05 | 000,000,000 | ---D | M] Zynga Community Toolbar -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} -> [2011/05/23 22:54:56 | 000,000,000 | ---D | M] -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M] -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2011/05/02 22:27:55 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/06/11 15:56:48 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/12/01 09:51:09 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2011/01/24 10:34:44 | 000,000,000 | ---D | M] No name found -> -> File not found avast! WebRep -> C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M] IE Tab + -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M] Ancestry.com Advanced Image Viewer -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M] < FireFox Plugins [Program Folders] > -> npImgCtl.dll -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected]\plugins\npImgCtl.dll -> [2009/01/07 13:46:34 | 000,200,704 | ---- | M] (Ancestry.com) < HOSTS File > ([2011/06/05 10:05:23 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2011/01/21 13:43:07 | 000,061,888 | ---- | M] (Adobe Systems Incorporated) {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"] -> [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) "avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) "avgnt" -> ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> File not found "Malwarebytes' Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) "MaxMenuMgr" -> C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe ["C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"] -> [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) "Symantec PIF AlertEng" -> ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> File not found "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.) E&xport to Microsoft Excel -> [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> www_oovoo.com [https] -> Trusted sites -> rhap-app-4-0_real.com [https] -> Trusted sites -> rhapreg_real.com [https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {049A470D-F818-4E34-B14D-E4E237DADCF8} [HKLM] -> http://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab [CPlayFirstFashionDasControl Object] -> {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} [HKLM] -> http://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab [CPlayFirstDairyDashWControl Object] -> {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> {21BB8360-F943-447E-98F3-3C22345375A7} [HKLM] -> http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab [CPlayFirstChocolatierControl Object] -> {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> {406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.costcophotocenter.com/CostcoActivia.cab [Snapfish Activia] -> {44990B00-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab [Symantec Configuration Class] -> {459E93B6-150E-45D5-8D4B-45C66FC035FE} [HKLM] -> http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx [Reg Error: Key error.] -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Reg Error: Key error.] -> {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [HKLM] -> http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab [Image Uploader Control] -> {6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] -> {74EF5274-F439-2168-B543-14745B625C72} [HKLM] -> http://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab [CPlayFirstWeddingDasControl Object] -> {8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [HKLM] -> http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} [HKLM] -> http://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab [GoBit Games Player] -> {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} [HKLM] -> http://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab [CPlayFirstPetShopHopControl Object] -> {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} [HKLM] -> http://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab [GameTap Web Updater] -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} [HKLM] -> http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab [SproutLauncherCtrl Class] -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab [Facebook Photo Uploader 4] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab [Reg Error: Key error.] