[code] OTS logfile created on: 9/16/2009 3:04:01 PM - Run 3 OTS by OldTimer - Version 3.0.12.1 Folder = C:\Users\Admin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18813) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 108.61 Gb Free Space | 36.43% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YU Current User Name: Admin Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] explorer.exe -> C:\Windows\Explorer.EXE -> [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) ots.exe -> C:\Users\Admin\Desktop\OTS.exe -> [2009/09/16 14:24:24 | 00,514,560 | ---- | M] (OldTimer Tools) [Win32 Services - Safe List] (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2009/03/29 21:42:10 | 00,031,048 | ---- | M] (Microsoft Corporation) (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Stopped] -> -> File not found (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/03/29 21:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> -> File not found (ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/19 00:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) (ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) (ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) (Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> C:\Windows\System32\wevtsvc.dll -> [2009/04/10 23:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/03/18 23:32:53 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2009/02/18 11:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2009/02/18 11:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) (LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -> [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Stopped] -> c:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) (Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2009/02/18 11:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) (nvsvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> C:\Windows\System32\nvvsvc.exe -> [2008/09/18 00:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) (odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) (ProtexisLicensing) ProtexisLicensing [Win32_Own | Disabled | Stopped] -> C:\Windows\System32\PSIService.exe -> [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> C:\Program Files\WinPcap\rpcapd.exe -> [2007/11/06 13:22:26 | 00,092,792 | ---- | M] (CACE Technologies) (Sony SCSI Helper Service) Sony SCSI Helper Service [Win32_Shared | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -> [2007/10/18 11:51:58 | 00,073,728 | ---- | M] (Sony Corporation) (stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> -> File not found (wfpservice) Windows Feedback Panel Background Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Microsoft Windows Feedback Panel\WFPService.EXE -> [2009/07/09 03:36:50 | 00,248,080 | ---- | M] (Microsoft Corporation) (WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/19 00:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) (WinVNC4) VNC Server Version 4 [Win32_Own | Auto | Stopped] -> C:\Program Files\RealVNC\VNC4\WinVNC4.exe -> [2008/06/12 11:48:16 | 02,159,992 | ---- | M] (RealVNC Ltd.) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) (XAudioService) XAudioService [Win32_Own | Auto | Stopped] -> C:\Windows\System32\DRIVERS\xaudio.exe -> [2006/11/28 09:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Driver Services - Safe List] (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 02:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) (adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 02:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) (adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 02:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) (aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 02:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) (arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 02:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) (arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 02:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) (CamDrL) Logitech QuickCam Pro 3000(CamDrl) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\Camdrl.sys -> [2007/02/03 10:25:56 | 01,075,360 | ---- | M] (Logitech Inc.) (cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 02:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\E1G60I32.sys -> [2006/11/02 00:30:54 | 00,117,760 | ---- | M] (Intel Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Stopped] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2007/09/21 01:00:00 | 00,395,312 | ---- | M] (Symantec Corporation) (elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 02:51:34 | 00,316,520 | ---- | M] (Emulex) (ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ENTECH.SYS -> [1999/10/21 09:12:52 | 00,020,400 | ---- | M] (EnTech Taiwan) (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 02:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) (HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\HSX_DP.sys -> [2006/12/07 08:03:32 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) (HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\HSXHWBS2.sys -> [2006/12/07 08:04:40 | 00,258,048 | ---- | M] (Conexant Systems, Inc.) (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) (iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2009/02/11 12:38:14 | 02,324,512 | ---- | M] (Realtek Semiconductor Corp.) (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) (L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\L8042Kbd.sys -> [2008/02/29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) (L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\L8042mou.Sys -> [2007/09/21 04:10:26 | 00,063,120 | ---- | M] (Logitech, Inc.) (LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\LHidFilt.Sys -> [2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) (LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\LMouFilt.Sys -> [2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) (LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\LMouKE.Sys -> [2007/09/21 04:10:54 | 00,078,992 | ---- | M] (Logitech, Inc.) (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 02:50:04 | 00,065,640 | ---- | M] (LSI Logic) (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 02:50:05 | 00,065,640 | ---- | M] (LSI Logic) (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 02:50:10 | 00,065,640 | ---- | M] (LSI Logic) (LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\LVUSBSta.sys -> [2007/02/03 10:32:36 | 00,041,504 | ---- | M] (Logitech Inc.) (mdmxsdk) mdmxsdk [Kernel | Auto | Stopped] -> C:\Windows\System32\DRIVERS\mdmxsdk.sys -> [2006/06/19 07:26:58 | 00,012,672 | ---- | M] (Conexant) (megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 02:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) (nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ccdcmb.sys -> [2008/05/02 11:58:12 | 00,017,536 | ---- | M] (Nokia) (nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ccdcmbo.sys -> [2008/05/02 11:58:14 | 00,020,864 | ---- | M] (Nokia) (NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\npf.sys -> [2007/11/06 13:22:06 | 00,034,064 | ---- | M] (CACE Technologies) (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\nvmfdx32.sys -> [2007/05/04 01:29:10 | 01,065,384 | ---- | M] (NVIDIA Corporation) (nvlddmkm) nvlddmkm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\nvlddmkm.sys -> [2008/09/18 00:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) (nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 02:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) (nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) (nvstor32) nvstor32 [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\nvstor32.sys -> [2007/10/26 19:51:24 | 00,110,624 | ---- | M] (NVIDIA Corporation) (PRSUSB) Sony Reader [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\PRSUSB.sys -> [2006/11/21 17:52:50 | 00,018,944 | ---- | M] (Sony Corporation) (Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\PS2.sys -> [2005/12/12 09:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 02:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) (secdrv) Security Driver [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 02:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 02:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) (sptd) sptd [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\sptd.sys -> [2008/07/09 16:33:27 | 00,717,296 | ---- | M] () (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) (uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 02:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) (UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 02:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) (upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -> [2008/05/02 11:58:14 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbaudio.sys -> [2009/04/10 21:42:54 | 00,073,216 | ---- | M] (Microsoft Corporation) (usbser) Nokia USB Serial Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\usbser.sys -> [2009/04/10 21:42:54 | 00,027,648 | ---- | M] (Microsoft Corporation) (UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys -> [2008/05/02 11:58:28 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) (viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 02:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) (vncmirror) vncmirror [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\vncmirror.sys -> [2008/06/12 09:46:40 | 00,004,608 | ---- | M] (RealVNC Ltd.) (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 02:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) (winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\HSX_CNXT.sys -> [2006/12/07 08:04:26 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) (XAudio) XAudio [Kernel | Auto | Stopped] -> C:\Windows\System32\DRIVERS\xaudio.sys -> [2006/11/28 09:44:52 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/07/30 18:06:18 | 00,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/09/11 23:45:53 | 00,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/09/11 23:45:53 | 00,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Admin\AppData\Roaming\mozilla\Extensions -> [2009/07/25 01:06:40 | 00,008,852 | ---- | M] () -> C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/07/25 01:06:40 | 00,008,852 | ---- | M] () -> C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\3wkdkp4t.default\extensions -> [2009/09/16 00:03:19 | 00,104,017 | ---- | M] () -> C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\3wkdkp4t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/16 00:03:19 | 00,104,017 | ---- | M] () -> C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\3wkdkp4t.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} -> [2009/09/16 00:03:19 | 00,104,017 | ---- | M] () -> C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\3wkdkp4t.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/09/16 00:03:19 | 00,104,017 | ---- | M] () -> C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\3wkdkp4t.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} -> [2009/09/16 00:03:19 | 00,104,017 | ---- | M] () -> C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\3wkdkp4t.