aftermath of scareware

**dwsolo** · 06-08-2010

I was suddenly warned by an unidentified scareware of various infections. Obviously I didn't allow it to continue scanning but simply closed the window. I then updated Malwarebytes and scanned and also got the latest version of Vipre-rescue which gave me a deep scan lasting 6 hours. Neither scan found any remnants of the scareware.
My main antivirus is Microsoft Security Essentials (continuously updated), which also found no problems.
So just to be absolutely sure I'm in the clear, I ran HiJackthis just now - the results being as follows, do I need to do anything?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:05:34, on 06/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
D:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
D:\Program Files (x86)\SugarSync\SugarSyncManager.exe
D:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
D:\Program Files (x86)\Secunia\PSI\psi.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Everything\Everything.exe
D:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.mg40.mail.yahoo.com/dc/lau...=2kvp36v0r0vhh
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SugarSync] "D:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - D:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - D:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - D:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - D:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - D:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - D:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Launching Service (RapportLaunService) - Trusteer Ltd. - D:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.ex e
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - D:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - D:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - D:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - D:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - D:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - D:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - D:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - D:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - D:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7661 bytes

Thanks for any advice
Kind regards
David

**broni** · 06-08-2010

Please, read HERE and post required logs.

**dwsolo** · 07-08-2010

Hi Broni
Thanks
Here are the logs in separate posts:

mbam
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4401

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

07/08/2010 06:32:25
mbam-log-2010-08-07 (06-32-25).txt

Scan type: Quick scan
Objects scanned: 130151
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**dwsolo** · 07-08-2010

gmer reported no problems and the log file was empty

**dwsolo** · 07-08-2010

mbr check
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer:
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x00003ffd

Kernel Drivers (total 145):
0x01E59000 \SystemRoot\system32\ntoskrnl.exe
0x01E13000 \SystemRoot\system32\hal.dll
0x00602000 \SystemRoot\system32\kdcom.dll
0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00647000 \SystemRoot\system32\PSHED.dll
0x0065B000 \SystemRoot\system32\CLFS.SYS
0x006B8000 \SystemRoot\system32\CI.dll
0x00805000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008ED000 \SystemRoot\system32\drivers\acpi.sys
0x00943000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094C000 \SystemRoot\system32\drivers\msisadrv.sys
0x00956000 \SystemRoot\system32\drivers\pci.sys
0x00986000 \SystemRoot\System32\drivers\partmgr.sys
0x0099B000 \SystemRoot\system32\drivers\volmgr.sys
0x0076A000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AF000 \SystemRoot\system32\drivers\intelide.sys
0x009B7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C7000 \SystemRoot\System32\drivers\mountmgr.sys
0x009DA000 \SystemRoot\system32\drivers\atapi.sys
0x007D0000 \SystemRoot\system32\drivers\ataport.SYS
0x00A0D000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A54000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A68000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00A74000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00AFB000 \SystemRoot\sysWow64\drivers\eufs.sys
0x00C0A000 \SystemRoot\system32\drivers\ndis.sys
0x00B06000 \SystemRoot\system32\drivers\msrpc.sys
0x00B56000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E05000 \SystemRoot\System32\drivers\tcpip.sys
0x00F7B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01003000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01183000 \SystemRoot\system32\drivers\volsnap.sys
0x011C7000 \SystemRoot\System32\Drivers\spldr.sys
0x011CF000 \SystemRoot\System32\Drivers\mup.sys
0x011E1000 \SystemRoot\sysWow64\drivers\eubakup.sys
0x00FA7000 \SystemRoot\System32\drivers\ecache.sys
0x011EC000 \SystemRoot\system32\drivers\disk.sys
0x00FD3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00DCD000 \SystemRoot\system32\drivers\crcdisk.sys
0x00BAF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00BBC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0200A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x02C78000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x02C7A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02D5D000 \SystemRoot\System32\drivers\watchdog.sys
0x02E01000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02EEE000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x02EFF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02F0B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02F51000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02F62000 \SystemRoot\system32\DRIVERS\fdc.sys
0x02F6F000 \SystemRoot\system32\DRIVERS\parport.sys
0x02F8B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02FA1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02FAF000 \SystemRoot\system32\DRIVERS\serial.sys
0x02FCC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x02FD8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02D6D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03001000 \SystemRoot\system32\DRIVERS\storport.sys
0x0305E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0306B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0308E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0309A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x030CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x030DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x030F9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03111000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03124000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03130000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03132000 \SystemRoot\system32\DRIVERS\ks.sys
0x03166000 \SystemRoot\system32\DRIVERS\EuDisk.sys
0x0318B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03196000 \SystemRoot\system32\DRIVERS\umbus.sys
0x031A6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x031EE000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x02DA6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0320D000 \SystemRoot\system32\drivers\HdAudio.sys
0x03256000 \SystemRoot\system32\drivers\portcls.sys
0x03291000 \SystemRoot\system32\drivers\drmk.sys
0x032B4000 \SystemRoot\system32\drivers\ksthunk.sys
0x032BA000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x032E7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x032F1000 \SystemRoot\System32\Drivers\Null.SYS
0x032FA000 \SystemRoot\System32\drivers\vga.sys
0x03308000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0332D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03336000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0333F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0334A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0335B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x03364000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03381000 \SystemRoot\system32\DRIVERS\smb.sys
0x03405000 \SystemRoot\system32\drivers\afd.sys
0x03470000 \SystemRoot\System32\DRIVERS\netbt.sys
0x034B4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x034D2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x034E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x034FC000 \SystemRoot\SysWOW64\drivers\truecrypt.sys
0x0353C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03589000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03595000 \SystemRoot\System32\Drivers\dfsc.sys
0x035B2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x035C0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x035CC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x035D4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x035EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x000B0000 \SystemRoot\System32\win32k.sys
0x035EE000 \SystemRoot\System32\drivers\Dxapi.sys
0x0339C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x033AF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x033CB000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x033D6000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x02DBA000 \SystemRoot\system32\drivers\luafv.sys
0x02DDC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x00DD7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06C0E000 \SystemRoot\system32\drivers\HTTP.sys
0x06CB1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06CDA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06CF8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06D12000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06D3B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06D84000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06DA3000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0700C000 \SystemRoot\System32\DRIVERS\srv.sys
0x070A1000 \SystemRoot\system32\drivers\spsys.sys
0x0713B000 \SystemRoot\system32\DRIVERS\HMuKstOO.sys
0x07146000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0714F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07161000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07169000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07606000 \SystemRoot\system32\drivers\peauth.sys
0x076BC000 \SystemRoot\System32\Drivers\fastfat.SYS
0x076F1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x076FC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0770C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0772C000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x07742000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x07752000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0775D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x07779000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0x77960000 \Windows\System32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
404 D:\Windows\System32\smss.exe
536 csrss.exe
580 D:\Windows\System32\wininit.exe
600 csrss.exe
636 D:\Windows\System32\services.exe
648 D:\Windows\System32\lsass.exe
656 D:\Windows\System32\lsm.exe
768 D:\Windows\System32\winlogon.exe
852 D:\Windows\System32\svchost.exe
896 D:\Windows\System32\nvvsvc.exe
924 D:\Windows\System32\svchost.exe
964 D:\Program Files\Microsoft Security Essentials\MsMpEng.exe
316 D:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
744 D:\Windows\System32\svchost.exe
200 D:\Windows\System32\svchost.exe
836 D:\Windows\System32\svchost.exe
1108 D:\Windows\System32\audiodg.exe
1136 D:\Windows\System32\svchost.exe
1152 D:\Windows\System32\SLsvc.exe
1208 D:\Windows\System32\nvvsvc.exe
1232 D:\Windows\System32\svchost.exe
1352 D:\Windows\System32\svchost.exe
1568 D:\Windows\System32\spoolsv.exe
1592 D:\Windows\System32\svchost.exe
1792 D:\Windows\System32\taskeng.exe
1832 D:\Windows\System32\dwm.exe
1876 D:\Windows\System32\taskeng.exe
1928 D:\Windows\explorer.exe
2020 D:\Windows\System32\taskeng.exe
2016 D:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2176 D:\Windows\System32\svchost.exe
2220 D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2280 D:\Program Files\Microsoft Security Essentials\msseces.exe
2296 D:\Windows\System32\svchost.exe
2340 D:\Windows\System32\svchost.exe
2396 D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2412 D:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
2424 D:\Program Files\Windows Media Player\wmpnetwk.exe
2448 D:\Program Files (x86)\SugarSync\SugarSyncManager.exe
2536 D:\Windows\System32\SearchIndexer.exe
2676 WUDFHost.exe
2844 D:\Program Files (x86)\Secunia\PSI\psi.exe
2864 D:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.ex e
1076 D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
424 D:\Program Files\Windows Media Player\wmpnscfg.exe
2812 D:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
3108 D:\Program Files (x86)\Mozilla Firefox\firefox.exe
1252 D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1264 D:\Program Files (x86)\Everything\Everything.exe
3228 D:\Windows\splwow64.exe
3372 D:\Windows\System32\SearchProtocolHost.exe
3580 D:\Windows\System32\SearchFilterHost.exe
1200 <unknown>
3192 <unknown>
2684 D:\Users\david2\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00008000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000045`389fe200 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000004a`85300000 (NTFS)
\\.\J: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: MAXTORSTM3320820AS, Rev: 3.AAE
PhysicalDrive0 Model Number: MAXTORSTM3320820AS, Rev: 3.AAE
PhysicalDrive2 Model Number: SeagateFreeAgent, Rev: 102D