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> {E93E9DF0-3E59-4331-A269-F1E077C66F00} [HKLM] -> http://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab [Reg Error: Key error.] -> {EFD1E13D-1CB3-4545-B754-CA410FE7734F} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? [Photo Upload Plugin Class] -> {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} [HKLM] -> http://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab [CPlayFirstChocolatieControl Object] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {57F6B19F-1831-46AA-BB54-2AC85578153C}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) -> {A08F0F5B-3FBA-4925-A9AB-426258AF9CB3}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) -> {AE2CABB7-2FEA-4E51-AD14-E22CD361C404}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/06/23 11:46:47 | 000,000,074 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < Registry Shell Spawning - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<key>\shell\[command]\command -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ -> .com [@ = ComFile] -> Reg Error: Key error. -> File not found [Files/Folders - Created Within 30 Days] _OTS -> C:\_OTS -> [2011/06/06 09:23:07 | 000,000,000 | ---D | C] RK_Quarantine -> C:\Users\Hegemon\Desktop\RK_Quarantine -> [2011/06/05 17:16:32 | 000,000,000 | ---D | C] Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2011/06/05 10:22:29 | 000,000,000 | ---D | C] 6002082.sys -> C:\Windows\System32\drivers\6002082.sys -> [2011/06/05 10:21:59 | 000,311,312 | ---- | C] (Kaspersky Lab) 60020821.sys -> C:\Windows\System32\drivers\60020821.sys -> [2011/06/05 10:21:59 | 000,128,016 | ---- | C] (Kaspersky Lab) 60020822.sys -> C:\Windows\System32\drivers\60020822.sys -> [2011/06/05 10:21:59 | 000,037,392 | ---- | C] (Kaspersky Lab) Virus Removal Tool -> C:\Users\Hegemon\Desktop\Virus Removal Tool -> [2011/06/05 10:21:59 | 000,000,000 | ---D | C] temp -> C:\Windows\temp -> [2011/06/05 10:06:31 | 000,000,000 | ---D | C] temp -> C:\Users\Hegemon\AppData\Local\temp -> [2011/06/05 10:06:30 | 000,000,000 | ---D | C] $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/06/05 10:06:08 | 000,000,000 | -HSD | C] SWREG.exe -> C:\Windows\SWREG.exe -> [2011/06/05 09:53:48 | 000,518,144 | ---- | C] (SteelWerX) SWSC.exe -> C:\Windows\SWSC.exe -> [2011/06/05 09:53:48 | 000,406,528 | ---- | C] (SteelWerX) NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2011/06/05 09:53:48 | 000,060,416 | ---- | C] (NirSoft) ERDNT -> C:\Windows\ERDNT -> [2011/06/05 09:51:53 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2011/06/05 06:47:26 | 000,000,000 | ---D | C] _OTL -> C:\_OTL -> [2011/06/03 23:00:57 | 000,000,000 | ---D | C] Sophos -> C:\Program Files\Sophos -> [2011/05/31 11:00:39 | 000,000,000 | ---D | C] 380CANON -> C:\Users\Hegemon\Desktop\380CANON -> [2011/05/30 12:06:20 | 000,000,000 | ---D | C] 379CANON -> C:\Users\Hegemon\Desktop\379CANON -> [2011/05/30 11:30:24 | 000,000,000 | ---D | C] WindowsSearch -> C:\ProgramData\WindowsSearch -> [2011/05/28 08:48:19 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2011/05/28 06:46:51 | 000,000,000 | ---D | C] Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2011/05/26 18:55:14 | 000,064,512 | ---- | C] (Lavasoft AB) Lavasoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C] Lavasoft -> C:\Program Files\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C] avast! Free Antivirus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus -> [2011/05/17 10:07:26 | 000,000,000 | ---D | C] aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/17 10:07:24 | 000,441,176 | ---- | C] (AVAST Software) avastSS.scr -> C:\Windows\avastSS.scr -> [2011/05/17 10:06:50 | 000,040,112 | ---- | C] (AVAST Software) AVAST Software -> C:\Program Files\AVAST Software -> [2011/05/17 10:06:31 | 000,000,000 | ---D | C] AVAST Software -> C:\ProgramData\AVAST Software -> [2011/05/17 10:05:58 | 000,000,000 | ---D | C] OEM Links -> C:\ProgramData\OEM