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} -> [2009/09/16 00:03:19 | 00,104,017 | ---- | M] () -> C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\3wkdkp4t.default\extensions\netvideohunter@netvideohunter.com -> [2009/09/16 00:03:19 | 00,104,017 | ---- | M] () < FireFox SearchPlugins [User Folders] > -> C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\3wkdkp4t.default\searchplugins\ -> C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\3wkdkp4t.default\searchplugins -> [2009/04/27 19:44:25 | 00,000,000 | ---D | M] wikipedia-en.xml -> C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\3wkdkp4t.default\searchplugins\wikipedia-en.xml -> [2008/06/23 08:38:10 | 00,001,108 | ---- | M] () yahoo-answers.xml -> C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\3wkdkp4t.default\searchplugins\yahoo-answers.xml -> [2007/09/21 15:50:12 | 00,001,437 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/09/11 23:45:53 | 10,776,568 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/09/11 23:45:53 | 10,776,568 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> [2009/09/11 23:45:53 | 10,776,568 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -> [2009/09/11 23:45:53 | 10,776,568 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2009/09/11 23:45:53 | 10,776,568 | ---- | M] (Mozilla Foundation) < FireFox Components [Program Folders] > -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/09/11 23:45:53 | 00,000,000 | ---D | M] browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/09/11 23:45:52 | 00,023,544 | ---- | M] (Mozilla Foundation) brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/09/11 23:45:52 | 00,137,208 | ---- | M] (Mozilla Foundation) < FireFox Plugins [Program Folders] > -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/09/11 23:45:53 | 00,000,000 | ---D | M] np-mswmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/09/11 23:45:52 | 00,065,016 | ---- | M] (mozilla.org) NPOFF12.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) nppl3260.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppl3260.dll -> [2008/07/29 20:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2007/12/23 00:53:17 | 00,131,072 | ---- | M] (Apple Inc.) npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2007/12/23 00:53:17 | 00,131,072 | ---- | M] (Apple Inc.) npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2007/12/23 00:53:17 | 00,131,072 | ---- | M] (Apple Inc.) npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2007/12/23 00:53:17 | 00,131,072 | ---- | M] (Apple Inc.) npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2007/12/23 00:53:17 | 00,131,072 | ---- | M] (Apple Inc.) npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2007/12/23 00:53:18 | 00,131,072 | ---- | M] (Apple Inc.) npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2007/12/23 00:53:18 | 00,131,072 | ---- | M] (Apple Inc.) nprpjplug.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nprpjplug.dll -> [2008/07/29 20:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2007/12/23 00:53:17 | 00,004,208 | ---- | M] () WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007/03/30 11:43:58 | 00,149,569 | ---- | M] () WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007/03/30 11:43:58 | 00,003,352 | ---- | M] () < FireFox SearchPlugins [Program Folders] > -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/07/01 00:51:00 | 00,000,000 | ---D | M] amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/07/01 00:50:49 | 00,001,394 | ---- | M] () answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/07/01 00:50:49 | 00,002,193 | ---- | M] () creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/07/01 00:50:49 | 00,001,534 | ---- | M] () eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/07/01 00:50:49 | 00,002,344 | ---- | M] () google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/07/01 00:50:49 | 00,002,371 | ---- | M] () wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/07/01 00:50:49 | 00,001,178 | ---- | M] () yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/07/01 00:50:49 | 00,000,792 | ---- | M] () < HOSTS File > (27 bytes and 1 lines) -> C:\Windows\System32\drivers\etc\Hosts -> Reset Hosts 127.0.0.1 localhost < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "GrooveMonitor" -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) "Kernel and Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2008/02/29 03:12:38 | 00,076,304 | ---- | M] (Logitech, Inc.) "Logitech Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2008/02/29 03:12:38 | 00,076,304 | ---- | M] (Logitech, Inc.) "NvCplDaemon" -> C:\Windows\System32\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008/09/18 00:55:00 | 13,580,832 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" -> C:\Windows\System32\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/09/18 00:55:00 | 00,092,704 | ---- | M] (NVIDIA Corporation) "RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2007/10/25 05:52:08 | 04,702,208 | ---- | M] (Realtek Semiconductor) < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "" -> [] -> File not found "GrpConv" -> C:\Windows\System32\grpconv.exe [grpconv -o] -> [2006/11/02 02:45:12 | 00,016,896 | ---- | M] (Microsoft Corporation) "Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> [2009/09/10 14:54:00 | 00,420,176 | ---- | M] (Malwarebytes Corporation) < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main \Main\\"DisableFirstRunCustomize" -> [1] -> File not found < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found \\"NoLogoff" -> [0] -> File not found \\"NoRecentDocsMenu" -> [0] -> File not found \\"NoSetTaskBar" -> [0] -> File not found \\"NoSMHelp" -> [0] -> File not found \\"BindDirectlyToPropertySetStorage" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [2] -> File not found \\"ConsentPromptBehaviorUser" -> [1] -> File not found \\"EnableInstallerDetection" -> [1] -> File not found \\"EnableLUA" -> [0] -> File not found \\"EnableSecureUIAPaths" -> [1] -> File not found \\"EnableVirtualization" -> [1] -> File not found \\"PromptOnSecureDesktop" -> [1] -> File not found \\"ValidateAdminCodeSignatures" -> [0] -> File not found \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"scforceoption" -> [0] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"FilterAdministratorToken" -> [0] -> File not found \\"EnableUIADesktopToggle" -> [0] -> File not found \\"DisableLockWorkstation" -> [0] -> File not found \\"DisableRegistryTools" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats \UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoCloseDragDropBands" -> [0] -> File not found \\"NoDrives" -> [0] -> File not found \\"NoLogoff" -> [0] -> File not found \\"NoNetConnectDisconnect" -> [0] -> File not found \\"NoRecentDocsMenu" -> [0] -> File not found \\"NoSetTaskBar" -> [0] -> File not found \\"NoSMHelp" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &D&ownload &with BitComet -> C:\Program Files\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm] -> [2007/12/07 08:03:26 | 01,913,656 | ---- | M] (www.BitComet.com) &D&ownload all video with BitComet -> C:\Program Files\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm] -> [2007/12/07 08:03:26 | 01,913,656 | ---- | M] (www.BitComet.com) &D&ownload all with BitComet -> C:\Program Files\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm] -> [2007/12/07 08:03:26 | 01,913,656 | ---- | M] (www.BitComet.com) E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation) {4E660F19-E91E-41e1-88EF-D1DFAB118F67}:{42981F9D-0C9E-4131-BFC7-8FFE874C6AAC} [HKLM] -> C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll [Menu: Mouse Gestures...] -> [2006/12/06 12:58:02 | 00,376,832 | ---- | M] (Drowse) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation) {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}:res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 [HKLM] -> C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll [Button: BitComet] -> [2007/12/04 20:40:02 | 00,464,184 | ---- | M] (BitComet) < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab [Office Genuine Advantage Validation Tool] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} [HKLM] -> https://www.mesh.com/0.9.4014.7/TSWeb.cab [WLCTSCControl Class] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 68.105.28.12 68.105.29.12 68.105.28.11 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {F95E41A3-A70A-4DE8-8DB5-5117AF64D94B}\\DhcpNameServer -> 68.105.28.12 68.105.29.12 68.105.28.11 (NVIDIA nForce Networking Controller) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\Windows\System32\WfpRescover\wfprescover.dll -> C:\Windows\System32\WfpRescover\wfprescover.dll -> [2009/07/09 03:36:50 | 00,134,792 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/06/08 08:31:02 | 00,000,074 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Registry - Additional Scans - Safe List] < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> "%1" %* -> .chm [@ = chm.file] -> C:\Windows\hh.exe -> [2006/11/02 02:45:13 | 00,014,848 | ---- | M] (Microsoft Corporation) .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> .hlp [@ = hlpfile] -> C:\Windows\winhlp32.exe -> [2006/11/02 02:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation) .html [@ = htmlfile] -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/07/21 14:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) .pif [@ = piffile] -> "%1" %* -> .scr [@ = scrfile] -> "%1" /S -> < File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\\ -> .html [@ = FirefoxHTML] -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/09/11 23:45:52 | 00,908,280 | ---- | M] (Mozilla Corporation) < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> File not found chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> [2006/11/02 02:45:13 | 00,014,848 | ---- | M] (Microsoft Corporation) cmdfile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> File not found exefile [open] -> "%1" %* -> File not found helpfile [open] -> Reg Error: Key error. hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 02:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation) htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 10:50:30 | 00,068,472 | ---- | M] (Microsoft Corporation) htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/07/21 14:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/07/21 14:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/07/21 14:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) https [open] -> "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> [2009/09/11 23:45:52 | 00,908,280 | ---- | M] (Mozilla Corporation) piffile [open] -> "%1" %* -> File not found regfile [merge] -> Reg Error: Key error. scrfile [config] -> "%1" -> File not found scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/01/19 00:32:56 | 00,368,640 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> File not found txtfile [edit] -> Reg Error: Key error. Directory [AddToPlaylistVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2009/07/26 14:17:46 | 00,135,416 | ---- | M] () Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/19 00:33:04 | 00,318,976 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) Directory [OneNote.Open] -> C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" -> [2008/11/24 22:16:44 | 01,020,776 | ---- | M] (Microsoft Corporation) Directory [PlayWithVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2009/07/26 14:17:46 | 00,135,416 | ---- | M] () Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 -> [2009/07/21 14:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" -> [2009/07/21 14:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 9/10/2009 3:52:15 PM Computer Name = Yu | Source = WinVNC4 | ID = 1 -> Description = CleanDesktop: failed to get/set Active Desktop options: -2147467263 Application [ Error ] 9/10/2009 3:54:58 PM Computer Name = Yu | Source = WinVNC4 | ID = 1 -> Description = CleanDesktop: failed to get/set Active Desktop options: -2147467263 Application [ Error ] 9/10/2009 3:56:04 PM Computer Name = Yu | Source = WinVNC4 | ID = 1 -> Description = CleanDesktop: failed to get/set Active Desktop options: -2147467263 Application [ Error ] 9/10/2009 7:59:29 PM Computer Name = Yu | Source = Application Error | ID = 1000 -> Description = Faulting application spoolsv.exe, version 6.0.6002.18005, time stamp 0x49e02592, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000374, fault offset 0x000afaf8, process id 0x698, application start time 0x01ca31c2245474fb. Application [ Error ] 9/11/2009 3:22:00 PM Computer Name = Yu | Source = WinVNC4 | ID = 1 -> Description = CleanDesktop: failed to get/set Active Desktop options: -2147467263 Application [ Error ] 9/14/2009 3:03:44 PM Computer Name = Yu | Source = WinVNC4 | ID = 1 -> Description = SDisplay: update fetch failed: The operation completed successfully. (0) Application [ Error ] 9/14/2009 3:03:44 PM Computer Name = Yu | Source = WinVNC4 | ID = 1 -> Description = SDisplayCoreDriver: ChangeDisplaySettingsEx failed Application [ Error ] 9/14/2009 3:03:50 PM Computer Name = Yu | Source = WinVNC4 | ID = 1 -> Description = CleanDesktop: failed to get/set Active Desktop options: -2147467263 Application [ Error ] 9/14/2009 6:02:47 PM Computer Name = Yu | Source = WinVNC4 | ID = 1 -> Description = CleanDesktop: failed to get/set Active Desktop options: -2147467263 Application [ Error ] 9/14/2009 6:07:48 PM Computer Name = Yu | Source = WinVNC4 | ID = 1 -> Description = CleanDesktop: failed to get/set Active Desktop options: -2147467263 OSession [ Error ] 11/1/2007 11:25:51 PM Computer Name = Yu | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 254 seconds with 240 seconds of active time. This session ended with a crash. OSession [ Error ] 2/6/2009 2:26:28 PM Computer Name = Yu | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 86352 seconds with 180 seconds of active time. This session ended with a crash. System [ Error ] 9/16/2009 6:04:25 PM Computer Name = Yu | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 9/16/2009 6:04:25 PM Computer Name = Yu | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 9/16/2009 6:04:25 PM Computer Name = Yu | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 9/16/2009 6:04:25 PM Computer Name = Yu | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 9/16/2009 6:04:25 PM Computer Name = Yu | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 9/16/2009 6:04:25 PM Computer Name = Yu | Source = Service Control Manager | ID = 7026 -> Description = System [ Error ] 9/16/2009 6:04:25 PM Computer Name = Yu | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 9/16/2009 6:04:25 PM Computer Name = Yu | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 9/16/2009 6:04:25 PM Computer Name = Yu | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 9/16/2009 6:04:25 PM Computer Name = Yu | Source = Service Control Manager | ID = 7001 -> Description = [Files/Folders - Created Within 30 Days] temp -> C:\Windows\temp -> [2009/09/16 14:58:57 | 00,000,000 | ---D | C] temp -> C:\Users\Admin\AppData\Local\temp -> [2009/09/16 14:58:57 | 00,000,000 | ---D | C] $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2009/09/16 14:37:54 | 00,000,000 | -HSD | C] CF-Submit.htm -> C:\CF-Submit.htm -> [2009/09/16 14:29:33 | 00,001,224 | ---- | C] () OTS.exe -> C:\Users\Admin\Desktop\OTS.exe -> [2009/09/16 14:25:22 | 00,514,560 | ---- | C] (OldTimer Tools) Combo-Fix.exe -> C:\Users\Admin\Desktop\Combo-Fix.exe -> [2009/09/16 14:25:03 | 03,315,456 | R--- | C] () OTL.exe -> C:\Users\Admin\Desktop\OTL.exe -> [2009/09/16 14:10:18 | 00,514,560 | ---- | C] (OldTimer Tools) PEV.exe -> C:\Windows\PEV.exe -> [2009/09/16 13:52:56 | 00,229,888 | ---- | C] () SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2009/09/16 13:52:56 | 00,212,480 | ---- | C] (SteelWerX) SWREG.exe -> C:\Windows\SWREG.exe -> [2009/09/16 13:52:56 | 00,161,792 | ---- | C] (SteelWerX) SWSC.exe -> C:\Windows\SWSC.exe -> [2009/09/16 13:52:56 | 00,136,704 | ---- | C] (SteelWerX) sed.exe -> C:\Windows\sed.exe -> [2009/09/16 13:52:56 | 00,098,816 | ---- | C] () grep.exe -> C:\Windows\grep.exe -> [2009/09/16 13:52:56 | 00,080,412 | ---- | C] () zip.exe -> C:\Windows\zip.exe -> [2009/09/16 13:52:56 | 00,068,096 | ---- | C] () NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2009/09/16 13:52:56 | 00,031,232 | ---- | C] (NirSoft) ERDNT -> C:\Windows\ERDNT -> [2009/09/16 13:52:55 | 00,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2009/09/16 13:52:31 | 00,000,000 | ---D | C] zip.exe -> C:\zip.exe -> [2009/09/16 13:46:17 | 00,135,168 | ---- | C] () cleanup.bat -> C:\cleanup.bat -> [2009/09/16 13:46:17 | 00,000,574 | ---- | C] () avenger.exe -> C:\Users\Admin\Desktop\avenger.exe -> [2009/09/16 13:43:13 | 00,731,136 | ---- | C] () avenger.zip -> C:\Users\Admin\Desktop\avenger.zip -> [2009/09/16 13:41:47 | 00,724,952 | ---- | C] () Win32kDiag.exe -> C:\Users\Admin\Desktop\Win32kDiag.exe -> [2009/09/16 13:37:59 | 00,047,616 | ---- | C] () AV -> C:\Users\Admin\Desktop\AV -> [2009/09/16 12:38:01 | 00,000,000 | ---D | C] ERUNT.lnk -> C:\Users\Admin\Desktop\ERUNT.lnk -> [2009/09/16 12:37:17 | 00,000,716 | ---- | C] () ERUNT -> C:\Program Files\ERUNT -> [2009/09/16 12:37:17 | 00,000,000 | ---D | C] Spybot2 -> C:\Program Files\Spybot2 -> [2009/09/16 11:56:49 | 00,000,000 | ---D | C] Spybot -> C:\Program Files\Spybot -> [2009/09/16 11:31:02 | 00,000,000 | ---D | C] Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2009/09/16 11:31:02 | 00,000,000 | ---D | C] Includes -> C:\Program Files\Includes -> [2009/09/16 11:30:24 | 00,000,000 | ---D | C] pss -> C:\Windows\pss -> [2009/09/16 11:08:07 | 00,000,000 | ---D | C] MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/09/16 11:00:15 | 46,798,1077 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/09/16 01:59:44 | 00,000,820 | ---- | C] () mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/09/16 01:59:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/09/16 01:59:40 | 00,019,160 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/09/16 01:59:40 | 00,000,000 | ---D | C] Rising Zinc Death.pdf -> C:\Users\Admin\Desktop\Rising Zinc Death.pdf -> [2009/09/16 00:35:50 | 00,432,239 | ---- | C] () Taylor Swift - 5 Music Videos - Collection -> C:\Users\Admin\Desktop\Taylor Swift - 5 Music Videos - Collection -> [2009/09/15 20:58:34 | 00,000,000 | ---D | C] Taylor Swift - MTV VMA 2009 Videos - 1080i -> C:\Users\Admin\Desktop\Taylor Swift - MTV VMA 2009 Videos - 1080i -> [2009/09/15 11:36:28 | 00,000,000 | ---D | C] Taylor Swift HD Wallpapers [1920 x 1200] -> C:\Users\Admin\Desktop\Taylor Swift HD Wallpapers [1920 x 1200] -> [2009/09/15 11:35:56 | 00,000,000 | ---D | C] Taylor Swift - Fearless -> C:\Users\Admin\Desktop\Taylor Swift - Fearless -> [2009/09/15 11:35:01 | 00,000,000 | ---D | C] Config.Msi -> C:\Config.Msi -> [2009/09/15 01:12:48 | 00,000,000 | ---D | C] 02-Plain White Ts - Hey There Delilah.mp3 -> C:\Users\Admin\Desktop\02-Plain White Ts - Hey There Delilah.mp3 -> [2009/09/08 21:09:52 | 04,565,136 | ---- | C] () Chinese -> C:\Users\Admin\Desktop\Chinese -> [2009/09/08 14:03:17 | 00,000,000 | ---D | C] [hits 2007][320k]-plain_white_ts-hey_there_ delilah -> C:\Users\Admin\Desktop\[hits 2007][320k]-plain_white_ts-hey_there_ delilah -> [2009/09/08 12:32:05 | 00,000,000 | ---D | C] Plain White Ts - Every Second Counts [2007][CD+SkidVid+Cov] -> C:\Users\Admin\Desktop\Plain White Ts - Every Second Counts [2007][CD+SkidVid+Cov] -> [2009/09/08 12:30:19 | 00,000,000 | ---D | C] Plain White Ts - Big Bad World -> C:\Users\Admin\Desktop\Plain White Ts - Big Bad World -> [2009/09/03 23:02:44 | 00,000,000 | ---D | C] My Digital Editions -> C:\Users\Admin\Documents\My Digital Editions -> [2009/09/03 02:29:28 | 00,000,000 | ---D | C] tzres.dll -> C:\Windows\System32\tzres.dll -> [2009/08/29 20:52:34 | 00,002,048 | ---- | C] (Microsoft Corporation) atl.dll -> C:\Windows\System32\atl.dll -> [2009/08/29 20:50:57 | 00,071,680 | ---- | C] (Microsoft Corporation) avifil32.dll -> C:\Windows\System32\avifil32.dll -> [2009/08/29 20:50:56 | 00,091,136 | ---- | C] (Microsoft Corporation) kerberos.dll -> C:\Windows\System32\kerberos.dll -> [2009/08/29 20:50:55 | 00,499,712 | ---- | C] (Microsoft Corporation) schannel.dll -> C:\Windows\System32\schannel.dll -> [2009/08/29 20:50:55 | 00,270,848 | ---- | C] (Microsoft Corporation) msv1_0.dll -> C:\Windows\System32\msv1_0.dll -> [2009/08/29 20:50:55 | 00,218,624 | ---- | C] (Microsoft Corporation) wdigest.dll -> C:\Windows\System32\wdigest.dll -> [2009/08/29 20:50:55 | 00,175,104 | ---- | C] (Microsoft Corporation) lsasrv.dll -> C:\Windows\System32\lsasrv.dll -> [2009/08/29 20:50:54 | 01,259,008 | ---- | C] (Microsoft Corporation) ksecdd.sys -> C:\Windows\System32\drivers\ksecdd.sys -> [2009/08/29 20:50:54 | 00,439,864 | ---- | C] (Microsoft Corporation) secur32.dll -> C:\Windows\System32\secur32.dll -> [2009/08/29 20:50:54 | 00,072,704 | ---- | C] (Microsoft Corporation) lsass.exe -> C:\Windows\System32\lsass.exe -> [2009/08/29 20:50:54 | 00,009,728 | ---- | C] (Microsoft Corporation) mstscax.dll -> C:\Windows\System32\mstscax.dll -> [2009/08/29 20:50:53 | 02,066,432 | ---- | C] (Microsoft Corporation) wkssvc.dll -> C:\Windows\System32\wkssvc.dll -> [2009/08/29 20:50:51 | 00,160,256 | ---- | C] (Microsoft Corporation) wmp.dll -> C:\Windows\System32\wmp.dll -> [2009/08/29 20:50:48 | 10,628,096 | ---- | C] (Microsoft Corporation) wmpdxm.dll -> C:\Windows\System32\wmpdxm.dll -> [2009/08/29 20:50:47 | 00,313,344 | ---- | C] (Microsoft Corporation) wmploc.DLL -> C:\Windows\System32\wmploc.DLL -> [2009/08/29 20:50:46 | 08,147,456 | ---- | C] (Microsoft Corporation) msdxm.tlb -> C:\Windows\System32\msdxm.tlb -> [2009/08/29 20:50:46 | 00,043,520 | ---- | C] (Microsoft Corporation) amcompat.tlb -> C:\Windows\System32\amcompat.tlb -> [2009/08/29 20:50:46 | 00,018,432 | ---- | C] (Microsoft Corporation) spwmp.dll -> C:\Windows\System32\spwmp.dll -> [2009/08/29 20:50:46 | 00,007,680 | ---- | C] (Microsoft Corporation) msdxm.ocx -> C:\Windows\System32\msdxm.ocx -> [2009/08/29 20:50:46 | 00,004,096 | ---- | C] (Microsoft Corporation) dxmasf.dll -> C:\Windows\System32\dxmasf.dll -> [2009/08/29 20:50:46 | 00,004,096 | ---- | C] (Microsoft Corporation) Heroes of Newerth -> C:\Users\Admin\Documents\Heroes of Newerth -> [2009/08/24 19:46:32 | 00,000,000 | ---D | C] Heroes of Newerth -> C:\Program Files\Heroes of Newerth -> [2009/08/24 19:46:22 | 00,000,000 | ---D | C] EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/07/30 18:33:36 | 00,117,248 | ---- | C] () KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2009/04/14 01:09:48 | 00,000,848 | -HS- | C] () garena.ini -> C:\Windows\System32\garena.ini -> [2008/09/24 15:24:27 | 00,000,200 | ---- | C] () check.ini -> C:\Windows\System32\check.ini -> [2008/09/24 15:24:27 | 00,000,141 | ---- | C] () ibfs32.dll -> C:\Windows\System32\ibfs32.dll -> [2008/07/09 17:49:25 | 00,008,704 | ---- | C] () Irremote.ini -> C:\Windows\Irremote.ini -> [2008/03/20 21:40:19 | 00,004,767 | ---- | C] () Wininit.ini -> C:\Windows\Wininit.ini -> [2008/02/18 22:56:23 | 00,000,022 | ---- | C] () OGACheckControl.DLL -> C:\Windows\System32\OGACheckControl.DLL -> [2008/02/04 18:23:10 | 00,693,792 | ---- | C] () NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2008/01/10 01:53:11 | 00,000,069 | ---- | C] () j33mzym.dll -> C:\Windows\System32\j33mzym.dll -> [2008/01/01 18:36:24 | 00,002,048 | ---- | C] () grcauth2.dll -> C:\Windows\System32\grcauth2.dll -> [2008/01/01 18:36:24 | 00,001,025 | ---- | C] () grcauth1.dll -> C:\Windows\System32\grcauth1.dll -> [2008/01/01 18:36:24 | 00,001,025 | ---- | C] () clauth2.dll -> C:\Windows\System32\clauth2.dll -> [2008/01/01 18:36:24 | 00,001,025 | ---- | C] () clauth1.dll -> C:\Windows\System32\clauth1.dll -> [2008/01/01 18:36:24 | 00,001,025 | ---- | C] () zm9oihv.dll -> C:\Windows\System32\zm9oihv.dll -> [2008/01/01 18:36:24 | 00,000,204 | ---- | C] () prsgrc.dll -> C:\Windows\System32\prsgrc.dll -> [2008/01/01 18:36:24 | 00,000,100 | ---- | C] () ssprs.dll -> C:\Windows\System32\ssprs.dll -> [2008/01/01 18:36:24 | 00,000,072 | ---- | C] () qmtn7ft.dll -> C:\Windows\System32\qmtn7ft.dll -> [2008/01/01 18:36:24 | 00,000,016 | -H-- | C] () jm1ixs2.dll -> C:\Windows\System32\jm1ixs2.dll -> [2008/01/01 18:36:24 | 00,000,016 | -H-- | C] () BASSMOD.dll -> C:\Windows\System32\BASSMOD.dll -> [2007/12/17 19:04:46 | 00,069,632 | ---- | C] () pthreadVC.dll -> C:\Windows\System32\pthreadVC.dll -> [2007/11/06 13:19:28 | 00,053,299 | ---- | C] () sptd.sys -> C:\Windows\System32\drivers\sptd.sys -> [2007/09/22 20:46:32 | 00,717,296 | ---- | C] () PciBus.sys -> C:\Windows\System32\drivers\PciBus.sys -> [2007/09/20 01:07:40 | 00,003,972 | ---- | C] () vshp1018.dll -> C:\Windows\System32\vshp1018.dll -> [2007/09/17 23:00:05 | 00,106,496 | R--- | C] () AgCPanelTraditionalChinese.dll -> C:\Windows\System32\AgCPanelTraditionalChinese.dll -> [2007/07/23 09:03:32 | 00,053,248 | ---- | C] () AgCPanelSwedish.dll -> C:\Windows\System32\AgCPanelSwedish.dll -> [2007/07/23 09:03:32 | 00,053,248 | ---- | C] () AgCPanelSpanish.dll -> C:\Windows\System32\AgCPanelSpanish.dll -> [2007/07/23 09:03:32 | 00,053,248 | ---- | C] () AgCPanelSimplifiedChinese.dll -> C:\Windows\System32\AgCPanelSimplifiedChinese.dll -> [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () AgCPanelPortugese.dll -> C:\Windows\System32\AgCPanelPortugese.dll -> [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () AgCPanelKorean.dll -> C:\Windows\System32\AgCPanelKorean.dll -> [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () AgCPanelJapanese.dll -> C:\Windows\System32\AgCPanelJapanese.dll -> [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () AgCPanelGerman.dll -> C:\Windows\System32\AgCPanelGerman.dll -> [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () AgCPanelFrench.dll -> C:\Windows\System32\AgCPanelFrench.dll -> [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () pywintypes24.dll -> C:\Windows\System32\pywintypes24.dll -> [2007/06/08 08:11:58 | 00,102,400 | ---- | C] () pythoncom24.dll -> C:\Windows\System32\pythoncom24.dll -> [2007/06/08 08:11:57 | 00,327,680 | ---- | C] () lvcoinst.ini -> C:\Windows\System32\lvcoinst.ini -> [2007/02/03 08:59:04 | 00,050,127 | ---- | C] () sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 05:35:32 | 00,005,632 | ---- | C] () system.ini -> C:\Windows\system.ini -> [2006/11/02 03:23:31 | 00,000,215 | ---- | C] () win.ini -> C:\Windows\win.ini -> [2006/11/02 03:23:31 | 00,000,144 | ---- | C] () pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 00:40:29 | 00,013,750 | ---- | C] () giveio.sys -> C:\Windows\System32\giveio.sys -> [1996/04/03 12:33:26 | 00,005,248 | ---- | C] () [Files/Folders - Modified Within 30 Days] bootstat.dat -> C:\Windows\bootstat.dat -> [2009/09/16 15:02:53 | 00,067,584 | --S- | M] () NTUSER.DAT -> C:\Users\Admin\NTUSER.DAT -> [2009/09/16 15:01:55 | 05,505,024 | -HS- | M] () NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> [2009/09/16 15:01:55 | 00,524,288 | -HS- | M] () NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> [2009/09/16 15:01:55 | 00,065,536 | -HS- | M] () system.ini -> C:\Windows\system.ini -> [2009/09/16 14:36:39 | 00,000,215 | ---- | M] () PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/09/16 14:34:28 | 00,747,142 | ---- | M] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/09/16 14:34:28 | 00,633,102 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/09/16 14:34:28 | 00,116,660 | ---- | M] () CF-Submit.htm -> C:\CF-Submit.htm -> [2009/09/16 14:29:33 | 00,001,224 | ---- | M] () OTS.exe -> C:\Users\Admin\Desktop\OTS.exe -> [2009/09/16 14:24:24 | 00,514,560 | ---- | M] (OldTimer Tools) hosts -> C:\Windows\System32\drivers\etc\hosts -> [2009/09/16 14:02:14 | 00,000,027 | ---- | M] () hukudube -> C:\Windows\System32\hukudube -> [2009/09/16 13:55:26 | 00,001,744 | -H-- | M] () zip.exe -> C:\zip.exe -> [2009/09/16 13:46:17 | 00,135,168 | ---- | M] () cleanup.bat -> C:\cleanup.bat -> [2009/09/16 13:46:17 | 00,000,574 | ---- | M] () avenger.zip -> C:\Users\Admin\Desktop\avenger.zip -> [2009/09/16 13:39:50 | 00,724,952 | ---- | M] () ERUNT.lnk -> C:\Users\Admin\Desktop\ERUNT.lnk -> [2009/09/16 12:37:17 | 00,000,716 | ---- | M] () OTL.exe -> C:\Users\Admin\Desktop\OTL.exe -> [2009/09/16 12:32:40 | 00,514,560 | ---- | M] (OldTimer Tools) Combo-Fix.exe -> C:\Users\Admin\Desktop\Combo-Fix.exe -> [2009/09/16 12:10:18 | 03,315,456 | R--- | M] () Win32kDiag.exe -> C:\Users\Admin\Desktop\Win32kDiag.exe -> [2009/09/16 12:07:34 | 00,047,616 | ---- | M] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/09/16 11:00:15 | 46,798,1077 | ---- | M] () d3d9caps.dat -> C:\Users\Admin\AppData\Local\d3d9caps.dat -> [2009/09/16 04:38:23 | 00,001,356 | ---- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/09/16 02:12:58 | 00,000,006 | -H-- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/09/16 02:01:47 | 00,000,820 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/09/16 01:46:26 | 00,086,528 | ---- | M] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2009/09/16 01:41:42 | 01,687,256 | ---- | M] () Rising Zinc Death.pdf -> C:\Users\Admin\Desktop\Rising Zinc Death.pdf -> [2009/09/16 00:35:53 | 00,432,239 | ---- | M] () PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/09/16 00:14:23 | 00,226,632 | ---- | M] () PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/09/16 00:14:23 | 00,014,628 | ---- | M] () PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/09/16 00:14:23 | 00,008,760 | ---- | M] () PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/09/16 00:14:23 | 00,001,932 | ---- | M] () PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/09/16 00:14:23 | 00,000,000 | ---- | M] () PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/09/16 00:14:23 | 00,000,000 | ---- | M] () GDIPFONTCACHEV1.DAT -> C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/09/15 11:46:16 | 00,094,936 | ---- | M] () PEV.exe -> C:\Windows\PEV.exe -> [2009/09/14 02:12:36 | 00,229,888 | ---- | M] () qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [2009/09/12 13:45:15 | 04,194,304 | ---- | M] () qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [2009/09/12 13:45:14 | 04,194,304 | ---- | M] () mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) Application for Employment.doc -> C:\Users\Admin\Documents\Application for Employment.doc -> [2009/09/09 19:53:12 | 00,058,880 | ---- | M] () Irremote.ini -> C:\Windows\Irremote.ini -> [2009/09/08 13:30:11 | 00,004,767 | ---- | M] () QTFont.qfn -> C:\Windows\QTFont.qfn -> [2009/09/03 10:42:29 | 00,054,156 | -H-- | M] () Guest.dat -> C:\ProgramData\Microsoft\User Account Pictures\Guest.dat -> [2008/06/15 04:41:09 | 00,000,000 | ---- | M] () hhcolreg.dat -> C:\ProgramData\Microsoft\HTML Help\hhcolreg.dat -> [2007/12/17 03:43:35 | 00,000,184 | ---- | M] () opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [2007/09/22 20:57:51 | 00,008,206 | ---- | M] () Admin.dat -> C:\ProgramData\Microsoft\User Account Pictures\Admin.dat -> [2007/09/11 11:58:26 | 00,000,000 | ---- | M] () [File - Lop Check] Roaming -> C:\Users\Admin\AppData\Roaming -> [2009/09/15 01:06:58 | 00,000,000 | ---D | M] CiscoCAA -> C:\Users\Admin\AppData\Roaming\CiscoCAA -> [2007/09/24 00:16:40 | 00,000,000 | ---D | M] Command & Conquer 3 Tiberium Wars -> C:\Users\Admin\AppData\Roaming\Command & Conquer 3 Tiberium Wars -> [2008/07/17 00:22:49 | 00,000,000 | ---D | M] Corel -> C:\Users\Admin\AppData\Roaming\Corel -> [2009/04/14 01:09:30 | 00,000,000 | ---D | M] Curl Corporation -> C:\Users\Admin\AppData\Roaming\Curl Corporation -> [2008/01/01 18:36:18 | 00,000,000 | ---D | M] DAEMON Tools -> C:\Users\Admin\AppData\Roaming\DAEMON Tools -> [2008/01/05 23:14:55 | 00,000,000 | ---D | M] dvdcss -> C:\Users\Admin\AppData\Roaming\dvdcss -> [2009/07/13 00:39:12 | 00,000,000 | ---D | M] FarStone -> C:\Users\Admin\AppData\Roaming\FarStone -> [2008/02/05 20:22:29 | 00,000,000 | ---D | M] IM -> C:\Users\Admin\AppData\Roaming\IM -> [2008/07/09 17:51:51 | 00,000,000 | ---D | M] Jane s Hotel -> C:\Users\Admin\AppData\Roaming\Jane s Hotel -> [2008/04/12 12:05:20 | 00,000,000 | ---D | M] LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 -> C:\Users\Admin\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 -> [2009/07/19 01:13:48 | 00,000,000 | ---D | M] Media Center Programs -> C:\Users\Admin\AppData\Roaming\Media Center Programs -> [2006/11/02 05:37:34 | 00,000,000 | ---D | M] Publish Providers -> C:\Users\Admin\AppData\Roaming\Publish Providers -> [2009/05/08 00:41:21 | 00,000,000 | ---D | M] Red Alert 3 -> C:\Users\Admin\AppData\Roaming\Red Alert 3 -> [2008/12/20 01:05:30 | 00,000,000 | ---D | M] Roxio -> C:\Users\Admin\AppData\Roaming\Roxio -> [2007/09/22 20:44:04 | 00,000,000 | ---D | M] SecuROM -> C:\Users\Admin\AppData\Roaming\SecuROM -> [2007/12/17 19:36:24 | 00,000,000 | RH-D | M] Soldat -> C:\Users\Admin\AppData\Roaming\Soldat -> [2007/10/11 20:48:49 | 00,000,000 | ---D | M] SolidWorks -> C:\Users\Admin\AppData\Roaming\SolidWorks -> [2008/07/09 21:46:53 | 00,000,000 | ---D | M] SolidWorks 2008 -> C:\Users\Admin\AppData\Roaming\SolidWorks 2008 -> [2008/07/09 18:12:47 | 00,000,000 | ---D | M] Sony -> C:\Users\Admin\AppData\Roaming\Sony -> [2009/05/08 00:41:18 | 00,000,000 | ---D | M] U3 -> C:\Users\Admin\AppData\Roaming\U3 -> [2009/08/09 01:06:11 | 00,000,000 | ---D | M] Ventrilo -> C:\Users\Admin\AppData\Roaming\Ventrilo -> [2008/06/09 22:28:10 | 00,000,000 | ---D | M] C:\Windows\Tasks\ -> C:\Windows\Tasks -> [2009/09/16 02:31:57 | 00,000,000 | ---D | M] SA.DAT -> C:\Windows\Tasks\SA.DAT -> [2009/09/16 02:12:58 | 00,000,006 | -H-- | M] () [File - Purity Scan] < End of report > [/code]