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive1 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
1397 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

**dwsolo** · 07-08-2010

first part of OTL
OTL logfile created on: 07/08/2010 07:43:18 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Users\david2\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 276.88 Gb Total Space | 17.84 Gb Free Space | 6.44% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 150.45 Gb Free Space | 50.47% Space Free | Partition Type: NTFS
Drive E: | 11.74 Gb Total Space | 9.77 Gb Free Space | 83.21% Space Free | Partition Type: NTFS
Drive F: | 9.00 Mb Total Space | 5.42 Mb Free Space | 60.23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 3.74 Gb Total Space | 0.55 Gb Free Space | 14.61% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 1397.26 Gb Total Space | 719.65 Gb Free Space | 51.50% Space Free | Partition Type: NTFS

Computer Name: DAVID2-PC
Current User Name: david2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/07 06:24:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Users\david2\Desktop\OTL.exe
PRC - [2010/07/07 00:33:04 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- D:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/07/07 00:33:04 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- D:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/05/29 13:44:56 | 013,705,216 | ---- | M] (SugarSync, Inc.) -- D:\Program Files (x86)\SugarSync\SugarSyncManager.exe
PRC - [2010/05/28 12:04:52 | 000,911,920 | ---- | M] (Secunia) -- D:\Program Files (x86)\Secunia\PSI\psi.exe
PRC - [2010/05/21 18:47:56 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/05/13 06:27:19 | 000,160,328 | ---- | M] (Siber Systems) -- D:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/03/13 02:18:48 | 000,602,624 | ---- | M] () -- D:\Program Files (x86)\Everything\Everything.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- D:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

========== Modules (SafeList) ==========

MOD - [2010/08/07 06:24:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Users\david2\Desktop\OTL.exe
MOD - [2010/07/07 00:33:12 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- D:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/04/11 07:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWOW64\msi.dll
MOD - [2008/01/19 08:36:24 | 000,038,912 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWOW64\sfc_os.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWOW64\msscript.ocx
MOD - [2006/11/02 10:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWOW64\sfc.dll
MOD - [2006/11/02 10:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWOW64\msiltcfg.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2008/01/19 09:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/07 00:33:18 | 000,524,784 | ---- | M] (Trusteer Ltd.) [On_Demand | Running] -- D:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.ex e -- (RapportLaunService)
SRV - [2010/07/07 00:33:04 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- D:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/05/21 18:47:56 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\Microsoft.NET\Framework64\v4.0.30319\WP F\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- D:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/05/28 12:04:52 | 000,017,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- D:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/05/20 03:05:16 | 000,051,024 | ---- | M] (Dritek System Inc.) [Kernel | Auto | Running] -- D:\Windows\SysNative\DRIVERS\HMuKstOO.sys -- (HMuKstOO)
DRV:64bit: - [2009/12/02 12:20:56 | 000,137,608 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\DRIVERS\EuDisk.sys -- (EuDisk)
DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- D:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/10/03 03:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006/09/18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- D:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/07/07 00:33:20 | 000,063,472 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys -- (RapportKE64)
DRV - [2010/07/07 00:33:20 | 000,056,304 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys -- (RapportPG64)
DRV - [2009/12/02 12

00 | 000,026,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- D:\Windows\sysWow64\drivers\eufs.sys -- (EUFS)
DRV - [2009/12/02 12:20:58 | 000,017,800 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- D:\Windows\SysWOW64\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2009/12/02 12:20:56 | 000,030,600 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- D:\Windows\sysWow64\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- D:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.mg40.mail.yahoo.com/dc/lau...=2kvp36v0r0vhh
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 1E FD 62 81 11 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.mg40.mail.yahoo.com/dc/launch?.gx=1&.rand=ak58oq61r273j"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{2211994 4-ED35-4ab1-910B-E619EA06A115}: D:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/05/13 06:27:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010/07/27 08:25:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/01 18:40:59 | 000,000,000 | ---D | M]

[2010/05/13 06:25:05 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\Mozilla\Extensions
[2010/08/06 10:07:59 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ozabdkp6.default\extensions
[2010/06/06 08