Links -> [2011/05/16 07:46:33 | 000,000,000 | ---D | C] MicroWorld -> C:\ProgramData\MicroWorld -> [2011/05/16 07:46:32 | 000,000,000 | ---D | C] killproc.exe -> C:\Windows\killproc.exe -> [2011/05/16 07:46:27 | 000,145,928 | ---- | C] (MicroWorld Technologies Inc.) contf64.dll -> C:\Windows\System32\contf64.dll -> [2011/05/16 07:46:06 | 002,161,672 | ---- | C] (MicroWorld Technologies Inc.) contfilt.dll -> C:\Windows\System32\contfilt.dll -> [2011/05/16 07:46:06 | 001,792,520 | ---- | C] (MicroWorld Technologies Inc.) mwnsp64.dll -> C:\Windows\System32\mwnsp64.dll -> [2011/05/16 07:46:06 | 000,221,704 | ---- | C] (MicroWorld Technologies Inc.) mwnsp.dll -> C:\Windows\System32\mwnsp.dll -> [2011/05/16 07:46:06 | 000,186,888 | ---- | C] (MicroWorld Technologies Inc.) mwtsp64.dll -> C:\Windows\System32\mwtsp64.dll -> [2011/05/16 07:46:05 | 000,687,624 | ---- | C] (MicroWorld Technologies Inc.) mwtsp.dll -> C:\Windows\System32\mwtsp.dll -> [2011/05/16 07:46:05 | 000,580,104 | ---- | C] (MicroWorld Technologies Inc.) inst_tspx.exe -> C:\Windows\inst_tspx.exe -> [2011/05/16 07:46:05 | 000,249,352 | ---- | C] (MicroWorld Technologies Inc.) inst_tsp.exe -> C:\Windows\inst_tsp.exe -> [2011/05/16 07:46:05 | 000,174,600 | ---- | C] (MicroWorld Technologies Inc.) ZIPDLL.DLL -> C:\Windows\System32\ZIPDLL.DLL -> [2011/05/16 07:46:05 | 000,137,224 | ---- | C] (MWTI) UNZDLL.DLL -> C:\Windows\System32\UNZDLL.DLL -> [2011/05/16 07:46:05 | 000,132,104 | ---- | C] (MWTI) MicroWorld -> C:\Program Files\Common Files\MicroWorld -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C] eScan -> C:\Program Files\eScan -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C] iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:45:44 | 149,100,720 | ---- | C] (MicroWorld Technologies Inc. ) Malwarebytes -> C:\Users\Hegemon\AppData\Roaming\Malwarebytes -> [2011/05/16 07:19:37 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/16 07:19:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:30 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/05/16 07:19:29 | 000,000,000 | ---D | C] mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/16 07:19:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:27 | 000,000,000 | ---D | C] CCleaner.exe -> C:\Users\Hegemon\Desktop\CCleaner.exe -> [2011/05/15 16:12:09 | 001,578,736 | ---- | C] (Piriform Ltd) [Files/Folders - Modified Within 30 Days] perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/06/12 02:15:15 | 000,603,516 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/06/12 02:15:15 | 000,103,586 | ---- | M] () Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/12 02:13:00 | 000,000,384 | ---- | M] () rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/06/12 02:12:53 | 000,000,064 | ---- | M] () rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/06/12 02:12:53 | 000,000,044 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011/06/12 02:10:52 | 000,067,584 | --S- | M] () temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/12 02:10:42 | 268,435,456 | -HS- | M] () d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/06/09 03:00:28 | 000,000,680 | ---- | M] () setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | M] () OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | M] () hosts -> C:\Windows\System32\drivers\etc\hosts -> [2011/06/05 10:05:23 | 000,000,027 | ---- | M] () ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | M] () MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/04 18:04:05 | 000,000,512 | ---- | M] () aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | M] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] () mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2011/06/02 11:32:06 | 000,870,128 | ---- | M] () F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2011/06/02 11:32:06 | 000,000,004 | ---- | M] () thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | M] () SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:13 | 001,295,450 | ---- | M] () ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | M] () mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) Windows Media