OTL logfile created on: 5/28/2011 7:20:29 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Mom & Dad\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.44 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 72.00% Memory free
6.87 Gb Paging File | 5.96 Gb Available in Paging File | 86.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 33.98 Gb Free Space | 15.25% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.00 Gb Free Space | 0.04% Space Free | Partition Type: NTFS
Drive E: | 6.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: DREWMON-PC | User Name: Mom & Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/28 19:18:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mom & Dad\Desktop\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/08/19 18:29:18 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/05/26 19:30:10 | 000,132,464 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
========== Modules (SafeList) ==========
MOD - [2011/05/28 19:18:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mom & Dad\Desktop\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/08/21 03:01:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/26 19:30:10 | 000,132,464 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
========== Driver Services (SafeList) ==========
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/06 18:50:02 | 000,118,280 | ---- | M] (Webroot Software, Inc. (
www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2010/05/06 18:50:02 | 000,023,560 | ---- | M] (Webroot Software, Inc. (
www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2010/05/06 18:50:00 | 000,028,936 | ---- | M] (Webroot Software, Inc. (
www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbd.sys -- (ssfs0bbd)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:16:20 | 000,044,544 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\tcpabmat.sys -- (tcpabmat)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\tbCoup.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/
IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 4A 1C CB 56 96 CB 01 [binary data]
IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\tbCoup.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2234436012-652195838-273927476-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2011/05/27 05:45:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\tbCoup.dll (Conduit Ltd.)
O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\tbCoup.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\..\Toolbar\WebBrowser: (Coupons.com Toolbar) - {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files\Coupons.com\tbCoup.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2234436012-652195838-273927476-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F}
http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739}
http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
https://dnet-i2.dom.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F9CD2233-6744-47C1-A6AE-00C30A35F73D}
https://myaccount.cox.net/internettools/scripts/Inspector.cab (CAssessmentCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
========== Files/Folders - Created Within 30 Days ==========
[2011/05/28 19:18:29 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Mom & Dad\Desktop\OTL.exe
[2011/05/27 05:58:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/27 05:41:40 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\temp
[2011/05/27 05:41:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/27 05:11:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/27 05:11:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/27 05:11:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/27 05:10:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/27 05:10:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/27 05:10:36 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/27 05:05:42 | 004,295,610 | R--- | C] (Swearware) -- C:\Users\Mom & Dad\Desktop\ComboFix.exe
[2011/05/26 20:21:37 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{CA08045C-6F40-424F-8F5E-CA456F87B60E}
[2011/05/26 19:47:00 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Mom & Dad\Desktop\aswMBR.exe
[2011/05/25 23:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSpice Student
[2011/05/25 23:03:00 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\THREED32.OCX
[2011/05/25 23:03:00 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bdao.dll
[2011/05/25 23:03:00 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2irdao.dll
[2011/05/25 23:03:00 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2ctdao.dll
[2011/05/25 23:02:59 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\crpe32.dll
[2011/05/25 23:02:59 | 000,416,768 | ---- | C] (Seagate Software) -- C:\Windows\System32\cpeaut32.dll
[2011/05/25 23:02:59 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\Windows\System32\crpaig32.dll
[2011/05/25 23:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
[2011/05/25 23:02:58 | 000,000,000 | ---D | C] -- C:\Windows\Crystal
[2011/05/25 23:00:27 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\temp
[2011/05/25 19:06:15 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Mom & Dad\Desktop\dds.scr
[2011/05/25 18:33:46 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\Desktop\drewmon
[2011/05/25 18:19:45 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{162F0102-53F9-41B8-924A-C166B72D3BAE}
[2011/05/25 07:10:16 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mom & Dad\Desktop\TDSSKiller.exe
[2011/05/25 01:38:44 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{50F51F28-3B71-406B-9CDA-59BBB9C22586}
