Okay running OTS. Still in safemode with networking. Can you recommend a better operating system if I do have to wipe? I thought Windows 7 was free???
OTS logfile created on: 6/12/2011 11:51:45 AM - Run 1
OTS by OldTimer - Version 3.1.43.0 Folder = C:\Users\Hegemon\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.71 Gb Total Space | 263.35 Gb Free Space | 72.41% Space Free | Partition Type: NTFS
Drive D: | 8.90 Gb Total Space | 1.00 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HEGEMON-PC
Current User Name: Hegemon
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Quick Scan
[Processes - Safe List]
ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2011/05/13 02:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2011/05/10 05:20:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
awsc.exe -> C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe -> [2011/04/29 12:11:58 | 000,994,304 | ---- | M] ()
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
[Modules - Safe List]
ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(XAudioService) XAudioService [Disabled | Stopped] -> -> File not found
(getPlusHelper) getPlusHelper [Unknown | Stopped] -> -> File not found
(AntiVirService) Avira AntiVir Guard [Auto | Stopped] -> -> File not found
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Stopped] -> -> File not found
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited)
(avast! Antivirus) avast! Antivirus [Auto | Stopped] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software)
(FontCache) Windows Font Cache Service [Auto | Stopped] -> C:\Windows\System32\FntCache.dll -> [2011/02/22 06:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation)
(FreeAgentGoNext Service) Seagate Service [Disabled | Stopped] -> C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -> [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC)
(ioloSystemService) iolo System Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] ()
(ioloFileInfoList) iolo FileInfoList Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] ()
(NMSAccessU) NMSAccessU [Auto | Stopped] -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2007/10/12 09:34:56 | 000,071,096 | ---- | M] ()
(PSI_SVC_2) Protexis Licensing V2 [Disabled | Stopped] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.)
(ProtexisLicensing) ProtexisLicensing [Auto | Stopped] -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | M] ()
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Disabled | Stopped] -> C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [2006/09/14 07:56:06 | 000,102,400 | ---- | M] ()
(Remote UI Service) Intel(R) Remoting Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -> [2006/09/11 16:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation)
(MCLServiceATL) Intel(R) Application Tracker [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -> [2006/09/11 16:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation)
(ISSM) Intel(R) Software Services Manager [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -> [2006/09/11 15:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation)
(AlertService) Intel(R) Alert Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -> [2006/09/11 15:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation)
(DQLWinService) DQLWinService [Disabled | Stopped] -> C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -> [2006/09/03 10:32:28 | 000,208,896 | ---- | M] ()
(M1 Server) Intel(R) Viiv(TM) Media Server [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -> [2006/08/31 23:47:56 | 000,026,624 | ---- | M] ()
(IntelDHSvcConf) Intel DH Service [Auto | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -> [2006/05/10 09:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation)
[Driver Services - Safe List]
(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
(aswSnx) aswSnx [File_System | System | Stopped] -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software)
(aswSP) aswSP [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software)
(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software)
(aswMonFlt) aswMonFlt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software)
(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB)
(ElRawDisk) ElRawDisk [Kernel | System | Stopped] -> C:\Windows\System32\drivers\elrawdsk.sys -> [2008/12/09 15:26:50 | 000,020,392 | ---- | M] (EldoS Corporation)
(atksgt) atksgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | M] ()
(lirsgt) lirsgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | M] ()
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2007/08/27 17:59:00 | 007,574,976 | ---- | M] (NVIDIA Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\e1e6032.sys -> [2007/04/13 06:22:56 | 000,228,224 | ---- | M] (Intel Corporation)
(HCW85BDA) Hauppauge WinTV 885 Video Capture [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HCW85BDA.sys -> [2007/04/09 13:45:08 | 000,959,104 | ---- | M] (Hauppauge Computer Works)
(VSTHWBS2) VSTHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTBS23.SYS -> [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.)