Player.lnk -> C:\Users\Hegemon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> [2011/05/28 05:01:13 | 000,000,940 | ---- | M] () lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2011/05/26 18:57:26 | 000,016,432 | ---- | M] () Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/05/22 17:57:27 | 000,047,104 | ---- | M] () avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | M] () config.nt -> C:\Windows\System32\config.nt -> [2011/05/17 10:07:23 | 000,002,577 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 22:15:22 | 000,000,908 | ---- | M] () Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:50:00 | 000,002,141 | ---- | M] () winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | M] () winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | M] () iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:08:06 | 149,100,720 | ---- | M] (MicroWorld Technologies Inc. ) EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/15 20:21:19 | 000,009,177 | ---- | M] () ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2011/05/15 19:29:30 | 000,000,209 | ---- | M] () 2 C:\Users\Hegemon\AppData\Local\temp\*.tmp files -> C:\Users\Hegemon\AppData\Local\temp\*.tmp -> [Files - No Company Name] setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | C] () OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | C] () ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | C] () PEV.exe -> C:\Windows\PEV.exe -> [2011/06/05 09:53:48 | 000,256,512 | ---- | C] () MBR.exe -> C:\Windows\MBR.exe -> [2011/06/05 09:53:48 | 000,208,896 | ---- | C] () sed.exe -> C:\Windows\sed.exe -> [2011/06/05 09:53:48 | 000,098,816 | ---- | C] () grep.exe -> C:\Windows\grep.exe -> [2011/06/05 09:53:48 | 000,080,412 | ---- | C] () zip.exe -> C:\Windows\zip.exe -> [2011/06/05 09:53:48 | 000,068,096 | ---- | C] () aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | C] () temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/04 17:59:06 | 268,435,456 | -HS- | C] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | C] () MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/03 23:18:04 | 000,000,512 | ---- | C] () Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/02 08:39:51 | 000,000,384 | ---- | C] () thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | C] () SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:12 | 001,295,450 | ---- | C] () ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | C] () Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | C] () avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | C] () d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/05/17 09:57:32 | 000,000,680 | ---- | C] () winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | C] () winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | C] () wget.exe -> C:\Windows\System32\wget.exe -> [2011/05/16 07:46:04 | 000,338,176 | ---- | C] () curl.exe -> C:\Windows\System32\curl.exe -> [2011/05/16 07:46:04 | 000,293,896 | ---- | C] () unrar.dll -> C:\Windows\System32\unrar.dll -> [2011/05/16 07:46:04 | 000,172,040 | ---- | C] () Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:45:56 | 000,002,141 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 07:19:30 | 000,000,908 | ---- | C] () EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/14 12:23:18 | 000,009,177 | ---- | C] () rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/05/08 10:07:30 | 000,000,064 | ---- | C] () rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/05/08 10:07:30 | 000,000,044 | ---- | C] () lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/12/26 14:30:47 | 000,016,432 | ---- | C] () HPHins15.dat -> C:\Windows\HPHins15.dat -> [2010/05/12 09:45:50 | 000,121,318 | ---- | C] () hphmdl15.dat -> C:\Windows\hphmdl15.dat -> [2010/05/12 09:45:50 | 000,002,885 | ---- | C] () hpwscr14.dat -> C:\Windows\hpwscr14.dat -> [2010/01/04 12:43:49 | 000,012,858 | ---- | C] () hpwins14.dat -> C:\Windows\hpwins14.dat -> [2010/01/04 12:30:00 | 000,179,441 | ---- | C] () hpwmdl14.dat -> C:\Windows\hpwmdl14.dat -> [2010/01/04 12:30:00 | 000,001,108 | ---- | C] () cdplayer.ini -> C:\Windows\cdplayer.ini -> [2010/01/02 15:45:52 | 000,001,056 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/16 22:51:22 | 000,008,192 | ---- | C] () SIntfNT.dll -> C:\Windows\System32\SIntfNT.dll -> [2009/12/08 20:05:57 | 000,021,840 | ---- | C] () SIntf32.dll -> C:\Windows\System32\SIntf32.dll -> [2009/12/08 20:05:57 | 000,017,212 | ---- | C] () SIntf16.dll -> C:\Windows\System32\SIntf16.dll -> [2009/12/08 20:05:57 | 000,012,067 | ---- | C] () StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2009/12/05 10:26:36 | 000,107,612 | ---- | C] () EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/12/05 10:26:35 | 000,117,248 | ---- | C] () .zreglib -> C:\ProgramData\.zreglib -> [2009/12/04 20:16:26 | 000,000,040 | -HS- | C] () KGyGaAvL.sys -> C:\ProgramData\KGyGaAvL.sys -> [2009/11/17 00:16:58 | 000,000,952 | -HS- | C] () D1CEAE08F7.sys -> C:\ProgramData\D1CEAE08F7.sys -> [2009/11/17 00:16:58 | 000,000,088 | RHS- | C] () Incinerator.dll -> C:\Windows\System32\Incinerator.dll -> [2009/11/07 21:25:10 | 000,933,208 | ---- | C] () mfc45.dll -> C:\Windows\System32\mfc45.dll -> [2009/11/07 21:24:08 | 000,074,703 | ---- | C] () StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2009/05/28 10:09:29 | 000,018,904 | ---- | C] () wklnhst.dat -> C:\Users\Hegemon\AppData\Roaming\wklnhst.dat -> [2009/05/11 11:06:12 | 000,000,000 | ---- | C] () hash.dat -> C:\ProgramData\hash.dat -> [2009/04/11 10:44:34 | 000,000,032 | R--- | C] () F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2009/03/15 18:57:23 | 000,000,004 | ---- | C] () mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2009/03/15 18:57:22 | 000,870,128 | ---- | C] () yukon.ini -> C:\Windows\yukon.ini -> [2008/10/03 21:47:14 | 000,000,446 | ---- | C] () iPlayer.INI -> C:\Windows\iPlayer.INI -> [2008/04/07 18:13:38 | 000,000,000 | ---- | C] () atksgt.sys -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | C] () lirsgt.sys -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | C] () D1CEAE08F7.sys -> C:\Windows\System32\D1CEAE08F7.sys -> [2008/02/28 21:33:36 | 000,000,088 | RHS- | C] () KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2008/02/28 21:33:35 | 000,000,952 | -HS- | C] () d3dx.dat -> C:\Windows\d3dx.dat -> [2007/11/16 21:13:29 | 000,004,096 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/11/15 21:08:47 | 000,047,104 | ---- | C] () AVSDVDPlayer.m3u -> C:\Users\Hegemon\AppData\Roaming\AVSDVDPlayer.m3u -> [2007/08/28 19:38:21 | 000,000,000 | ---- | C] () xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2007/08/28 19:30:47 | 000,524,288 | ---- | C] () xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2007/08/28 19:30:47 | 000,139,264 | ---- | C] () SI.bin -> C:\Windows\System32\SI.bin -> [2007/08/25 21:41:11 | 000,000,001 | ---- | C] () nsreg.dat -> C:\Windows\nsreg.dat -> [2007/08/25 18:30:26 | 000,000,335 | ---- | C] () ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2007/08/13 23:28:07 | 000,000,209 | ---- | C] () WLAN.INI -> C:\Windows\System32\WLAN.INI -> [2007/08/13 20:37:57 | 000,000,859 | ---- | C] () hpqins13.dat -> C:\Windows\hpqins13.dat -> [2007/06/23 11:39:04 | 000,103,521 | ---- | C] () hcwxds.dll -> C:\Windows\System32\hcwxds.dll -> [2007/06/23 11:30:18 | 000,066,048 | ---- | C] () OsdRemove.exe -> C:\Windows\System32\OsdRemove.exe -> [2007/06/23 11:22:39 | 000,061,440 | ---- | C] () pythoncom24.dll -> C:\Windows\System32\pythoncom24.dll -> [2007/06/23 11:19:53 | 000,327,680 | ---- | C] () pywintypes24.dll -> C:\Windows\System32\pywintypes24.dll -> [2007/06/23 11:19:53 | 000,102,400 | ---- | C] () px.ini -> C:\Windows\System32\px.ini -> [2007/03/06 01:47:24 | 000,000,000 | ---- | C] () CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2007/01/12 07:07:48 | 000,520,192 | ---- | C] () CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2007/01/12 07:07:48 | 000,204,800 | ---- | C] () PSIService.exe -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | C] () bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 05:57:28 | 000,067,584 | --S- | C] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 05:47:37 | 000,377,984 | ---- | C] () sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 