OTL logfile created on: 4/23/2010 11:32:25 PM - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Charles Sykora\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 2.51 Gb Free Space | 3.37% Space Free | Partition Type: NTFS Drive D: | 4.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JOSHLAPTOP Current User Name: Charles Sykora Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/04/23 23:17:38 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Sykora\Desktop\OTL.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/05/22 20:22:06 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/04/23 23:17:38 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Sykora\Desktop\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2008/10/25 20:39:52 | 000,611,664 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice) SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006/02/23 11:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate) SRV - [2005/09/08 08:25:56 | 000,397,312 | ---- | M] (Logitech) [Disabled | Stopped] -- C:\Program Files\Common Files\Logitech\Pen\Phal\Service\LPhal.exe -- (PenSup) SRV - [2005/09/08 08:25:56 | 000,397,312 | ---- | M] (Logitech) [Disabled | Stopped] -- C:\Program Files\Common Files\Logitech\Pen\Phal\Service\LPhal.exe -- (PenRendezvous) SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2008/08/20 07:20:27 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2008/08/20 07:20:27 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2008/08/20 07:20:20 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2008/08/20 07:20:14 | 000,368,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman) DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus) DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2005/08/03 12:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/06/29 14:06:30 | 001,434,080 | ---- | M] (Adaptec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcuwil2.sys -- (AvcUWil2) DRV - [2005/06/29 14:06:30 | 000,017,536 | ---- | M] (Adaptec, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcuwfl2.sys -- (AVC3310F) DRV - [2005/06/20 13:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/03/16 01:43:06 | 000,159,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005/03/09 22:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005/03/07 12:35:54 | 000,056,832 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LPhalUsb.sys -- (Phal) DRV - [2005/03/04 00:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004/12/15 04:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2004/12/15 04:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/12/15 04:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004/11/16 23:17:58 | 000,280,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA) DRV - [2004/11/16 23:17:14 | 000,293,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD) DRV - [2004/08/03 19:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2004/06/02 17:07:28 | 001,240,938 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2004/06/02 16:50:16 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2004/04/14 10:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2003/06/06 14:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2001/08/17 17:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Yoog Search" FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..keyword.URL: "http://www10.yoog.com/search.php?q=" FF - user.js..browser.search.selectedEngine: "Yoog Search" FF - user.js..keyword.URL: "http://www10.yoog.com/search.php?q=" FF - user.js..keyword.enabled: true FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/23 23:30:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 18:07:41 | 000,000,000 | ---D | M] [2008/09/06 13:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Mozilla\Extensions [2010/04/23 18:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Mozilla\Firefox\Profiles\f5y9arxu.default\extensions [2009/09/27 14:37:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Charles Sykora\Application Data\Mozilla\Firefox\Profiles\f5y9arxu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/04/02 18:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Mozilla\Firefox\Profiles\f5y9arxu.default\extensions\moveplayer@movenetworks.com [2008/12/28 14:14:25 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Application Data\Mozilla\Firefox\Profiles\f5y9arxu.default\searchplugins\Yoog Search.xml [2010/04/22 18:16:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/01/28 23:08:04 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll [2008/09/10 03:39:42 | 000,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll [2007/09/28 18:57:26 | 006,275,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll O1 HOSTS File: ([2009/11/06 01:46:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156354418546 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop WallPaper: C:\Documents and Settings\Charles Sykora\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charles Sykora\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/01/23 17:48:51 | 000,000,041 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/15 17:36:33 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2010/04/23 23:17:39 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charles Sykora\Desktop\OTL.exe [2010/04/23 18:06:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/23 18:06:19 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/23 18:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/04/23 18:06:07 | 005,918,768 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Charles Sykora\Desktop\mbam-setup(3).exe [2010/04/23 18:02:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/04/23 17:59:27 | 005,918,768 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Charles Sykora\Desktop\mbam-setup(2).exe [2010/04/23 17:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/04/23 17:57:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Charles Sykora\Desktop\erunt_setup.exe [2010/04/23 17:48:09 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charles Sykora\Desktop\TFC.exe [2010/04/22 22:55:17 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Charles Sykora\Desktop\mbam-setup-1.45.exe [2010/04/22 21:33:06 | 000,000,000 | ---D | C] -- C:\My Games [2010/04/22 18:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles Sykora\Desktop\StarCraft II Beta enUS 13891 Installer [2010/04/22 18:46:42 | 002,765,619 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Charles Sykora\Desktop\StarCraft_2_Beta_enUS(2).exe [2010/04/22 18:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta [2010/04/22 18:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles Sykora\My Documents\StarCraft II Beta [2010/04/22 18:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles Sykora\Local Settings\Application Data\Blizzard Entertainment [2010/04/22 18:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment [2010/03/23 20:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles Sykora\My Documents\StarCraft 1.15.2 enUS Installer [2010/03/23 20:57:44 | 002,732,787 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Charles Sykora\Desktop\Downloader_StarCraft_Combo_enUS.exe [2010/03/23 19:55:04 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe [2010/03/12 17:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard [2010/03/12 16:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles Sykora\My Documents\StarCraft II Beta enUS 13891 Installer [2010/03/12 16:50:31 | 002,765,619 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Charles Sykora\Desktop\StarCraft_2_Beta_enUS.exe [2010/01/24 16:15:02 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Charles Sykora\Desktop\mbam-setup.exe [2010/01/24 16:07:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [883 C:\Documents and Settings\Charles Sykora\My Documents\*.tmp files -> C:\Documents and Settings\Charles Sykora\My Documents\*.tmp -> ] [16 C:\Documents and Settings\Charles Sykora\Desktop\*.tmp files -> C:\Documents and Settings\Charles Sykora\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2010/04/23 23:34:00 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/23 23:34:00 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/23 23:34:00 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/23 23:29:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/04/23 23:29:13 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\cegnkozg.job [2010/04/23 23:29:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/23 23:29:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/04/23 23:29:03 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys [2010/04/23 23:17:38 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Sykora\Desktop\OTL.exe [2010/04/23 18:06:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/04/23 18:06:06 | 005,918,768 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Charles Sykora\Desktop\mbam-setup(3).exe [2010/04/23 17:59:49 | 005,918,768 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Charles Sykora\Desktop\mbam-setup(2).exe [2010/04/23 17:58:26 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\NTREGOPT.lnk [2010/04/23 17:58:26 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\ERUNT.lnk [2010/04/23 17:57:34 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Charles Sykora\Desktop\erunt_setup.exe [2010/04/23 17:53:26 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Charles Sykora\NTUSER.DAT [2010/04/23 17:53:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Charles Sykora\ntuser.ini [2010/04/23 17:48:06 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Sykora\Desktop\TFC.exe [2010/04/23 15:52:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/04/22 22:55:28 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Charles Sykora\Desktop\mbam-setup-1.45.exe [2010/04/22 22:31:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/22 18:53:27 | 007,899,168 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\SUPERAntiSpyware(2).exe [2010/04/22 18:46:50 | 002,765,619 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\Charles Sykora\Desktop\StarCraft_2_Beta_enUS(2).exe [2010/04/22 18:31:37 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk [2010/04/07 16:56:23 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\starcraft tips.doc [2010/03/30 22:05:29 | 000,185,344 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\My Documents\credit card payment.doc [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/03/27 12:59:05 | 000,040,054 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\faceplant065qm.jpg [2010/03/27 12:56:10 | 000,059,874 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\25311_391742224416_513274416_3527527_4975520_n.jpg [2010/03/25 22:32:08 | 002,644,650 | -H-- | M] () -- C:\Documents and Settings\Charles Sykora\Local Settings\Application Data\IconCache.db [2010/03/23 22:38:41 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini [2010/03/23 21:07:21 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe [2010/03/23 21:07:21 | 000,035,190 | ---- | M] () -- C:\WINDOWS\scunin.dat [2010/03/23 21:07:21 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif [2010/03/23 20:57:53 | 002,732,787 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\Charles Sykora\Desktop\Downloader_StarCraft_Combo_enUS.exe [2010/03/23 20:48:45 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\Starcraft strat.doc [2010/03/15 20:14:03 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\~$arcraft strat.doc [2010/03/12 16:50:41 | 002,765,619 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\Charles Sykora\Desktop\StarCraft_2_Beta_enUS.exe [2010/03/12 16:48:30 | 000,111,029 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\TvP_Lorelei.sc2replay [2010/02/25 20:14:27 | 000,204,894 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\ZetarasVsElegy-PvZ.SC2Replay [2010/02/16 02:17:10 | 000,044,258 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\Navy Seal poster.jpg [2010/01/26 21:22:50 | 000,222,160 | ---- | M] () -- C:\Documents and Settings\Charles Sykora\Desktop\Lost-Season-6-Wallpaper-lost-6421403-595-442.jpg [2010/01/24 16:15:06 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Charles Sykora\Desktop\mbam-setup.exe [2010/01/24 16:08:34 | 000,000,279 | RHS- | M] () -- C:\boot.ini [2010/01/24 16:08:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [883 C:\Documents and Settings\Charles Sykora\My Documents\*.tmp files -> C:\Documents and Settings\Charles Sykora\My Documents\*.tmp -> ] [16 C:\Documents and Settings\Charles Sykora\Desktop\*.tmp files -> C:\Documents and Settings\Charles Sykora\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/04/23 18:06:25 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/04/23 17:58:26 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\NTREGOPT.lnk [2010/04/23 17:58:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\ERUNT.lnk [2010/04/22 18:53:04 | 007,899,168 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\SUPERAntiSpyware(2).exe [2010/04/22 18:22:11 