(MRVW245) Linksys Wireless-N USB Network Adapter WUSB300N [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\MRVW245.sys -> [2006/09/28 09:57:04 | 000,489,216 | ---- | M] (Marvell Semiconductor, Inc)
(Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\PS2.sys -> [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.facebook.com/ ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\prefs.js ->
browser.startup.homepage -> "http://www.facebook.com/" ->
extensions.enabledItems -> [email protected]:1.0.0.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 ->
extensions.enabledItems -> [email protected]:1.85.20100407 ->
< FireFox Settings [User.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> C:\USERS\HEGEMON\APPDATA\LOCAL\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} ->
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/10 05:21:18 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/05/15 19:34:49 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Hegemon\AppData\Roaming\Mozilla\Extensions -> [2008/09/14 20:32:04 | 000,000,000 | ---D | M]
-> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/04 20:11:05 | 000,000,000 | ---D | M]
Zynga Community Toolbar -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} -> [2011/05/23 22:54:56 | 000,000,000 | ---D | M]
-> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
-> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2011/05/02 22:27:55 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/06/11 15:56:48 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/12/01 09:51:09 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2011/01/24 10:34:44 | 000,000,000 | ---D | M]
No name found -> -> File not found
avast! WebRep -> C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M]
IE Tab + -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
Ancestry.com Advanced Image Viewer -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M]
< FireFox Plugins [Program Folders] > ->
npImgCtl.dll -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected]\plugins\npImgCtl.dll -> [2009/01/07 13:46:34 | 000,200,704 | ---- | M] (Ancestry.com)
< HOSTS File > ([2011/06/05 10:05:23 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2011/01/21 13:43:07 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"] -> [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated)
"avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software)
"avgnt" -> ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> File not found
"Malwarebytes' Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation)
"MaxMenuMgr" -> C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe ["C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"] -> [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC)
"Symantec PIF AlertEng" -> ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> File not found
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel -> [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
www_oovoo.com [https] -> Trusted sites ->
rhap-app-4-0_real.com [https] -> Trusted sites ->
rhapreg_real.com [https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{049A470D-F818-4E34-B14D-E4E237DADCF8} [HKLM] -> http://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab [CPlayFirstFashionDasControl Object] ->
{055B4212-4C81-448E-AFA9-C3CA4AAE8F95} [HKLM] -> http://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab [CPlayFirstDairyDashWControl Object] ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] ->
{21BB8360-F943-447E-98F3-3C22345375A7} [HKLM] -> http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab [CPlayFirstChocolatierControl Object] ->
{26B2A5DA-BFD6-422F-A89A-28A54C74B12B} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] ->
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.costcophotocenter.com/CostcoActivia.cab [Snapfish Activia] ->
{44990B00-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab [Symantec Configuration Class] ->
{459E93B6-150E-45D5-8D4B-45C66FC035FE} [HKLM] -> http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx [Reg Error: Key error.] ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Reg Error: Key error.] ->
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [HKLM] -> http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab [Image Uploader Control] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] ->
{74EF5274-F439-2168-B543-14745B625C72} [HKLM] -> http://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab [CPlayFirstWeddingDasControl Object] ->
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] ->
{A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [HKLM] -> http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] ->
{B516CA4E-A5BA-405C-AFCF-A97F08CC7429} [HKLM] -> http://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab [GoBit Games Player] ->
{C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} [HKLM] -> http://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab [CPlayFirstPetShopHopControl Object] ->
{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} [HKLM] -> http://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab [GameTap Web Updater] ->
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] ->
{D54160C3-DB7B-4534-9B65-190EE4A9C7F7} [HKLM] -> http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab [SproutLauncherCtrl Class] ->