03:33:01 | 000,603,516 | ---- | C] () perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 03:33:01 | 000,287,440 | ---- | C] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 03:33:01 | 000,103,586 | ---- | C] () perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 03:33:01 | 000,030,674 | ---- | C] () dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 03:23:21 | 000,215,943 | ---- | C] () mib.bin -> C:\Windows\mib.bin -> [2006/11/02 01:58:30 | 000,043,131 | ---- | C] () NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 01:19:00 | 000,000,741 | ---- | C] () pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 00:25:31 | 000,673,088 | ---- | C] () secdrv.sys -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/01 23:37:21 | 000,011,376 | ---- | C] () cpuinf32.dll -> C:\Windows\System32\cpuinf32.dll -> [2006/06/23 10:09:34 | 000,019,968 | R--- | C] () EyeCand3.INI -> C:\Windows\EyeCand3.INI -> [2001/07/13 07:04:00 | 000,373,248 | ---- | C] () iyvu9_32.dll -> C:\Windows\System32\iyvu9_32.dll -> [1997/06/13 19:56:08 | 000,056,832 | ---- | C] () [File - Lop Check] 1morebee -> C:\Users\Hegemon\AppData\Roaming\1morebee -> [2010/03/11 23:53:59 | 000,000,000 | ---D | M] acccore -> C:\Users\Hegemon\AppData\Roaming\acccore -> [2011/03/22 19:27:11 | 000,000,000 | ---D | M] Anthropics -> C:\Users\Hegemon\AppData\Roaming\Anthropics -> [2010/06/09 21:59:02 | 000,000,000 | ---D | M] EleFun Games -> C:\Users\Hegemon\AppData\Roaming\EleFun Games -> [2010/02/14 23:18:53 | 000,000,000 | ---D | M] freshgames -> C:\Users\Hegemon\AppData\Roaming\freshgames -> [2010/06/18 09:16:33 | 000,000,000 | ---D | M] Gaijin Ent -> C:\Users\Hegemon\AppData\Roaming\Gaijin Ent -> [2008/10/12 20:11:06 | 000,000,000 | ---D | M] Gamelab -> C:\Users\Hegemon\AppData\Roaming\Gamelab -> [2010/04/29 16:26:42 | 000,000,000 | ---D | M] GetRightToGo -> C:\Users\Hegemon\AppData\Roaming\GetRightToGo -> [2010/06/02 09:50:42 | 000,000,000 | ---D | M] iolo -> C:\Users\Hegemon\AppData\Roaming\iolo -> [2009/11/07 21:24:03 | 000,000,000 | ---D | M] Leadertech -> C:\Users\Hegemon\AppData\Roaming\Leadertech -> [2009/08/18 21:11:50 | 000,000,000 | ---D | M] My Games -> C:\Users\Hegemon\AppData\Roaming\My Games -> [2010/12/28 14:19:38 | 000,000,000 | ---D | M] ooVoo Details -> C:\Users\Hegemon\AppData\Roaming\ooVoo Details -> [2009/04/19 00:25:18 | 000,000,000 | ---D | M] Opera -> C:\Users\Hegemon\AppData\Roaming\Opera -> [2008/01/06 18:54:24 | 000,000,000 | ---D | M] PlayFirst -> C:\Users\Hegemon\AppData\Roaming\PlayFirst -> [2011/01/13 00:25:54 | 000,000,000 | ---D | M] Pogo Games -> C:\Users\Hegemon\AppData\Roaming\Pogo Games -> [2010/12/12 22:37:07 | 000,000,000 | ---D | M] Snapfish -> C:\Users\Hegemon\AppData\Roaming\Snapfish -> [2007/12/30 18:09:27 | 000,000,000 | ---D | M] Template -> C:\Users\Hegemon\AppData\Roaming\Template -> [2009/05/11 11:06:13 | 000,000,000 | ---D | M] WinBatch -> C:\Users\Hegemon\AppData\Roaming\WinBatch -> [2010/09/07 08:19:55 | 000,000,000 | ---D | M] Ad-Aware Update (Weekly).job -> C:\Windows\Tasks\Ad-Aware Update (Weekly).job -> [2011/06/12 02:13:00 | 000,000,384 | ---- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/06/07 18:35:56 | 000,032,600 | ---- | M] () [File - Purity Scan] [Custom Scans] < MD5 Scans Start> < %systemdrive%\SHELL32.DLL /md5 /s > shell32.dll : MD5=028EF93B746FF370DFE35711A7569647 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22839_none_6c9b67c92b29b17c\shell32.dll -> [2011/01/21 08:04:53 | 011,587,584 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=048B65EC931A39A5F42016BE04775274 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18588_none_6bdab74c123589c2\shell32.dll -> [2011/01/21 08:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=0A8317FF6D77DA369C34F88693373A6C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16386_none_69f268e21510dceb\shell32.dll -> [2006/11/02 02:46:13 | 011,314,688 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=221565A0217045A61D179B438BC4AC8A -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22574_none_6e51988f2874f7b1\shell32.dll -> [2011/01/21 09:27:57 | 011,588,096 