42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Users\david2\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ozabdkp6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/27 17:08:15 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Users\david2\AppData\Roaming\Mozilla\Firefox\Pr ofiles\ozabdkp6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/30 07:46:07 | 000,000,000 | ---D | M] -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/13 16:09:33 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/27 07:41:19 | 000,075,208 | ---- | M] (Foxit Software Company) -- D:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - D:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - D:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [MSSE] d:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] D:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SugarSync] D:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Customize Menu - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Fill Forms - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (D:\Program Files\Soluto\soluto.exe /userinit) - D:\Program Files\Soluto\soluto.exe File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: D:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/05 11:10:28 | 000,000,111 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{3ce79b54-99f7-11df-b1e8-0019660c6da8}\Shell\AutoRun\command - "" = J:\Setup.exe -- [2009/01/16 08:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Setup.exe -- [2009/01/16 08:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/07 06:24:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Users\david2\Desktop\OTL.exe
[2010/08/06 21:27:21 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\vlc
[2010/08/06 08:03:00 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Trend Micro
[2010/08/05 10:18:34 | 000,093,872 | ---- | C] (Sunbelt Software) -- D:\Windows\SysWow64\drivers\SBREDrv.sys
[2010/08/05 10:18:34 | 000,027,944 | ---- | C] (Sunbelt Software) -- D:\Windows\SysWow64\sbbd.exe
[2010/08/03 17:28:45 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\MSECache
[2010/07/29 21:08:07 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Malwarebytes
[2010/07/29 21:07:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/29 21:07:44 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2010/07/29 21:07:43 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\SysNative\drivers\mbam.sys
[2010/07/29 21:07:43 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/28 10:18:33 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Auslogics
[2010/07/28 10:07:20 | 000,000,000 | ---D | C] -- D:\Windows\Minidump
[2010/07/28 10:04:07 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Auslogics
[2010/07/28 08:07:10 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\FlexiMusic Composer
[2010/07/27 19:20:23 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\VideoLAN
[2010/07/27 18:17:53 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\YouSendIt
[2010/07/27 18:17:09 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\YouSendIt
[2010/07/27 18:16:09 | 000,000,000 | ---D | C] -- D:\Windows\Downloaded Installations
[2010/07/27 08:41:32 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Audacity
[2010/07/27 08:41:16 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/07/27 07:42:47 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Foxit Software
[2010/07/27 07:42:15 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Foxit Software
[2010/07/27 06:59:24 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Plogue
[2010/07/26 18:44:51 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Trusteer
[2010/07/26 18:44:40 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Trusteer
[2010/07/26 18:43:32 | 000,000,000 | ---D | C] -- D:\ProgramData\Trusteer
[2010/07/26 16:36:30 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\Serif
[2010/07/22 12:18:44 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\My Stationery
[2010/07/10 07:19:41 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\PCI_HDAV_091126_7_12_8_1 777_W73264
[2010/07/03 10:01:17 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\jv16 PowerTools 2010
[2010/06/30 08:44:37 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\WindowsPowerShell
[2010/06/30 08:44:35 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\WindowsPowerShell
[2010/06/30 07:42:54 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Antimalware
[2010/06/24 10:58:48 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\GlarySoft
[2010/06/24 10:55:38 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Glary Utilities
[2010/06/22 17:30:06 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\Musicnotes
[2010/06/17 13:01:48 | 000,000,000 | ---D | C] -- D:\Windows\OPTIONS
[2010/06/17 12:57:33 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- D:\Windows\SysWow64\CSVer.dll
[2010/06/17 12:57:33 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Intel
[2010/06/17 12:57:09 | 000,000,000 | ---D | C] -- D:\Intel
[2010/06/17 12:31:33 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\NVIDIA Corporation
[2010/06/17 12:28:13 | 000,000,000 | ---D | C] -- D:\ProgramData\NVIDIA Corporation
[2010/06/17 12:07:09 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Realtek
[2010/06/17 12:07:08 | 000,000,000 | -H-D | C] -- D:\Program Files (x86)\InstallShield Installation Information
[2010/06/17 12:06:42 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\InstallShield
[2010/06/17 09:13:21 | 000,021,712 | ---- | C] (Phoenix Technologies) -- D:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2010/06/17 09:13:21 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\eSupport.com
[2010/06/17 08:36:27 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\CCleaner
[2010/06/17 08:30:39 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Secunia
[2010/06/17 07:55:01 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\DRVSTORE
[2010/06/17 07:53:46 | 000,000,000 | ---D | C] -- D:\ProgramData\Soluto
[2010/06/12 13:47:54 | 000,000,000 | ---D | C] -- D:\rei
[2010/06/12 13:47:49 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Reimage
[2010/06/12 13:45:19 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\CD-LabelPrint
[2010/06/12 13:45:07 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Canon
[2010/06/12 13:37:58 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\CD-LabelPrint
[2010/06/12 13:32:58 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\Matteo Rossi
[2010/06/12 13:32:58 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\iCopy
[2010/06/12 13:31:12 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\iCopy
[2010/06/12 10:49:34 | 000,000,000 | -H-D | C] -- D:\ProgramData\CanonBJ
[2010/06/12 10:03:55 | 000,000,000 | ---D | C] -- D:\ProgramData\Brother
[2010/06/06 10:24:31 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\TrueCrypt
[2010/06/06 10:23:53 | 000,000,000 | ---D | C] -- D:\ProgramData\TrueCrypt
[2010/06/06 10:23:48 | 000,222,160 | ---- | C] (TrueCrypt Foundation) -- D:\Windows\SysWow64\drivers\truecrypt.sys
[2010/06/06 10:23:14 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\TrueCrypt
[2010/06/06 08:51:10 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\TuneUp Software
[2010/06/06 08:50:28 | 000,000,000 | ---D | C] -- D:\ProgramData\TuneUp Software
[2010/06/06 08:50:07 | 000,000,000 | -HSD | C] -- D:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/06/06 06:49:03 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Garritan
[2010/06/06 06:44:50 | 000,000,000 | ---D | C] -- D:\Program Files\Plogue
[2010/06/06 06:44:50 | 000,000,000 | ---D | C] -- D:\Program Files\Garritan
[2010/06/06 06:38:32 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Finale 2010
[2010/06/06 05:43:21 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\Magic Briefcase
[2010/06/06 05:41:04 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\SugarSync
[2010/06/06 05:40:19 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\SugarSync
[2010/06/04 09:24:39 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft
[2010/06/04 09:24:21 | 000,000,000 | ---D | C] -- D:\Users\Public\Documents\microsoft
[2010/06/04 09:24:13 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Windows Live SkyDrive
[2010/06/04 09:23:48 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Windows Live
[2010/06/04 09:22:50 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/06/04 09:16:14 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Windows Live
[2010/06/02 13:12:14 | 000,352,513 | ---- | C] (Avira GmbH) -- D:\Windows\SysWow64\savapi3.dll
[2010/05/31 15:49:40 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\Moyea
[2010/05/28 12:04:52 | 000,017,456 | ---- | C] (Secunia) -- D:\Windows\SysNative\drivers\psi_mf.sys
[2010/05/21 20:48:00 | 000,065,128 | ---- | C] (Khronos Group) -- D:\Windows\SysNative\OpenCL.dll
[2010/05/21 20:48:00 | 000,056,936 | ---- | C] (Khronos Group) -- D:\Windows\SysWow64\OpenCL.dll
[2010/05/20 03:05:16 | 000,051,024 | ---- | C] (Dritek System Inc.) -- D:\Windows\SysNative\drivers\HMuKstOO.sys
[2010/05/19 06:25:49 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Awave Studio
[2010/05/19 06:12:11 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\Karen's Power Tools
[2010/05/19 06:12:03 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Karen's Power Tools
[2010/05/19 06:11:51 | 000,000,000 | ---D | C] -- D:\ProgramData\Karen's Power Tools
[2010/05/13 17:12:46 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\MSXML 4.0
[2010/05/13 17:04:09 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\KoolMoves Serif Edition
[2010/05/13 16:43:48 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\Ahead
[2010/05/13 16:39:40 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Ahead
[2010/05/13 16:39:12 | 000,000,000 | ---D | C] -- D:\ProgramData\Ahead
[2010/05/13 16:36:43 | 000,000,000 | ---D | C] -- D:\ProgramData\Nero
[2010/05/13 16:36:43 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Nero
[2010/05/13 16:36:43 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Ahead
[2010/05/13 16:20:38 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\jv16 PowerTools 2009
[2010/05/13 16:18:30 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Everything
[2010/05/13 16:17:55 | 000,018,584 | ---- | C] (Softland) -- D:\Windows\SysNative\dopdfmi6.dll
[2010/05/13 16:17:54 | 000,022,168 | ---- | C] (Softland) -- D:\Windows\SysNative\dopdfmn6.dll
[2010/05/13 16:17:50 | 000,000,000 | ---D | C] -- D:\Program Files\Softland
[2010/05/13 16:12:46 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\DigiGuide TV Guide
[2010/05/13 16:11:52 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\CDex_150
[2010/05/13 15:53:35 | 000,000,000 | ---D | C] -- D:\Users\david2\.moneydance
[2010/05/13 15:53:03 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Moneydance
[2010/05/13 15:52:23 | 000,000,000 | ---D | C] -- D:\ProgramData\Sun
[2010/05/13 15:52:22 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Java
[2010/05/13 15:51:37 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Java
[2010/05/13 15:42:07 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Sonic Shared
[2010/05/13 15:42:07 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\PX Storage Engine
[2010/05/13 15:37:23 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Nufsoft
[2010/05/13 15:36:50 | 000,000,000 | ---D | C] -- D:\ProgramData\TEMP
[2010/05/13 14:54:21 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Morpheus Software
[2010/05/13 14:54:15 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Morpheus Photo Animation Suite
[2010/05/13 14:33:28 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Visicom Media
[2010/05/13 14:33:13 | 000,724,992 | ---- | C] (Indigo Rose Corporation) -- D:\Windows\iun6002.exe
[2010/05/13 14:33:10 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Visicom Media
[2010/05/13 14:30:57 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Serif
[2010/05/13 14:29:08 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\MSSoap
[2010/05/13 14:27:10 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Serif
[2010/05/13 12:20:14 | 000,026,504 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- D:\Windows\SysWow64\drivers\eufs.sys
[2010/05/13 12:19:40 | 000,030,600 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- D:\Windows\SysWow64\drivers\eubakup.sys
[2010/05/13 12:19:40 | 000,017,800 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- D:\Windows\SysWow64\drivers\eudskacs.sys
[2010/05/13 12:19:37 | 000,137,608 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- D:\Windows\SysNative\drivers\EuDisk.sys
[2010/05/13 12:19:24 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\EASEUS
[2010/05/13 12:17:12 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\WinZip
[2010/05/13 12:16:41 | 000,000,000 | ---D | C] -- D:\ProgramData\WinZip
[2010/05/13 12:16:36 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\WinZip
[2010/05/13 12:08:55 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Silverlight
[2010/05/13 11