[2011/05/24 21:27:40 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/24 21:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/24 21:27:39 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/24 21:27:36 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/24 21:27:36 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/24 21:27:35 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/24 21:27:32 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/24 21:26:26 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/24 21:26:26 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/24 21:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/24 21:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/23 22:22:16 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{EC204A63-3248-4196-9AC7-698C88A78A38}
[2011/05/22 19:47:48 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Roaming\Malwarebytes
[2011/05/22 19:47:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/22 19:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/22 19:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/22 19:47:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/22 19:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/20 19:02:43 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{32560F2F-DC55-4592-A5AF-2B28C4C37892}
[2011/05/18 14:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/05/18 14:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons.com
[2011/05/18 09:49:21 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{75B55CB4-4910-49D8-A1D7-0F7C21E2FA56}
[2011/05/17 21:48:59 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{E8A8581E-A8E5-42AE-B1F6-1333CF34E3D7}
[2011/05/16 17:14:18 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{B7E235A8-08E8-417A-A5A5-8A58C680750C}
[2011/05/08 12:09:52 | 000,000,000 | ---D | C] -- C:\Users\Mom & Dad\AppData\Local\{B2A5FEBE-ABEB-4D03-AA47-DC2B84AFDD2D}
[2011/05/05 18:41:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun
[2011/05/05 18:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/05 18:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
========== Files - Modified Within 30 Days ==========
[2011/05/28 19:18:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mom & Dad\Desktop\OTL.exe
[2011/05/28 16:25:55 | 000,021,360 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/28 16:25:55 | 000,021,360 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/28 16:24:40 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/28 16:24:40 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/28 16:17:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/28 16:17:24 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/27 22:32:20 | 000,075,264 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\SystemLook.exe
[2011/05/27 05:45:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/27 05:05:50 | 004,295,610 | R--- | M] (Swearware) -- C:\Users\Mom & Dad\Desktop\ComboFix.exe
[2011/05/26 19:54:28 | 000,040,694 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\RKUnhookerLE report
[2011/05/26 19:48:28 | 000,133,632 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\RKUnhookerLE.EXE
[2011/05/26 19:47:58 | 000,000,512 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\MBR.dat
[2011/05/26 19:47:04 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Mom & Dad\Desktop\aswMBR.exe
[2011/05/26 05:07:09 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mom & Dad\Desktop\TDSSKiller.exe
[2011/05/26 05:05:23 | 001,301,452 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\tdsskiller.zip
[2011/05/25 23:46:47 | 000,002,700 | ---- | M] () -- C:\Windows\PSPICEEV.INI
[2011/05/25 23:12:47 | 000,001,098 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\Capture Student.lnk
[2011/05/25 19:06:28 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Mom & Dad\Desktop\dds.scr
[2011/05/25 18:58:40 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/25 18:58:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/25 00:57:04 | 000,302,080 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\hywyfxhf.exe
[2011/05/22 19:47:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/22 17:39:39 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~34987768
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/03 14:36:18 | 000,027,588 | ---- | M] () -- C:\Windows\System32\tmpextbl.dll
========== Files Created - No Company Name ==========
[2011/05/27 22:32:19 | 000,075,264 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\SystemLook.exe
[2011/05/27 05:11:00 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/27 05:11:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/27 05:11:00 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/27 05:11:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/27 05:11:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/26 19:54:28 | 000,040,694 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\RKUnhookerLE report
[2011/05/26 19:48:24 | 000,133,632 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\RKUnhookerLE.EXE
[2011/05/26 19:47:58 | 000,000,512 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\MBR.dat
[2011/05/26 05:05:16 | 001,301,452 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\tdsskiller.zip
[2011/05/25 23:12:47 | 000,001,098 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\Capture Student.lnk