{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab [Facebook Photo Uploader 4] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab [Reg Error: Key error.] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
{E93E9DF0-3E59-4331-A269-F1E077C66F00} [HKLM] -> http://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab [Reg Error: Key error.] ->
{EFD1E13D-1CB3-4545-B754-CA410FE7734F} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? [Photo Upload Plugin Class] ->
{FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} [HKLM] -> http://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab [CPlayFirstChocolatieControl Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{57F6B19F-1831-46AA-BB54-2AC85578153C}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) ->
{A08F0F5B-3FBA-4925-A9AB-426258AF9CB3}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) ->
{AE2CABB7-2FEA-4E51-AD14-E22CD361C404}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/06/23 11:46:47 | 000,000,074 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< Registry Shell Spawning - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<key>\shell\[command]\command ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> Reg Error: Key error. -> File not found
[Files/Folders - Created Within 30 Days]
_OTS -> C:\_OTS -> [2011/06/06 09:23:07 | 000,000,000 | ---D | C]
RK_Quarantine -> C:\Users\Hegemon\Desktop\RK_Quarantine -> [2011/06/05 17:16:32 | 000,000,000 | ---D | C]
Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2011/06/05 10:22:29 | 000,000,000 | ---D | C]
6002082.sys -> C:\Windows\System32\drivers\6002082.sys -> [2011/06/05 10:21:59 | 000,311,312 | ---- | C] (Kaspersky Lab)
60020821.sys -> C:\Windows\System32\drivers\60020821.sys -> [2011/06/05 10:21:59 | 000,128,016 | ---- | C] (Kaspersky Lab)
60020822.sys -> C:\Windows\System32\drivers\60020822.sys -> [2011/06/05 10:21:59 | 000,037,392 | ---- | C] (Kaspersky Lab)
Virus Removal Tool -> C:\Users\Hegemon\Desktop\Virus Removal Tool -> [2011/06/05 10:21:59 | 000,000,000 | ---D | C]
temp -> C:\Windows\temp -> [2011/06/05 10:06:31 | 000,000,000 | ---D | C]
temp -> C:\Users\Hegemon\AppData\Local\temp -> [2011/06/05 10:06:30 | 000,000,000 | ---D | C]
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/06/05 10:06:08 | 000,000,000 | -HSD | C]
SWREG.exe -> C:\Windows\SWREG.exe -> [2011/06/05 09:53:48 | 000,518,144 | ---- | C] (SteelWerX)
SWSC.exe -> C:\Windows\SWSC.exe -> [2011/06/05 09:53:48 | 000,406,528 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2011/06/05 09:53:48 | 000,060,416 | ---- | C] (NirSoft)
ERDNT -> C:\Windows\ERDNT -> [2011/06/05 09:51:53 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2011/06/05 06:47:26 | 000,000,000 | ---D | C]
_OTL -> C:\_OTL -> [2011/06/03 23:00:57 | 000,000,000 | ---D | C]
Sophos -> C:\Program Files\Sophos -> [2011/05/31 11:00:39 | 000,000,000 | ---D | C]
380CANON -> C:\Users\Hegemon\Desktop\380CANON -> [2011/05/30 12:06:20 | 000,000,000 | ---D | C]
379CANON -> C:\Users\Hegemon\Desktop\379CANON -> [2011/05/30 11:30:24 | 000,000,000 | ---D | C]
WindowsSearch -> C:\ProgramData\WindowsSearch -> [2011/05/28 08:48:19 | 000,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2011/05/28 06:46:51 | 000,000,000 | ---D | C]
Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2011/05/26 18:55:14 | 000,064,512 | ---- | C] (Lavasoft AB)
Lavasoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C]
Lavasoft -> C:\Program Files\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C]
avast! Free Antivirus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus -> [2011/05/17 10:07:26 | 000,000,000 | ---D | C]
aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/17 10:07:24 | 000,441,176 | ---- | C] (AVAST Software)
avastSS.scr -> C:\Windows\avastSS.scr -> [2011/05/17 10:06:50 | 000,040,112 | ---- | C] (AVAST Software)
AVAST Software -> C:\Program Files\AVAST Software -> [2011/05/17 10:06:31 | 000,000,000 | ---D | C]
AVAST Software -> C:\ProgramData\AVAST Software -> [2011/05/17 10:05:58 | 000,000,000 | ---D | C]
OEM Links -> C:\ProgramData\OEM Links -> [2011/05/16 07:46:33 | 000,000,000 | ---D | C]
MicroWorld -> C:\ProgramData\MicroWorld -> [2011/05/16 07:46:32 | 000,000,000 | ---D | C]
killproc.exe -> C:\Windows\killproc.exe -> [2011/05/16 07:46:27 | 000,145,928 | ---- | C] (MicroWorld Technologies Inc.)
contf64.dll -> C:\Windows\System32\contf64.dll -> [2011/05/16 07:46:06 | 002,161,672 | ---- | C] (MicroWorld Technologies Inc.)
contfilt.dll -> C:\Windows\System32\contfilt.dll -> [2011/05/16 07:46:06 | 001,792,520 | ---- | C] (MicroWorld Technologies Inc.)
mwnsp64.dll -> C:\Windows\System32\mwnsp64.dll -> [2011/05/16 07:46:06 | 000,221,704 | ---- | C] (MicroWorld Technologies Inc.)
mwnsp.dll -> C:\Windows\System32\mwnsp.dll -> [2011/05/16 07:46:06 | 000,186,888 | ---- | C] (MicroWorld Technologies Inc.)
mwtsp64.dll -> C:\Windows\System32\mwtsp64.dll -> [2011/05/16 07:46:05 | 000,687,624 | ---- | C] (MicroWorld Technologies Inc.)
mwtsp.dll -> C:\Windows\System32\mwtsp.dll -> [2011/05/16 07:46:05 | 000,580,104 | ---- | C] (MicroWorld Technologies Inc.)
inst_tspx.exe -> C:\Windows\inst_tspx.exe -> [2011/05/16 07:46:05 | 000,249,352 | ---- | C] (MicroWorld Technologies Inc.)
inst_tsp.exe -> C:\Windows\inst_tsp.exe -> [2011/05/16 07:46:05 | 000,174,600 | ---- | C] (MicroWorld Technologies Inc.)