06 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Security Essentials
[2010/05/13 11:43:06 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\WindowsUpdate
[2010/05/13 11:17:19 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Windows Portable Devices
[2010/05/13 11:17:19 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\spool
[2010/05/13 11:17:18 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Portable Devices
[2010/05/13 11:07:55 | 000,000,000 | ---D | C] -- D:\ProgramData\NVIDIA
[2010/05/13 11:06:30 | 000,000,000 | ---D | C] -- D:\Program Files\NVIDIA Corporation
[2010/05/13 10:49:41 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\vi-VN
[2010/05/13 10:49:41 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\vi-VN
[2010/05/13 10:49:41 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\eu-ES
[2010/05/13 10:49:41 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\eu-ES
[2010/05/13 10:49:41 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\ca-ES
[2010/05/13 10:49:41 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\ca-ES
[2010/05/13 10:34:59 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\EventProviders
[2010/05/13 09:43:51 | 000,000,000 | ---D | C] -- D:\PerfLogs
[2010/05/13 06:42:43 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Macromedia
[2010/05/13 06:42:43 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Adobe
[2010/05/13 06:42:38 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\Macromed
[2010/05/13 06:30:11 | 000,000,000 | ---D | C] -- D:\Windows\Panther
[2010/05/13 06:27:36 | 000,000,000 | ---D | C] -- D:\ProgramData\RoboForm
[2010/05/13 06:27:20 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Siber Systems
[2010/05/13 06:24:47 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Mozilla
[2010/05/13 06:24:47 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\Mozilla
[2010/05/13 06:24:14 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Mozilla Firefox
[2010/05/13 05:38:06 | 000,000,000 | ---D | C] -- D:\Windows\SoftwareDistribution
[2010/05/13 05:35:59 | 000,000,000 | ---D | C] -- D:\Windows\Debug
[2010/05/13 05:31:14 | 000,000,000 | ---D | C] -- D:\Windows\Prefetch
[2010/05/12 23:00:27 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\QPPriv
[2010/05/12 23:00:26 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\pdfs
[2010/05/12 22

01 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\old2009
[2010/05/12 22

01 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\NeroVision
[2010/05/12 22:55:55 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\Native Instruments
[2010/05/12 22:55:55 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\My Scans
[2010/05/12 22:55:49 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\My RoboForm Data
[2010/05/12 22:55:49 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\My Google Gadgets
[2010/05/12 22:55:49 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\My Digikits
[2010/05/12 22:55:45 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\MoviePlus
[2010/05/12 22:55:44 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\iZotope Ozone Presets
[2010/05/12 22:55:44 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\HTML
[2010/05/12 22:55:44 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\FFOutput
[2010/05/12 22:55:43 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\DVDVideoSoft
[2010/05/12 22:55:43 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\Downloads
[2010/05/12 22:55:43 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\Corel User Files
[2010/05/12 22:54:55 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\Cakewalk
[2010/05/12 22:53:42 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\Backups of programmes with serial Nos
[2010/05/12 22:53:03 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\Audible
[2010/05/12 22:53:03 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\ASUS
[2010/05/12 22:34:23 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\2010
[2010/05/12 22:29:02 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Sonic Foundry
[2010/05/12 22:27:30 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Sonic Foundry
[2010/05/12 22:26:37 | 000,000,000 | ---D | C] -- D:\Program Files\Sonic Foundry Setup
[2010/05/12 22:03:10 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\L&H
[2010/05/12 22:02:55 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft ActiveSync
[2010/05/12 22:02:45 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\DESIGNER
[2010/05/12 22:02:40 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Works
[2010/05/12 22:02:26 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Visual Studio
[2010/05/12 22:01:26 | 000,000,000 | ---D | C] -- D:\Windows\PCHEALTH
[2010/05/12 22:01:26 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft.NET
[2010/05/12 22:01:26 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Office
[2010/05/12 21:59:29 | 000,000,000 | -HSD | C] -- D:\Windows\Installer
[2010/05/12 21:49:05 | 000,000,000 | R--D | C] -- D:\Users\david2\Searches
[2010/05/12 21:48:56 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Identities
[2010/05/12 21:48:53 | 000,000,000 | R--D | C] -- D:\Users\david2\Contacts
[2010/05/12 21:48:52 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\VirtualStore
[2010/05/12 17:48:16 | 000,000,000 | RH-D | C] -- D:\MSOCache
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\AppData\Local\Temporary Internet Files
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\Templates
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\Start Menu
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\SendTo
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\Recent
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\PrintHood
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\NetHood
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\My Documents
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\Local Settings
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\AppData\Local\History
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\Cookies
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\Application Data
[2010/05/12 13:48:43 | 000,000,000 | -HSD | C] -- D:\Users\david2\AppData\Local\Application Data
[2010/05/12 13:48:43 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\My Videos
[2010/05/12 13:48:43 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\My Pictures
[2010/05/12 13:48:43 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents\My Music
[2010/05/12 13:48:42 | 000,000,000 | --SD | C] -- D:\Users\david2\AppData\Roaming\Microsoft
[2010/05/12 13:48:42 | 000,000,000 | R--D | C] -- D:\Users\david2\Videos
[2010/05/12 13:48:42 | 000,000,000 | R--D | C] -- D:\Users\david2\Saved Games
[2010/05/12 13:48:42 | 000,000,000 | R--D | C] -- D:\Users\david2\Pictures
[2010/05/12 13:48:42 | 000,000,000 | R--D | C] -- D:\Users\david2\Music
[2010/05/12 13:48:42 | 000,000,000 | R--D | C] -- D:\Users\david2\Links
[2010/05/12 13:48:42 | 000,000,000 | R--D | C] -- D:\Users\david2\Favorites
[2010/05/12 13:48:42 | 000,000,000 | R--D | C] -- D:\Users\david2\Downloads
[2010/05/12 13:48:42 | 000,000,000 | R--D | C] -- D:\Users\david2\Desktop
[2010/05/12 13:48:42 | 000,000,000 | -H-D | C] -- D:\Users\david2\AppData
[2010/05/12 13:48:42 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\Temp
[2010/05/12 13:48:42 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Local\Microsoft
[2010/05/12 13:48:42 | 000,000,000 | ---D | C] -- D:\Users\david2\AppData\Roaming\Media Center Programs
[2010/05/12 13:48:42 | 000,000,000 | ---D | C] -- D:\Users\david2\Documents
[2010/05/11 23:00:41 | 000,000,000 | ---D | C] -- D:\Windows.old
[2010/05/10 17:22:27 | 000,000,000 | -HSD | C] -- D:\Config.Msi