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk [2010/04/07 16:34:57 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\starcraft tips.doc [2010/03/30 22:05:29 | 000,185,344 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\My Documents\credit card payment.doc [2010/03/27 12:59:04 | 000,040,054 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\faceplant065qm.jpg [2010/03/27 12:56:09 | 000,059,874 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\25311_391742224416_513274416_3527527_4975520_n.jpg [2010/03/23 19:55:04 | 000,035,190 | ---- | C] () -- C:\WINDOWS\scunin.dat [2010/03/23 19:55:04 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif [2010/03/15 20:14:03 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\~$arcraft strat.doc [2010/03/12 16:48:31 | 000,111,029 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\TvP_Lorelei.sc2replay [2010/03/12 16:48:24 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\Starcraft strat.doc [2010/02/25 20:14:31 | 000,204,894 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\ZetarasVsElegy-PvZ.SC2Replay [2010/02/16 02:17:09 | 000,044,258 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\Navy Seal poster.jpg [2010/01/26 21:22:48 | 000,222,160 | ---- | C] () -- C:\Documents and Settings\Charles Sykora\Desktop\Lost-Season-6-Wallpaper-lost-6421403-595-442.jpg [2010/01/24 16:10:15 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys [2010/01/21 23:42:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2009/12/11 23:03:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009/12/11 22:55:04 | 000,000,090 | ---- | C] () -- C:\WINDOWS\EPART810.ini [2009/06/02 17:20:49 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009/06/02 17:20:49 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009/06/02 17:20:49 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2008/08/10 15:49:34 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5618F36C4D.sys [2008/08/10 15:49:33 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008/04/29 20:58:46 | 000,041,296 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2008/04/28 19:57:09 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007/11/14 19:38:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\galaxy.ini [2007/03/06 16:37:13 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI [2006/09/07 12:36:23 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini [2006/08/29 21:20:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2006/08/29 17:19:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2006/08/23 14:50:43 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2006/08/08 10:15:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/09/15 17:45:29 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/09/08 08:23:34 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\LogLfx.dll [2005/08/17 06:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/08/17 06:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/08/05 18:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/01 00:47:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/06/03 05:40:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\LPIconRes.dll [2004/06/02 17:28:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/11/21 06:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2002/11/21 06:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2002/11/21 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2002/11/21 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2002/11/21 06:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2002/11/21 06:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2002/11/03 20:02:16 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll [2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2008/08/20 07:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2006/09/04 22:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anoto [2005/09/15 17:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream [2009/12/11 23:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2008/12/05 17:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2009/04/28 15:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame [2005/09/15 18:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies [2009/02/12 17:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/01/24 22:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WNSS [2008/10/31 16:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009/01/08 22:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\acccore [2009/01/08 22:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Anoto [2009/01/08 22:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Command & Conquer 3 Tiberium Wars [2009/01/08 22:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Command & Conquer 3 Tiberium Wars Demo [2008/08/11 00:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\deskUNPDF [2010/01/03 03:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Epson [2009/04/05 00:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Fantasy Grounds II [2008/08/24 08:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\GSC [2007/03/04 17:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\InterVideo [2006/08/08 12:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Leadertech [2007/03/06 17:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files [2008/07/02 11:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Ruckus Network [2009/02/12 17:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Viewpoint [2008/04/14 16:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles Sykora\Application Data\Wizards of the Coast [2010/04/23 23:29:13 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\cegnkozg.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/09 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/08/30 18:13:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/08/30 18:13:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/09 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/08/30 18:13:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/08/30 18:13:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 18:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\comsvcs.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2005/08/16 22:43:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005/08/16 22:43:50 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005/08/16 22:43:50 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color] [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys < End of report >