ZIPDLL.DLL -> C:\Windows\System32\ZIPDLL.DLL -> [2011/05/16 07:46:05 | 000,137,224 | ---- | C] (MWTI)
UNZDLL.DLL -> C:\Windows\System32\UNZDLL.DLL -> [2011/05/16 07:46:05 | 000,132,104 | ---- | C] (MWTI)
MicroWorld -> C:\Program Files\Common Files\MicroWorld -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C]
eScan -> C:\Program Files\eScan -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C]
iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:45:44 | 149,100,720 | ---- | C] (MicroWorld Technologies Inc. )
Malwarebytes -> C:\Users\Hegemon\AppData\Roaming\Malwarebytes -> [2011/05/16 07:19:37 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/16 07:19:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:30 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/05/16 07:19:29 | 000,000,000 | ---D | C]
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/16 07:19:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:27 | 000,000,000 | ---D | C]
CCleaner.exe -> C:\Users\Hegemon\Desktop\CCleaner.exe -> [2011/05/15 16:12:09 | 001,578,736 | ---- | C] (Piriform Ltd)
[Files/Folders - Modified Within 30 Days]
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/06/12 02:15:15 | 000,603,516 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/06/12 02:15:15 | 000,103,586 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/12 02:13:00 | 000,000,384 | ---- | M] ()
rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/06/12 02:12:53 | 000,000,064 | ---- | M] ()
rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/06/12 02:12:53 | 000,000,044 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2011/06/12 02:10:52 | 000,067,584 | --S- | M] ()
temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/12 02:10:42 | 268,435,456 | -HS- | M] ()
d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/06/09 03:00:28 | 000,000,680 | ---- | M] ()
setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | M] ()
OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | M] ()
hosts -> C:\Windows\System32\drivers\etc\hosts -> [2011/06/05 10:05:23 | 000,000,027 | ---- | M] ()
ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | M] ()
MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/04 18:04:05 | 000,000,512 | ---- | M] ()
aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] ()
mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2011/06/02 11:32:06 | 000,870,128 | ---- | M] ()
F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2011/06/02 11:32:06 | 000,000,004 | ---- | M] ()
thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | M] ()
SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:13 | 001,295,450 | ---- | M] ()
ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | M] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation)
Windows Media Player.lnk -> C:\Users\Hegemon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> [2011/05/28 05:01:13 | 000,000,940 | ---- | M] ()
lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2011/05/26 18:57:26 | 000,016,432 | ---- | M] ()
Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/05/22 17:57:27 | 000,047,104 | ---- | M] ()
avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | M] ()
config.nt -> C:\Windows\System32\config.nt -> [2011/05/17 10:07:23 | 000,002,577 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 22:15:22 | 000,000,908 | ---- | M] ()
Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:50:00 | 000,002,141 | ---- | M] ()
winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | M] ()
winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | M] ()
iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:08:06 | 149,100,720 | ---- | M] (MicroWorld Technologies Inc. )
EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/15 20:21:19 | 000,009,177 | ---- | M] ()
ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2011/05/15 19:29:30 | 000,000,209 | ---- | M] ()
2 C:\Users\Hegemon\AppData\Local\temp\*.tmp files -> C:\Users\Hegemon\AppData\Local\temp\*.tmp ->
[Files - No Company Name]
setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | C] ()
OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | C] ()
ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | C] ()
PEV.exe -> C:\Windows\PEV.exe -> [2011/06/05 09:53:48 | 000,256,512 | ---- | C] ()
MBR.exe -> C:\Windows\MBR.exe -> [2011/06/05 09:53:48 | 000,208,896 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2011/06/05 09:53:48 | 000,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2011/06/05 09:53:48 | 000,080,412 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2011/06/05 09:53:48 | 000,068,096 | ---- | C] ()
aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | C] ()
temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/04 17:59:06 | 268,435,456 | -HS- | C] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | C] ()
MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/03 23:18:04 | 000,000,512 | ---- | C] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/02 08:39:51 | 000,000,384 | ---- | C] ()
thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | C] ()
SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:12 | 001,295,450 | ---- | C] ()
ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | C] ()
Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | C] ()
avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | C] ()
d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/05/17 09:57:32 | 000,000,680 | ---- | C] ()
winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | C] ()
winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | C] ()
wget.exe -> C:\Windows\System32\wget.exe -> [2011/05/16 07:46:04 | 000,338,176 | ---- | C] ()
curl.exe -> C:\Windows\System32\curl.exe -> [2011/05/16 07:46:04 | 000,293,896 | ---- | C] ()
unrar.dll -> C:\Windows\System32\unrar.dll -> [2011/05/16 07:46:04 | 000,172,040 | ---- | C] ()
Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:45:56 | 000,002,141 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 07:19:30 | 000,000,908 | ---- | C] ()
EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/14 12:23:18 | 000,009,177 | ---- | C] ()
rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/05/08 10:07:30 | 000,000,064 | ---- | C] ()
rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/05/08 10:07:30 | 000,000,044 | ---- | C] ()
lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/12/26 14:30:47 | 000,016,432 | ---- | C] ()
HPHins15.dat -> C:\Windows\HPHins15.dat -> [2010/05/12 09:45:50 | 000,121,318 | ---- | C] ()
hphmdl15.dat -> C:\Windows\hphmdl15.dat -> [2010/05/12 09:45:50 | 000,002,885 | ---- | C] ()
hpwscr14.dat -> C:\Windows\hpwscr14.dat -> [2010/01/04 12:43:49 | 000,012,858 | ---- | C] ()
hpwins14.dat -> C:\Windows\hpwins14.dat -> [2010/01/04 12:30:00 | 000,179,441 | ---- | C] ()
hpwmdl14.dat -> C:\Windows\hpwmdl14.dat -> [2010/01/04 12:30:00 | 000,001,108 | ---- | C] ()
cdplayer.ini -> C:\Windows\cdplayer.ini -> [2010/01/02 15:45:52 | 000,001,056 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/16 22:51:22 | 000,008,192 | ---- | C] ()
SIntfNT.dll -> C:\Windows\System32\SIntfNT.dll -> [2009/12/08 20:05:57 | 000,021,840 | ---- | C] ()
SIntf32.dll -> C:\Windows\System32\SIntf32.dll -> [2009/12/08 20:05:57 | 000,017,212 | ---- | C] ()
SIntf16.dll -> C:\Windows\System32\SIntf16.dll -> [2009/12/08 20:05:57 | 000,012,067 | ---- | C] ()
StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2009/12/05 10:26:36 | 000,107,612 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/12/05 10:26:35 | 000,117,248 | ---- | C] ()
.zreglib -> C:\ProgramData\.zreglib -> [2009/12/04 20:16:26 | 000,000,040 | -HS- | C] ()
KGyGaAvL.sys -> C:\ProgramData\KGyGaAvL.sys -> [2009/11/17 00:16:58 | 000,000,952 | -HS- | C] ()
D1CEAE08F7.sys -> C:\ProgramData\D1CEAE08F7.sys -> [2009/11/17 00:16:58 | 000,000,088 | RHS- | C] ()
Incinerator.dll -> C:\Windows\System32\Incinerator.dll -> [2009/11/07 21:25:10 | 000,933,208 | ---- | C] ()
mfc45.dll -> C:\Windows\System32\mfc45.dll -> [2009/11/07 21:24:08 | 000,074,703 | ---- | C] ()
StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2009/05/28 10:09:29 | 000,018,904 | ---- | C] ()
wklnhst.dat -> C:\Users\Hegemon\AppData\Roaming\wklnhst.dat -> [2009/05/11 11:06:12 | 000,000,000 | ---- | C] ()
hash.dat -> C:\ProgramData\hash.dat -> [2009/04/11 10:44:34 | 000,000,032 | R--- | C] ()
F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2009/03/15 18:57:23 | 000,000,004 | ---- | C] ()
mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2009/03/15 18:57:22 | 000,870,128 | ---- | C] ()
yukon.ini -> C:\Windows\yukon.ini -> [2008/10/03 21:47:14 | 000,000,446 | ---- | C] ()
iPlayer.INI -> C:\Windows\iPlayer.INI -> [2008/04/07 18:13:38 | 000,000,000 | ---- | C] ()
atksgt.sys -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | C] ()
lirsgt.sys -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | C] ()
D1CEAE08F7.sys -> C:\Windows\System32\D1CEAE08F7.sys -> [2008/02/28 21:33:36 | 000,000,088 | RHS- | C] ()
KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2008/02/28 21:33:35 | 000,000,952 | -HS- | C] ()
d3dx.dat -> C:\Windows\d3dx.dat -> [2007/11/16 21:13:29 | 000,004,096 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/11/15 21:08:47 | 000,047,104 | ---- | C] ()
AVSDVDPlayer.m3u -> C:\Users\Hegemon\AppData\Roaming\AVSDVDPlayer.m3u -> [2007/08/28 19:38:21 | 000,000,000 | ---- | C] ()
xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2007/08/28 19:30:47 | 000,524,288 | ---- | C] ()
xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2007/08/28 19:30:47 | 000,139,264 | ---- | C] ()
SI.bin -> C:\Windows\System32\SI.bin -> [2007/08/25 21:41:11 | 000,000,001 | ---- | C] ()
nsreg.dat -> C:\Windows\nsreg.dat -> [2007/08/25 18:30:26 | 000,000,335 | ---- | C] ()
ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2007/08/13 23:28:07 | 000,000,209 | ---- | C] ()
WLAN.INI -> C:\Windows\System32\WLAN.INI -> [2007/08/13 20:37:57 | 000,000,859 | ---- | C] ()
hpqins13.dat -> C:\Windows\hpqins13.dat -> [2007/06/23 11:39:04 | 000,103,521 | ---- | C] ()
hcwxds.dll -> C:\Windows\System32\hcwxds.dll -> [2007/06/23 11:30:18 | 000,066,048 | ---- | C] ()
OsdRemove.exe -> C:\Windows\System32\OsdRemove.exe -> [2007/06/23 11:22:39 | 000,061,440 | ---- | C] ()
pythoncom24.dll -> C:\Windows\System32\pythoncom24.dll -> [2007/06/23 11:19:53 | 000,327,680 | ---- | C] ()
pywintypes24.dll -> C:\Windows\System32\pywintypes24.dll -> [2007/06/23 11:19:53 | 000,102,400 | ---- | C] ()
px.ini -> C:\Windows\System32\px.ini -> [2007/03/06 01:47:24 | 000,000,000 | ---- | C] ()
CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2007/01/12 07:07:48 | 000,520,192 | ---- | C] ()
CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2007/01/12 07:07:48 | 000,204,800 | ---- | C] ()
PSIService.exe -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | C] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 05:57:28 | 000,067,584 | --S- | C] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 05:47:37 | 000,377,984 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 05:35:32 | 000,005,632 | ---- | C] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 03:33:01 | 000,603,516 | ---- | C] ()
perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 03:33:01 | 000,287,440 | ---- | C] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 03:33:01 | 000,103,586 | ---- | C] ()
perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 03:33:01 | 000,030,674 | ---- | C] ()
dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 03:23:21 | 000,215,943 | ---- | C] ()
mib.bin -> C:\Windows\mib.bin -> [2006/11/02 01:58:30 | 000,043,131 | ---- | C] ()
NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 01:19:00 | 000,000,741 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 00:40:29 | 000,013,750 | ---- | C] ()
mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 00:25:31 | 000,673,088 | ---- | C] ()
secdrv.sys -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/01 23:37:21 | 000,011,376 | ---- | C] ()
cpuinf32.dll -> C:\Windows\System32\cpuinf32.dll -> [2006/06/23 10:09:34 | 000,019,968 | R--- | C] ()
EyeCand3.INI -> C:\Windows\EyeCand3.INI -> [2001/07/13 07:04:00 | 000,373,248 | ---- | C] ()
iyvu9_32.dll -> C:\Windows\System32\iyvu9_32.dll -> [1997/06/13 19:56:08 | 000,056,832 | ---- | C] ()
[File - Lop Check]
1morebee -> C:\Users\Hegemon\AppData\Roaming\1morebee -> [2010/03/11 23:53:59 | 000,000,000 | ---D | M]
acccore -> C:\Users\Hegemon\AppData\Roaming\acccore -> [2011/03/22 19:27:11 | 000,000,000 | ---D | M]
Anthropics -> C:\Users\Hegemon\AppData\Roaming\Anthropics -> [2010/06/09 21:59:02 | 000,000,000 | ---D | M]
EleFun Games -> C:\Users\Hegemon\AppData\Roaming\EleFun Games -> [2010/02/14 23:18:53 | 000,000,000 | ---D | M]
freshgames -> C:\Users\Hegemon\AppData\Roaming\freshgames -> [2010/06/18 09:16:33 | 000,000,000 | ---D | M]
Gaijin Ent -> C:\Users\Hegemon\AppData\Roaming\Gaijin Ent -> [2008/10/12 20:11:06 | 000,000,000 | ---D | M]
Gamelab -> C:\Users\Hegemon\AppData\Roaming\Gamelab -> [2010/04/29 16:26:42 | 000,000,000 | ---D | M]
GetRightToGo -> C:\Users\Hegemon\AppData\Roaming\GetRightToGo -> [2010/06/02 09:50:42 | 000,000,000 | ---D | M]
iolo -> C:\Users\Hegemon\AppData\Roaming\iolo -> [2009/11/07 21:24:03 | 000,000,000 | ---D | M]
Leadertech -> C:\Users\Hegemon\AppData\Roaming\Leadertech -> [2009/08/18 21:11:50 | 000,000,000 | ---D | M]
My Games -> C:\Users\Hegemon\AppData\Roaming\My Games -> [2010/12/28 14:19:38 | 000,000,000 | ---D | M]
ooVoo Details -> C:\Users\Hegemon\AppData\Roaming\ooVoo Details -> [2009/04/19 00:25:18 | 000,000,000 | ---D | M]
Opera -> C:\Users\Hegemon\AppData\Roaming\Opera -> [2008/01/06 18:54:24 | 000,000,000 | ---D | M]
PlayFirst -> C:\Users\Hegemon\AppData\Roaming\PlayFirst -> [2011/01/13 00:25:54 | 000,000,000 | ---D | M]
Pogo Games -> C:\Users\Hegemon\AppData\Roaming\Pogo Games -> [2010/12/12 22:37:07 | 000,000,000 | ---D | M]
Snapfish -> C:\Users\Hegemon\AppData\Roaming\Snapfish -> [2007/12/30 18:09:27 | 000,000,000 | ---D | M]
Template -> C:\Users\Hegemon\AppData\Roaming\Template -> [2009/05/11 11:06:13 | 000,000,000 | ---D | M]