**dwsolo** · 07-08-2010

2nd part of OTL
========== Files - Modified Within 90 Days ==========

[2010/08/07 07:43:34 | 002,883,584 | -HS- | M] () -- D:\Users\david2\NTUSER.DAT
[2010/08/07 06:37:17 | 000,004,880 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/07 06:37:17 | 000,004,880 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/07 06:36:52 | 000,055,925 | ---- | M] () -- D:\ProgramData\nvModes.dat
[2010/08/07 06:36:51 | 000,055,925 | ---- | M] () -- D:\ProgramData\nvModes.001
[2010/08/07 06:36:38 | 000,000,326 | ---- | M] () -- D:\Windows\tasks\GlaryInitialize.job
[2010/08/07 06:36:27 | 000,000,006 | -H-- | M] () -- D:\Windows\tasks\SA.DAT
[2010/08/07 06:36:18 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2010/08/07 06:36:09 | 2146,754,560 | -HS- | M] () -- D:\hiberfil.sys
[2010/08/07 06:34:41 | 000,524,288 | -HS- | M] () -- D:\Users\david2\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regt rans-ms
[2010/08/07 06:34:41 | 000,065,536 | -HS- | M] () -- D:\Users\david2\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/08/07 06:34:29 | 003,048,299 | -H-- | M] () -- D:\Users\david2\AppData\Local\IconCache.db
[2010/08/07 06:24:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Users\david2\Desktop\OTL.exe
[2010/08/07 06:24:12 | 000,080,384 | ---- | M] () -- D:\Users\david2\Desktop\MBRCheck.exe
[2010/08/07 06:23:06 | 000,293,376 | ---- | M] () -- D:\Users\david2\Desktop\0vxp1r1b.exe
[2010/08/06 21:27:08 | 000,000,906 | ---- | M] () -- D:\Users\Public\Desktop\VLC media player.lnk
[2010/08/06 21:26:00 | 019,461,015 | ---- | M] () -- D:\Users\david2\Documents\vlc-1.1.2-win32.exe
[2010/08/06 20:52:50 | 000,074,240 | ---- | M] () -- D:\Users\david2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/06 08:29:18 | 000,000,792 | ---- | M] () -- D:\Users\david2\Desktop\HiJackThis - Shortcut.lnk
[2010/08/02 14:35:13 | 000,000,000 | -H-- | M] () -- D:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01 _07_00.Wdf
[2010/08/02 10:55:34 | 000,608,760 | ---- | M] () -- D:\Windows\SysNative\perfh009.dat
[2010/08/02 10:55:34 | 000,108,268 | ---- | M] () -- D:\Windows\SysNative\perfc009.dat
[2010/08/02 10:55:33 | 000,703,388 | ---- | M] () -- D:\Windows\SysNative\PerfStringBackup.INI
[2010/08/02 06:09:34 | 000,002,657 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/01 09:15:39 | 000,001,091 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\AceFTP 3 Freeware.lnk
[2010/08/01 07:18:47 | 000,000,827 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\CDex.lnk
[2010/07/31 18:37:14 | 000,002,631 | ---- | M] () -- D:\Users\david2\Desktop\Microsoft Office Excel 2003.lnk
[2010/07/29 21:07:51 | 000,000,871 | ---- | M] () -- D:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/28 10:07:00 | 437,839,549 | ---- | M] () -- D:\Windows\MEMORY.DMP
[2010/07/28 10:04:18 | 000,000,985 | ---- | M] () -- D:\Users\david2\Desktop\Auslogics BoostSpeed.lnk
[2010/07/28 08:07:20 | 000,000,912 | ---- | M] () -- D:\Users\david2\Desktop\FlexiMusic Composer.lnk
[2010/07/27 20:20:15 | 000,000,968 | ---- | M] () -- D:\Users\david2\Desktop\Sun Life Financial (was Lincoln) Valuations.doc - Shortcut.lnk
[2010/07/27 20:20:06 | 000,000,853 | ---- | M] () -- D:\Users\david2\Desktop\Foresters Valuations.doc - Shortcut.lnk
[2010/07/27 19:41:19 | 000,001,685 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/07/27 19:41:00 | 000,001,610 | ---- | M] () -- D:\Users\david2\Desktop\Snipping Tool.lnk
[2010/07/27 18:17:25 | 000,000,899 | ---- | M] () -- D:\Users\Public\Desktop\YouSendIt.lnk
[2010/07/27 11:52:02 | 000,001,757 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2010.lnk
[2010/07/27 11:52:02 | 000,001,733 | ---- | M] () -- D:\Users\david2\Desktop\jv16 PowerTools 2010.lnk
[2010/07/27 08:41:26 | 000,000,900 | ---- | M] () -- D:\Users\david2\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/27 07:42:18 | 000,001,084 | ---- | M] () -- D:\Users\Public\Desktop\Foxit Reader.lnk
[2010/07/27 05:28:42 | 000,000,851 | ---- | M] () -- D:\Users\david2\Desktop\CCleaner.lnk
[2010/07/27 05:04:45 | 000,000,000 | ---- | M] () -- D:\Windows\nsreg.dat
[2010/07/27 04:32:05 | 000,001,807 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/27 04:32:05 | 000,001,783 | ---- | M] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/26 18:30:48 | 000,001,699 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2010/07/26 16:18:43 | 000,001,699 | ---- | M] () -- D:\Users\david2\Desktop\Notepad.lnk
[2010/07/09 08:41:34 | 000,241,111 | ---- | M] () -- D:\Users\david2\Documents\bookmark.htm
[2010/07/03 10:03:11 | 000,000,086 | ---- | M] () -- D:\Users\david2\Desktop\Buy jv16 PowerTools.url
[2010/07/03 10:01:22 | 000,001,733 | ---- | M] () -- D:\Users\Public\Desktop\jv16 PowerTools 2010.lnk
[2010/07/02 05:19:10 | 000,000,832 | ---- | M] () -- D:\Users\david2\Desktop\Glary Utilities.lnk
[2010/06/30 07:42:12 | 000,000,947 | ---- | M] () -- D:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/24 11:18:19 | 000,000,221 | ---- | M] () -- D:\ProgramData\Microsoft.SqlServer.Compact.351.64. bc
[2010/06/23 14:04:49 | 010,850,095 | ---- | M] () -- D:\Users\david2\Documents\PCI_HDAV_091126_7_12_8_1 777_W73264.rar
[2010/06/17 09:13:21 | 000,021,712 | ---- | M] (Phoenix Technologies) -- D:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2010/06/12 13:48:41 | 000,000,284 | ---- | M] () -- D:\Windows\reimage.ini
[2010/06/12 13:47:54 | 000,001,902 | ---- | M] () -- D:\Users\david2\Desktop\PC Scan & Repair by Reimage.lnk
[2010/06/12 13:38:40 | 000,001,820 | ---- | M] () -- D:\Users\david2\Desktop\CD-LabelPrint.lnk
[2010/06/12 13:31:58 | 000,000,937 | ---- | M] () -- D:\Users\david2\Desktop\iCopy.lnk
[2010/06/12 10:35:24 | 000,398,024 | ---- | M] () -- D:\Windows\SysNative\FNTCACHE.DAT
[2010/06/12 10:08:47 | 000,000,240 | ---- | M] () -- D:\Windows\win.ini
[2010/06/12 10:03:55 | 000,000,419 | ---- | M] () -- D:\Windows\BRWMARK.INI
[2010/06/12 10:03:55 | 000,000,027 | ---- | M] () -- D:\Windows\BRPP2KA.INI
[2010/06/12 09:53:23 | 000,000,000 | -H-- | M] () -- D:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07 _00.Wdf
[2010/06/06 10:23:53 | 000,000,797 | ---- | M] () -- D:\Users\Public\Desktop\TrueCrypt.lnk
[2010/06/06 10:23:48 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- D:\Windows\SysWow64\drivers\truecrypt.sys
[2010/06/06 08:58:51 | 000,125,368 | ---- | M] () -- D:\Users\david2\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/06 06:45:08 | 000,001,007 | ---- | M] () -- D:\Users\Public\Desktop\Instruments for Finale.lnk
[2010/06/06 06:38:59 | 000,000,884 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2010.lnk
[2010/06/06 06:38:59 | 000,000,860 | ---- | M] () -- D:\Users\Public\Desktop\Finale 2010.lnk
[2010/06/06 05:40:52 | 000,001,794 | ---- | M] () -- D:\Users\Public\Desktop\SugarSync Manager.lnk
[2010/06/02 13:12:14 | 000,352,513 | ---- | M] (Avira GmbH) -- D:\Windows\SysWow64\savapi3.dll
[2010/06/02 13:12:12 | 001,380,403 | ---- | M] () -- D:\Windows\SysWow64\avgsdk.dll
[2010/05/31 15:44:22 | 000,002,155 | ---- | M] () -- D:\Users\david2\Desktop\Replicator.lnk
[2010/05/28 12:04:52 | 000,017,456 | ---- | M] (Secunia) -- D:\Windows\SysNative\drivers\psi_mf.sys
[2010/05/21 20:48:00 | 000,065,128 | ---- | M] (Khronos Group) -- D:\Windows\SysNative\OpenCL.dll
[2010/05/21 20:48:00 | 000,056,936 | ---- | M] (Khronos Group) -- D:\Windows\SysWow64\OpenCL.dll
[2010/05/21 20:48:00 | 000,008,477 | ---- | M] () -- D:\Windows\SysNative\nvinfo.pb
[2010/05/20 03:05:16 | 000,051,024 | ---- | M] (Dritek System Inc.) -- D:\Windows\SysNative\drivers\HMuKstOO.sys
[2010/05/19 06:25:54 | 000,000,605 | ---- | M] () -- D:\Users\david2\Desktop\Awave Studio.lnk
[2010/05/13 17:04:28 | 000,000,961 | ---- | M] () -- D:\Users\david2\Desktop\KoolMoves.lnk
[2010/05/13 16:40:44 | 000,002,602 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/05/13 16:40:44 | 000,002,578 | ---- | M] () -- D:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/05/13 16:20:48 | 000,000,023 | -HS- | M] () -- D:\Windows\SysNative\abedaebd.dat
[2010/05/13 16:20:48 | 000,000,023 | ---- | M] () -- D:\Windows\SysNative\caafbedfb3.xml
[2010/05/13 16:18:32 | 000,000,899 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Search Everything.lnk
[2010/05/13 16:18:32 | 000,000,875 | ---- | M] () -- D:\Users\david2\Desktop\Search Everything.lnk
[2010/05/13 16:12:53 | 000,000,911 | ---- | M] () -- D:\Users\david2\Desktop\DigiGuide TV Guide.lnk
[2010/05/13 16:11:54 | 000,000,827 | ---- | M] () -- D:\Users\david2\Desktop\CDex.lnk
[2010/05/13 15:55:53 | 000,001,773 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Moneydance.lnk
[2010/05/13 15:42:12 | 000,002,062 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Serif MoviePlus X3.lnk
[2010/05/13 15:42:12 | 000,002,038 | ---- | M] () -- D:\Users\Public\Desktop\Serif MoviePlus X3.lnk
[2010/05/13 15:35:12 | 000,002,006 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Serif WebPlus X4.lnk
[2010/05/13 15:08:59 | 000,002,006 | ---- | M] () -- D:\Users\Public\Desktop\Serif WebPlus X4.lnk
[2010/05/13 14:57:34 | 000,001,005 | ---- | M] () -- D:\Users\Public\Desktop\Morpheus Photo Animation Suite.lnk
[2010/05/13 14:33:28 | 000,001,091 | ---- | M] () -- D:\Users\david2\Desktop\AceFTP 3 Freeware.lnk
[2010/05/13 14:32:53 | 000,724,992 | ---- | M] (Indigo Rose Corporation) -- D:\Windows\iun6002.exe
[2010/05/13 14:29:09 | 000,002,057 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Serif PhotoPlus X3.lnk
[2010/05/13 14:29:09 | 000,002,033 | ---- | M] () -- D:\Users\Public\Desktop\Serif PhotoPlus X3.lnk
[2010/05/13 12:19:38 | 000,001,136 | ---- | M] () -- D:\Users\Public\Desktop\EASEUS Todo Backup 1.1.lnk
[2010/05/13 09:54:09 | 000,000,749 | RH-- | M] () -- D:\Windows\WindowsShell.Manifest
[2010/05/13 09:33:53 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- D:\Windows\SysWow64\ifxcardm.dll
[2010/05/13 09:33:51 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- D:\Windows\SysWow64\axaltocm.dll
[2010/05/13 09:33:48 | 000,134,144 | ---- | M] (Infineon Technologies AG) -- D:\Windows\SysNative\ifxcardm.dll
[2010/05/13 09:33:44 | 000,133,632 | ---- | M] (Gemalto, Inc.) -- D:\Windows\SysNative\axaltocm.dll
[2010/05/13 08:02:49 | 000,000,978 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/13 07:13:21 | 000,001,820 | ---- | M] () -- D:\Windows\SysNative\rasctrnm.h
[2010/05/13 07:13:15 | 000,001,820 | ---- | M] () -- D:\Windows\SysWow64\rasctrnm.h
[2010/05/13 07:02:16 | 035,848,192 | ---- | M] () -- D:\Windows\ocsetup_install_NetFx3.etl
[2010/05/13 07:02:16 | 000,327,680 | ---- | M] () -- D:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/05/13 07:02:16 | 000,065,536 | ---- | M] () -- D:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/05/13 06:29:58 | 000,008,192 | R-S- | M] () -- D:\BOOTSECT.BAK
[2010/05/13 05:37:42 | 000,041,176 | ---- | M] () -- D:\Windows\SysNative\license.rtf
[2010/05/12 23:40:18 | 002,608,861 | ---- | M] () -- D:\Windows\SysNative\wlan.tmf
[2010/05/12 23:40:15 | 000,015,181 | ---- | M] () -- D:\Windows\SysNative\gatherWirelessInfo.vbs
[2010/05/12 22:29:26 | 000,001,879 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Sound Forge 6.0.lnk
[2010/05/12 22:27:38 | 000,001,879 | ---- | M] () -- D:\Users\Public\Desktop\Sound Forge 6.0.lnk
[2010/05/12 22:05:54 | 000,002,036 | ---- | M] () -- D:\Users\david2\Desktop\Microsoft Office Word 2003.lnk
[2010/05/12 22:04:36 | 000,000,376 | ---- | M] () -- D:\Windows\ODBC.INI
[2010/05/12 21:55:19 | 000,524,288 | -HS- | M] () -- D:\Users\david2\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regt rans-ms
[2010/05/12 21:52:27 | 000,001,537 | ---- | M] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2010/05/12 21:52:18 | 000,001,537 | ---- | M] () -- D:\Users\david2\Desktop\Windows Explorer.lnk
[2010/05/12 21:51:57 | 000,001,661 | ---- | M] () -- D:\Users\david2\Desktop\Windows Update.lnk
[2010/05/12 13:48:43 | 000,000,020 | -HS- | M] () -- D:\Users\david2\ntuser.ini