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=276AA16A23029F559BAB104011F97340 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.21081_none_6a76e5db2e332307\shell32.dll -> [2009/07/10 05:06:47 | 011,321,856 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=32C0C48A029F5EB94A609CE5F2D43BEB -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18063_none_6dd1c3ce0f502e03\shell32.dll -> [2009/07/10 04:47:42 | 011,584,512 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=33AE914C24F546AABF281BA7B138186D -> C:\Windows\System32\shell32.dll -> [2011/01/21 09:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=33AE914C24F546AABF281BA7B138186D -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18393_none_6db159bc0f68794b\shell32.dll -> [2011/01/21 09:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=33E9CE9110597F1A47BA18B96EAFA6FA -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18000_none_6c292ade11fbedbf\shell32.dll -> [2008/01/19 00:36:10 | 011,580,416 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=3D58E32AA9A5C7F408D97675C81C9AED -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_6ab8eba52e01644f\shell32.dll -> [2008/04/23 21:40:28 | 011,319,808 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=43466A7FF452883B68F52B963023949C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18005_none_6e14a3ea0f1db90b\shell32.dll -> [2009/04/10 23:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=4A21B11997C1F14D8707C8C501CA59A7 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5cc532b16d3dc\shell32.dll -> [2008/11/06 05:59:27 | 011,582,976 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=4F72C8F593AAB1B83FB5D62CBFBB51F9 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977d7d2e1a9bf2\shell32.dll -> [2008/11/06 05:59:14 | 011,320,832 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=5D62692EEB77E32F67A966F1BDEB551B -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32.dll -> [2008/11/06 06:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=61509AF47F663A6EA941492ED181D60C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\shell32.dll -> [2008/04/23 21:58:20 | 011,580,416 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=7BA541CD1EAFB4D38DBA594FCF611A62 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20628_none_6abee9952dfc020b\shell32.dll -> [2007/08/29 23:33:27 | 011,315,200 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=81A20AC0051ADA6F9FC58FA620BE4A78 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22467_none_6c78efd92b43de05\shell32.dll -> [2009/07/10 04:59:03 | 011,584,512 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=82A0A2AB2C637C11F28C1E37F76A284E -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_6c77e9dd2b44cd39\shell32.dll -> [2008/04/23 21:45:45 | 011,581,440 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=895F23DE1778E6AADE0DEEBCC2E6AC0A -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22454_none_6e6736812864c2a8\shell32.dll -> [2010/07/26 11:04:15 | 011,587,072 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=91640C342AD09936D0E4B7EBDDB12091 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18287_none_6dc028ea0f5cc58f\shell32.dll -> [2010/07/26 08:51:48 | 011,584,512 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=93FDB7E073B00D0BB7DF7182D882539F -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16883_none_69ef7182151382a9\shell32.dll -> [2009/07/10 05:17:37 | 011,316,224 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=AF54933386F459CEC04AC91C49423B25 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16513_none_6a3b1b4414dac79d\shell32.dll -> [2007/08/29 23:33:25 | 011,315,200 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=CDE0D181CF5E5DD7E7C032A15365799C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22735_none_6c9764bb2b2d4ef9\shell32.dll -> [2010/07/26 09:56:52 | 011,586,560 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=CF1D75E7B4A7CC6D2A21FE64C9E50A12 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3fd2150a82e8\shell32.dll -> [2008/11/06 05:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=DD2F953D9DCAAF080F724803A8121CE6 