WinBatch -> C:\Users\Hegemon\AppData\Roaming\WinBatch -> [2010/09/07 08:19:55 | 000,000,000 | ---D | M]
Ad-Aware Update (Weekly).job -> C:\Windows\Tasks\Ad-Aware Update (Weekly).job -> [2011/06/12 02:13:00 | 000,000,384 | ---- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/06/07 18:35:56 | 000,032,600 | ---- | M] ()
[File - Purity Scan]
[Custom Scans]
< MD5 Scans Start>
< %systemdrive%\SHELL32.DLL /md5 /s >
shell32.dll : MD5=028EF93B746FF370DFE35711A7569647 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22839_none_6c9b67c92b29b17c\shell32.dll -> [2011/01/21 08:04:53 | 011,587,584 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=048B65EC931A39A5F42016BE04775274 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18588_none_6bdab74c123589c2\shell32.dll -> [2011/01/21 08:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=0A8317FF6D77DA369C34F88693373A6C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16386_none_69f268e21510dceb\shell32.dll -> [2006/11/02 02:46:13 | 011,314,688 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=221565A0217045A61D179B438BC4AC8A -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22574_none_6e51988f2874f7b1\shell32.dll -> [2011/01/21 09:27:57 | 011,588,096 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=276AA16A23029F559BAB104011F97340 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.21081_none_6a76e5db2e332307\shell32.dll -> [2009/07/10 05:06:47 | 011,321,856 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=32C0C48A029F5EB94A609CE5F2D43BEB -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18063_none_6dd1c3ce0f502e03\shell32.dll -> [2009/07/10 04:47:42 | 011,584,512 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=33AE914C24F546AABF281BA7B138186D -> C:\Windows\System32\shell32.dll -> [2011/01/21 09:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=33AE914C24F546AABF281BA7B138186D -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18393_none_6db159bc0f68794b\shell32.dll -> [2011/01/21 09:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=33E9CE9110597F1A47BA18B96EAFA6FA -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18000_none_6c292ade11fbedbf\shell32.dll -> [2008/01/19 00:36:10 | 011,580,416 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=3D58E32AA9A5C7F408D97675C81C9AED -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_6ab8eba52e01644f\shell32.dll -> [2008/04/23 21:40:28 | 011,319,808 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=43466A7FF452883B68F52B963023949C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18005_none_6e14a3ea0f1db90b\shell32.dll -> [2009/04/10 23:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=4A21B11997C1F14D8707C8C501CA59A7 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5cc532b16d3dc\shell32.dll -> [2008/11/06 05:59:27 | 011,582,976 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=4F72C8F593AAB1B83FB5D62CBFBB51F9 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977d7d2e1a9bf2\shell32.dll -> [2008/11/06 05:59:14 | 011,320,832 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=5D62692EEB77E32F67A966F1BDEB551B -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32.dll -> [2008/11/06 06:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=61509AF47F663A6EA941492ED181D60C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\shell32.dll -> [2008/04/23 21:58:20 | 011,580,416 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=7BA541CD1EAFB4D38DBA594FCF611A62 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20628_none_6abee9952dfc020b\shell32.dll -> [2007/08/29 23:33:27 | 011,315,200 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=81A20AC0051ADA6F9FC58FA620BE4A78 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22467_none_6c78efd92b43de05\shell32.dll -> [2009/07/10 04:59:03 | 011,584,512 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=82A0A2AB2C637C11F28C1E37F76A284E -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_6c77e9dd2b44cd39\shell32.dll -> [2008/04/23 21:45:45 | 011,581,440 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=895F23DE1778E6AADE0DEEBCC2E6AC0A -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22454_none_6e6736812864c2a8\shell32.dll -> [2010/07/26 11:04:15 | 011,587,072 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=91640C342AD09936D0E4B7EBDDB12091 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18287_none_6dc028ea0f5cc58f\shell32.dll -> [2010/07/26 08:51:48 | 011,584,512 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=93FDB7E073B00D0BB7DF7182D882539F -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16883_none_69ef7182151382a9\shell32.dll -> [2009/07/10 05:17:37 | 