========== Files Created - No Company Name ==========

[2010/08/07 06:24:12 | 000,080,384 | ---- | C] () -- D:\Users\david2\Desktop\MBRCheck.exe
[2010/08/07 06:23:01 | 000,293,376 | ---- | C] () -- D:\Users\david2\Desktop\0vxp1r1b.exe
[2010/08/06 21:27:08 | 000,000,906 | ---- | C] () -- D:\Users\Public\Desktop\VLC media player.lnk
[2010/08/06 21:25:39 | 019,461,015 | ---- | C] () -- D:\Users\david2\Documents\vlc-1.1.2-win32.exe
[2010/08/06 08:29:18 | 000,000,792 | ---- | C] () -- D:\Users\david2\Desktop\HiJackThis - Shortcut.lnk
[2010/08/02 14:35:13 | 000,000,000 | -H-- | C] () -- D:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01 _07_00.Wdf
[2010/08/01 09:15:39 | 000,001,091 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\AceFTP 3 Freeware.lnk
[2010/08/01 07:18:47 | 000,000,827 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\CDex.lnk
[2010/07/29 21:07:51 | 000,000,871 | ---- | C] () -- D:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/28 10:07:00 | 437,839,549 | ---- | C] () -- D:\Windows\MEMORY.DMP
[2010/07/28 10:04:18 | 000,000,985 | ---- | C] () -- D:\Users\david2\Desktop\Auslogics BoostSpeed.lnk
[2010/07/28 08:07:20 | 000,000,912 | ---- | C] () -- D:\Users\david2\Desktop\FlexiMusic Composer.lnk
[2010/07/27 20:20:15 | 000,000,968 | ---- | C] () -- D:\Users\david2\Desktop\Sun Life Financial (was Lincoln) Valuations.doc - Shortcut.lnk
[2010/07/27 20:20:06 | 000,000,853 | ---- | C] () -- D:\Users\david2\Desktop\Foresters Valuations.doc - Shortcut.lnk
[2010/07/27 19:41:19 | 000,001,685 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/07/27 19:41:00 | 000,001,610 | ---- | C] () -- D:\Users\david2\Desktop\Snipping Tool.lnk
[2010/07/27 18:17:25 | 000,000,899 | ---- | C] () -- D:\Users\Public\Desktop\YouSendIt.lnk
[2010/07/27 11:52:02 | 000,001,733 | ---- | C] () -- D:\Users\david2\Desktop\jv16 PowerTools 2010.lnk
[2010/07/27 08:41:26 | 000,000,900 | ---- | C] () -- D:\Users\david2\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/27 07:42:18 | 000,001,084 | ---- | C] () -- D:\Users\Public\Desktop\Foxit Reader.lnk
[2010/07/27 05:04:45 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2010/07/26 18:30:48 | 000,001,699 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2010/07/26 16:18:43 | 000,001,699 | ---- | C] () -- D:\Users\david2\Desktop\Notepad.lnk
[2010/07/09 08:41:31 | 000,241,111 | ---- | C] () -- D:\Users\david2\Documents\bookmark.htm
[2010/07/03 10:03:11 | 000,000,086 | ---- | C] () -- D:\Users\david2\Desktop\Buy jv16 PowerTools.url
[2010/07/03 10:01:22 | 000,001,757 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2010.lnk
[2010/07/03 10:01:22 | 000,001,733 | ---- | C] () -- D:\Users\Public\Desktop\jv16 PowerTools 2010.lnk
[2010/06/30 08:41:50 | 000,201,184 | ---- | C] () -- D:\Windows\SysWow64\winrm.vbs
[2010/06/30 08:41:50 | 000,201,184 | ---- | C] () -- D:\Windows\SysNative\winrm.vbs
[2010/06/30 08:41:50 | 000,004,675 | ---- | C] () -- D:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/06/30 08:41:50 | 000,004,675 | ---- | C] () -- D:\Windows\SysNative\wsmanconfig_schema.xml
[2010/06/30 08:41:50 | 000,002,426 | ---- | C] () -- D:\Windows\SysWow64\WsmTxt.xsl
[2010/06/30 08:41:50 | 000,002,426 | ---- | C] () -- D:\Windows\SysNative\WsmTxt.xsl
[2010/06/24 10:55:46 | 000,000,326 | ---- | C] () -- D:\Windows\tasks\GlaryInitialize.job
[2010/06/24 10:55:44 | 000,000,832 | ---- | C] () -- D:\Users\david2\Desktop\Glary Utilities.lnk
[2010/06/23 14:04:24 | 010,850,095 | ---- | C] () -- D:\Users\david2\Documents\PCI_HDAV_091126_7_12_8_1 777_W73264.rar
[2010/06/17 08:36:35 | 000,000,851 | ---- | C] () -- D:\Users\david2\Desktop\CCleaner.lnk
[2010/06/17 07