[2011/05/25 23:03:01 | 000,002,700 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2011/05/25 23:03:00 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2011/05/25 23:03:00 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2011/05/25 23:03:00 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2011/05/25 23:03:00 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2011/05/25 23:03:00 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2011/05/25 23:02:59 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2011/05/25 23:02:59 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2011/05/25 23:02:59 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2011/05/25 23:02:59 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2011/05/25 23:02:59 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2011/05/25 23:02:59 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2011/05/25 23:02:59 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2011/05/25 23:02:59 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2011/05/25 23:02:59 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2011/05/25 23:02:59 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2011/05/25 23:02:59 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2011/05/25 00:56:59 | 000,302,080 | ---- | C] () -- C:\Users\Mom & Dad\Desktop\hywyfxhf.exe
[2011/05/24 21:27:40 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/22 19:47:40 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/22 17:39:36 | 000,000,040 | -H-- | C] () -- C:\ProgramData\~34987768
[2011/03/12 21:47:48 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/30 20:49:52 | 000,000,093 | ---- | C] () -- C:\Windows\ka.ini
[2011/01/30 20:40:27 | 000,000,038 | ---- | C] () -- C:\Windows\p4k.ini
[2010/08/26 16:42:33 | 000,027,588 | ---- | C] () -- C:\Windows\System32\tmpextbl.dll
[2010/08/25 15:07:01 | 000,165,665 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010/08/25 15:07:01 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010/08/18 23:18:04 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2010/08/18 23:18:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2010/08/18 23:18:04 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,329,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 006,623,232 | ---- | C] () -- C:\Windows\System32\msulexc.exe
[2009/07/13 19:55:01 | 001,671,168 | ---- | C] () -- C:\Windows\System32\winahurl.dll
[2009/07/13 19:55:01 | 001,331,200 | ---- | C] () -- C:\Windows\System32\dskikvga.dll
[2009/07/13 19:55:01 | 000,313,782 | ---- | C] () -- C:\Windows\System32\wowocwin32.dll
[2009/07/13 19:55:01 | 000,044,544 | ---- | C] () -- C:\Windows\System32\drivers\tcpabmat.sys
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/05/25 18:51:47 | 000,000,000 | ---D | M] -- C:\Users\drewmon\AppData\Roaming\gtk-2.0
[2011/05/25 18:51:47 | 000,000,000 | ---D | M] -- C:\Users\drewmon\AppData\Roaming\Juniper Networks
[2011/05/25 18:51:48 | 000,000,000 | ---D | M] -- C:\Users\drewmon\AppData\Roaming\Maple
[2010/08/19 00:25:46 | 000,000,000 | ---D | M] -- C:\Users\drewmon\AppData\Roaming\National Instruments
[2010/09/17 12:56:57 | 000,000,000 | ---D | M] -- C:\Users\drewmon\AppData\Roaming\Windows Live Writer
[2011/04/21 11:34:50 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Catalina Marketing Corp
[2011/01/24 19:44:45 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Juniper Networks
[2010/09/26 08:11:00 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Maple
[2011/01/07 02:53:17 | 000,000,000 | ---D | M] -- C:\Users\Mom & Dad\AppData\Roaming\Windows Live Writer
[2011/05/11 20:19:20 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/08/19 01:58:55 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/05/27 05:58:42 | 000,018,933 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/11/13 23:05:24 | 000,005,060 | RH-- | M] () -- C:\dell.sdr
[2011/05/28 16:17:24 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/30 20:39:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/30 20:39:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/28 16:17:26 | 3689,406,464 | -HS- | M] () -- C:\pagefile.sys
[2011/05/26 05:11:12 | 000,067,614 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_26.05.2011_05.07.52_log.txt
< %systemroot%\Fonts\*.com >
[2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 21:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/07 03:05:54 | 000,000,221 | -HS- | M] () -- C:\Users\Mom & Dad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2010/12/03 13:25:02 | 003,018,064 | ---- | M] (Siber Systems) -- C:\Users\Mom & Dad\Desktop\AiRoboForm.exe
[2011/05/26 19:47:04 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Mom & Dad\Desktop\aswMBR.exe
[2011/05/27 05:05:50 | 004,295,610 | R--- | M] (Swearware) -- C:\Users\Mom & Dad\Desktop\ComboFix.exe
[2011/05/25 00:57:04 | 000,302,080 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\hywyfxhf.exe
[2011/05/28 19:18:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mom & Dad\Desktop\OTL.exe
[2011/05/26 19:48:28 | 000,133,632 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\RKUnhookerLE.EXE
[2011/05/27 22:32:20 | 000,075,264 | ---- | M] () -- C:\Users\Mom & Dad\Desktop\SystemLook.exe
[2011/05/26 05:07:09 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mom & Dad\Desktop\TDSSKiller.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2010/09/09 19:43:26 | 000,000,402 | -HS- | M] () -- C:\Users\Mom & Dad\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/09 21:09:11 | 000,001,807 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/03/12 21:47:49 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/22 17:39:39 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~34987768
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< >
< End of report >