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18505_none_6c2e35ce11f75e35\shell32.dll -> [2010/07/26 09:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=E19E22CD00EA110B0CE2C13777CEF92C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22169_none_6e616255286865d7\shell32.dll -> [2009/07/10 04:49:50 | 011,584,512 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=EB85D49F3129EBED4993E800521715DD -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18287_none_6bd9b150123678f6\shell32.dll -> [2009/07/10 05:20:59 | 011,581,440 | ---- | M] (Microsoft Corporation) shell32.dll : MD5=FF37AF2D5DCAFC00BC46AF07B53699B0 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll -> [2008/04/23 21:51:39 | 011,315,712 | ---- | M] (Microsoft Corporation) < %systemdrive%\SHELL32.DLL.MUI /md5 /s > shell32.dll.mui : MD5=19814EB0E8E8A1143FF1D08E01850829 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.20951_en-us_58181938f4fa5227\shell32.dll.mui -> [2008/11/06 05:58:23 | 000,557,056 | ---- | M] (Microsoft Corporation) shell32.dll.mui : MD5=1BD74525DEF8D3BF748EDF8B8B2221A8 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.21097_en-us_57f2b366f5158d37\shell32.dll.mui -> [2009/07/30 16:09:23 | 000,557,056 | ---- | M] (Microsoft Corporation) shell32.dll.mui : MD5=3BAF89E33CF839720399AFDB7316C863 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5773049ddbf09320\shell32.dll.mui -> [2006/11/02 05:41:26 | 000,557,056 | ---- | M] (Microsoft Corporation) shell32.dll.mui : MD5=CDA08164EACCDA67384FBA1CBEB08BE3 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.20822_en-us_58398760f4e11a84\shell32.dll.mui -> [2008/04/23 21:41:02 | 000,557,056 | ---- | M] (Microsoft Corporation) shell32.dll.mui : Unable to obtain MD5 -> C:\Windows\System32\en-US\shell32.dll.mui -> [2008/01/19 00:28:56 | 000,561,152 | ---- | M] (Microsoft Corporation) shell32.dll.mui : Unable to obtain MD5 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6001.18000_en-us_59a9c699d8dba3f4\shell32.dll.mui -> [2008/01/19 00:28:56 | 000,561,152 | ---- | M] (Microsoft Corporation) < MD5 Scans End> [Alternate Data Streams] @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F798BF2E @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:42D29305 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C4671424 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9C6A9B00 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6371CFDB @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BF5EAC0C @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:837546C7 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8F16601E @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DF0F61BB @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2BAAE818 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D6C31E03 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:26FE5B17 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5AEA68EE @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AD7C3EFB @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFB5119F @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFD2D4A7 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E23D0CEC @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4FBF8BD @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B12FF3F2 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9EE2AB9 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:30759574 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C210B4D5 @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:68FB0053 @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:12CF331A @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:8F84BF39 @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FB2DC8A5 @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:3D857D30 @Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:25EFDD27 @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:CBCF563D @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:261B2A7E < End of report >
GeekU Moderator
GeekU Moderator
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
Sign In
Create Account