05 | 000,000,221 | ---- | C] () -- D:\ProgramData\Microsoft.SqlServer.Compact.351.64. bc
[2010/06/12 13:48:23 | 000,000,284 | ---- | C] () -- D:\Windows\reimage.ini
[2010/06/12 13:47:54 | 000,001,902 | ---- | C] () -- D:\Users\david2\Desktop\PC Scan & Repair by Reimage.lnk
[2010/06/12 13:38:40 | 000,001,820 | ---- | C] () -- D:\Users\david2\Desktop\CD-LabelPrint.lnk
[2010/06/12 13:31:58 | 000,000,937 | ---- | C] () -- D:\Users\david2\Desktop\iCopy.lnk
[2010/06/12 10:40:37 | 000,000,000 | ---- | C] () -- D:\Users\david2\Sti_Trace.log
[2010/06/12 10:03:55 | 000,000,419 | ---- | C] () -- D:\Windows\BRWMARK.INI
[2010/06/12 10:03:55 | 000,000,027 | ---- | C] () -- D:\Windows\BRPP2KA.INI
[2010/06/12 09:53:23 | 000,000,000 | -H-- | C] () -- D:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07 _00.Wdf
[2010/06/06 10:25:48 | 000,074,240 | ---- | C] () -- D:\Users\david2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/06 10:23:53 | 000,000,797 | ---- | C] () -- D:\Users\Public\Desktop\TrueCrypt.lnk
[2010/06/06 06:45:08 | 000,001,007 | ---- | C] () -- D:\Users\Public\Desktop\Instruments for Finale.lnk
[2010/06/06 06:39:14 | 000,431,520 | ---- | C] () -- D:\Users\david2\AppData\Local\dd_vcredistMSI3373.t xt
[2010/06/06 06:39:11 | 000,011,386 | ---- | C] () -- D:\Users\david2\AppData\Local\dd_vcredistUI3373.tx t
[2010/06/06 06:38:59 | 000,000,884 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2010.lnk
[2010/06/06 06:38:59 | 000,000,860 | ---- | C] () -- D:\Users\Public\Desktop\Finale 2010.lnk
[2010/06/06 05:40:52 | 000,001,794 | ---- | C] () -- D:\Users\Public\Desktop\SugarSync Manager.lnk
[2010/06/02 13:12:12 | 001,380,403 | ---- | C] () -- D:\Windows\SysWow64\avgsdk.dll
[2010/05/31 15:44:22 | 000,002,155 | ---- | C] () -- D:\Users\david2\Desktop\Replicator.lnk
[2010/05/21 20:48:00 | 000,008,477 | ---- | C] () -- D:\Windows\SysNative\nvinfo.pb
[2010/05/19 06:25:54 | 000,000,605 | ---- | C] () -- D:\Users\david2\Desktop\Awave Studio.lnk
[2010/05/13 17:04:28 | 000,000,961 | ---- | C] () -- D:\Users\david2\Desktop\KoolMoves.lnk
[2010/05/13 16:40:44 | 000,002,602 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/05/13 16:40:44 | 000,002,578 | ---- | C] () -- D:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/05/13 16:20:48 | 000,000,023 | -HS- | C] () -- D:\Windows\SysNative\abedaebd.dat
[2010/05/13 16:20:48 | 000,000,023 | ---- | C] () -- D:\Windows\SysNative\caafbedfb3.xml
[2010/05/13 16:18:32 | 000,000,899 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Search Everything.lnk
[2010/05/13 16:18:32 | 000,000,875 | ---- | C] () -- D:\Users\david2\Desktop\Search Everything.lnk
[2010/05/13 16:17:55 | 000,007,533 | ---- | C] () -- D:\Windows\SysNative\dopdf6.ctm
[2010/05/13 16:12:53 | 000,000,911 | ---- | C] () -- D:\Users\david2\Desktop\DigiGuide TV Guide.lnk
[2010/05/13 16:11:54 | 000,000,827 | ---- | C] () -- D:\Users\david2\Desktop\CDex.lnk
[2010/05/13 15:55:53 | 000,001,773 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Moneydance.lnk
[2010/05/13 15:42:12 | 000,002,062 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Serif MoviePlus X3.lnk
[2010/05/13 15:42:12 | 000,002,038 | ---- | C] () -- D:\Users\Public\Desktop\Serif MoviePlus X3.lnk
[2010/05/13 15:35:12 | 000,002,006 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Serif WebPlus X4.lnk
[2010/05/13 15:08:59 | 000,002,006 | ---- | C] () -- D:\Users\Public\Desktop\Serif WebPlus X4.lnk
[2010/05/13 14:54:18 | 000,001,005 | ---- | C] () -- D:\Users\Public\Desktop\Morpheus Photo Animation Suite.lnk
[2010/05/13 14:33:28 | 000,001,091 | ---- | C] () -- D:\Users\david2\Desktop\AceFTP 3 Freeware.lnk
[2010/05/13 14:29:09 | 000,002,057 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Serif PhotoPlus X3.lnk
[2010/05/13 14:29:09 | 000,002,033 | ---- | C] () -- D:\Users\Public\Desktop\Serif PhotoPlus X3.lnk
[2010/05/13 12:19:38 | 000,001,136 | ---- | C] () -- D:\Users\Public\Desktop\EASEUS Todo Backup 1.1.lnk
[2010/05/13 11