011,316,224 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=AF54933386F459CEC04AC91C49423B25 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16513_none_6a3b1b4414dac79d\shell32.dll -> [2007/08/29 23:33:25 | 011,315,200 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=CDE0D181CF5E5DD7E7C032A15365799C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22735_none_6c9764bb2b2d4ef9\shell32.dll -> [2010/07/26 09:56:52 | 011,586,560 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=CF1D75E7B4A7CC6D2A21FE64C9E50A12 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3fd2150a82e8\shell32.dll -> [2008/11/06 05:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=DD2F953D9DCAAF080F724803A8121CE6 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18505_none_6c2e35ce11f75e35\shell32.dll -> [2010/07/26 09:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=E19E22CD00EA110B0CE2C13777CEF92C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22169_none_6e616255286865d7\shell32.dll -> [2009/07/10 04:49:50 | 011,584,512 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=EB85D49F3129EBED4993E800521715DD -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18287_none_6bd9b150123678f6\shell32.dll -> [2009/07/10 05:20:59 | 011,581,440 | ---- | M] (Microsoft Corporation)
shell32.dll : MD5=FF37AF2D5DCAFC00BC46AF07B53699B0 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll -> [2008/04/23 21:51:39 | 011,315,712 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SHELL32.DLL.MUI /md5 /s >
shell32.dll.mui : MD5=19814EB0E8E8A1143FF1D08E01850829 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.20951_en-us_58181938f4fa5227\shell32.dll.mui -> [2008/11/06 05:58:23 | 000,557,056 | ---- | M] (Microsoft Corporation)
shell32.dll.mui : MD5=1BD74525DEF8D3BF748EDF8B8B2221A8 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.21097_en-us_57f2b366f5158d37\shell32.dll.mui -> [2009/07/30 16:09:23 | 000,557,056 | ---- | M] (Microsoft Corporation)
shell32.dll.mui : MD5=3BAF89E33CF839720399AFDB7316C863 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5773049ddbf09320\shell32.dll.mui -> [2006/11/02 05:41:26 | 000,557,056 | ---- | M] (Microsoft Corporation)
shell32.dll.mui : MD5=CDA08164EACCDA67384FBA1CBEB08BE3 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.20822_en-us_58398760f4e11a84\shell32.dll.mui -> [2008/04/23 21:41:02 | 000,557,056 | ---- | M] (Microsoft Corporation)
shell32.dll.mui : Unable to obtain MD5 -> C:\Windows\System32\en-US\shell32.dll.mui -> [2008/01/19 00:28:56 | 000,561,152 | ---- | M] (Microsoft Corporation)
shell32.dll.mui : Unable to obtain MD5 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6001.18000_en-us_59a9c699d8dba3f4\shell32.dll.mui -> [2008/01/19 00:28:56 | 000,561,152 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
[Alternate Data Streams]
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F798BF2E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:42D29305
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C4671424
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9C6A9B00
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6371CFDB
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BF5EAC0C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:837546C7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8F16601E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DF0F61BB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2BAAE818
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D6C31E03
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:26FE5B17
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5AEA68EE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AD7C3EFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFB5119F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFD2D4A7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E23D0CEC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4FBF8BD
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B12FF3F2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9EE2AB9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:30759574
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C210B4D5
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:68FB0053
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:12CF331A
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:8F84BF39
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FB2DC8A5
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:3D857D30
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:25EFDD27
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:CBCF563D
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:261B2A7E
< End of report >