07 | 000,000,947 | ---- | C] () -- D:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/05/13 11:08:12 | 000,055,925 | ---- | C] () -- D:\ProgramData\nvModes.001
[2010/05/13 11:08:10 | 000,055,925 | ---- | C] () -- D:\ProgramData\nvModes.dat
[2010/05/13 10:30:12 | 000,121,856 | ---- | C] () -- D:\Windows\SysNative\EhStorAuthn.dll
[2010/05/13 10:30:12 | 000,117,248 | ---- | C] () -- D:\Windows\SysWow64\EhStorAuthn.dll
[2010/05/13 10:29:54 | 000,262,552 | ---- | C] () -- D:\Windows\SysNative\systemsf.ebd
[2010/05/13 10:29:30 | 000,471,992 | ---- | C] () -- D:\Windows\SysNative\dot3.tmf
[2010/05/13 10:29:28 | 000,700,507 | ---- | C] () -- D:\Windows\SysNative\eaphost.tmf
[2010/05/13 10:29:25 | 000,107,612 | ---- | C] () -- D:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/05/13 10:29:25 | 000,107,612 | ---- | C] () -- D:\Windows\SysNative\StructuredQuerySchema.bin
[2010/05/13 10:29:21 | 003,662,128 | ---- | C] () -- D:\Windows\SysWow64\locale.nls
[2010/05/13 10:29:21 | 003,662,128 | ---- | C] () -- D:\Windows\SysNative\locale.nls
[2010/05/13 10:29:21 | 000,395,723 | ---- | C] () -- D:\Windows\SysNative\onex.tmf
[2010/05/13 10:28:44 | 000,207,968 | ---- | C] () -- D:\Windows\SysNative\WFP.TMF
[2010/05/13 10:28:41 | 000,092,918 | ---- | C] () -- D:\Windows\SysWow64\slmgr.vbs
[2010/05/13 10:28:41 | 000,092,918 | ---- | C] () -- D:\Windows\SysNative\slmgr.vbs
[2010/05/13 10:28:35 | 000,368,640 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2010/05/13 10:27:58 | 000,009,239 | ---- | C] () -- D:\Windows\SysWow64\spcinstrumentation.man
[2010/05/13 10:27:58 | 000,009,239 | ---- | C] () -- D:\Windows\SysNative\spcinstrumentation.man
[2010/05/13 10:27:23 | 000,009,212 | ---- | C] () -- D:\Windows\SysWow64\RacUR.xml
[2010/05/13 10:27:23 | 000,009,212 | ---- | C] () -- D:\Windows\SysNative\RacUR.xml
[2010/05/13 10:27:12 | 000,000,153 | ---- | C] () -- D:\Windows\SysWow64\RacUREx.xml
[2010/05/13 10:27:12 | 000,000,153 | ---- | C] () -- D:\Windows\SysNative\RacUREx.xml
[2010/05/13 10:17:12 | 000,018,904 | ---- | C] () -- D:\Windows\SysWow64\StructuredQuerySchemaTrivial.b in
[2010/05/13 10:17:12 | 000,018,904 | ---- | C] () -- D:\Windows\SysNative\StructuredQuerySchemaTrivial. bin
[2010/05/13 10:17:05 | 011,967,524 | ---- | C] () -- D:\Windows\SysWow64\korwbrkr.lex
[2010/05/13 10:17:05 | 011,967,524 | ---- | C] () -- D:\Windows\SysNative\korwbrkr.lex
[2010/05/13 09:11:48 | 000,060,124 | ---- | C] () -- D:\Windows\SysWow64\tcpmon.ini
[2010/05/13 09:11:48 | 000,060,124 | ---- | C] () -- D:\Windows\SysNative\tcpmon.ini
[2010/05/13 09:11:38 | 000,012,198 | ---- | C] () -- D:\Windows\SysNative\gatherWiredInfo.vbs
[2010/05/13 09:11:37 | 000,144,909 | ---- | C] () -- D:\Windows\SysWow64\fsmgmt.msc
[2010/05/13 09:11:37 | 000,144,909 | ---- | C] () -- D:\Windows\SysNative\fsmgmt.msc
[2010/05/13 09:11:36 | 000,145,455 | ---- | C] () -- D:\Windows\SysWow64\perfmon.msc
[2010/05/13 09:11:36 | 000,145,455 | ---- | C] () -- D:\Windows\SysNative\perfmon.msc
[2010/05/13 09:11:36 | 000,000,003 | ---- | C] () -- D:\Windows\SysNative\drivers\MsftWdf_Kernel_01007_ Inbox_Critical.Wdf
[2010/05/13 07:48:47 | 000,057,667 | ---- | C] () -- D:\Windows\SysWow64\ieuinit.inf
[2010/05/13 07:48:47 | 000,057,667 | ---- | C] () -- D:\Windows\SysNative\ieuinit.inf
[2010/05/13 07:13:21 | 000,001,820 | ---- | C] () -- D:\Windows\SysNative\rasctrnm.h
[2010/05/13 07:13:15 | 000,001,820 | ---- | C] () -- D:\Windows\SysWow64\rasctrnm.h
[2010/05/13 06:24:20 | 000,001,807 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/13 06:24:20 | 000,001,783 | ---- | C] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/13 05:39:48 | 2146,754,560 | -HS- | C] () -- D:\hiberfil.sys
[2010/05/13 00:34:05 | 035,848,192 | ---- | C] () -- D:\Windows\ocsetup_install_NetFx3.etl
[2010/05/13 00:34:05 | 000,327,680 | ---- | C] () -- D:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/05/13 00:34:05 | 000,065,536 | ---- | C] () -- D:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/05/12 23:40:18 | 002,608,861 | ---- | C] () -- D:\Windows\SysNative\wlan.tmf
[2010/05/12 23:40:15 | 000,015,181 | ---- | C] () -- D:\Windows\SysNative\gatherWirelessInfo.vbs
[2010/05/12 23:00:27 | 292,454,556 | ---- | C] () -- D:\Users\david2\Documents\TempImage.nrg
[2010/05/12 23:00:27 | 000,505,856 | ---- | C] () -- D:\Users\david2\Documents\advert for Valerie.doc
[2010/05/12 23:00:27 | 000,030,208 | ---- | C] () -- D:\Users\david2\Documents\query re tax coding.doc
[2010/05/12 23:00:27 | 000,028,672 | ---- | C] () -- D:\Users\david2\Documents\CDBaby Music all powerful.doc
[2010/05/12 23:00:27 | 000,028,672 | ---- | C] () -- D:\Users\david2\Documents\CDBaby all you need is love.doc
[2010/05/12 22:29:26 | 000,001,879 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Sound Forge 6.0.lnk
[2010/05/12 22:27:38 | 000,001,879 | ---- | C] () -- D:\Users\Public\Desktop\Sound Forge 6.0.lnk
[2010/05/12 22:06:42 | 000,002,657 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/05/12 22:06:03 | 000,002,631 | ---- | C] () -- D:\Users\david2\Desktop\Microsoft Office Excel 2003.lnk
[2010/05/12 22:05:54 | 000,002,036 | ---- | C] () -- D:\Users\david2\Desktop\Microsoft Office Word 2003.lnk
[2010/05/12 22:04:48 | 000,000,978 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/12 22:04:35 | 000,000,376 | ---- | C] () -- D:\Windows\ODBC.INI
[2010/05/12 21:52:27 | 000,001,537 | ---- | C] () -- D:\Users\david2\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2010/05/12 21:52:18 | 000,001,537 | ---- | C] () -- D:\Users\david2\Desktop\Windows Explorer.lnk
[2010/05/12 21:51:57 | 000,001,661 | ---- | C] () -- D:\Users\david2\Desktop\Windows Update.lnk
[2010/05/12 13:48:43 | 000,000,020 | -HS- | C] () -- D:\Users\david2\ntuser.ini
[2010/05/12 13:48:42 | 000,524,288 | -HS- | C] () -- D:\Users\david2\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regt rans-ms
[2010/05/12 13:48:42 | 000,524,288 | -HS- | C] () -- D:\Users\david2\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regt rans-ms
[2010/05/12 13:48:42 | 000,262,144 | -H-- | C] () -- D:\Users\david2\ntuser.dat.LOG1
[2010/05/12 13:48:42 | 000,065,536 | -HS- | C] () -- D:\Users\david2\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/05/12 13:48:42 | 000,000,000 | -H-- | C] () -- D:\Users\david2\ntuser.dat.LOG2
[2010/05/12 13:48:41 | 002,883,584 | -HS- | C] () -- D:\Users\david2\NTUSER.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- D:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/07/27 09:45:22 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\Audacity
[2010/07/28 12:49:28 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\Auslogics
[2010/06/12 13:45:19 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\CD-LabelPrint
[2010/07/27 07:42:47 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\Foxit Software
[2010/06/06 06:49:03 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\Garritan
[2010/06/24 11:00:57 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\GlarySoft
[2010/05/13 14:54:21 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\Morpheus Software
[2010/07/27 06:59:24 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\Plogue
[2010/07/26 16:36:30 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\Serif
[2010/06/06 10:25:28 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\TrueCrypt
[2010/07/26 18:44:51 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\Trusteer
[2010/06/06 08:51:10 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\TuneUp Software
[2010/05/13 14:33:28 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\Visicom Media
[2010/07/27 18:20:24 | 000,000,000 | ---D | M] -- D:\Users\david2\AppData\Roaming\YouSendIt
[2010/08/07 06:36:38 | 000,000,326 | ---- | M] () -- D:\Windows\Tasks\GlaryInitialize.job
[2010/08/07 06:34:56 | 000,032,556 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2006/11/02 13:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- D:\Windows.old\Windows\System32\DriverStore\FileRe pository\machine.inf_c41411ff\AGP440.sys
[2008/01/19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- D:\Windows.old\Windows\System32\DriverStore\FileRe pository\machine.inf_986ce78a\AGP440.sys
[2008/01/19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- D:\Windows.old\Windows\System32\DriverStore\FileRe pository\machine.inf_eee87d92\AGP440.sys
[2008/01/19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- D:\Windows.old\Windows\winsxs\amd64_machine.inf_31 bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab 0\AGP440.sys
[2008/01/19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- D:\Windows.old\Windows\winsxs\amd64_machine.inf_31 bf3856ad364e35_6.0.6002.18005_none_181d01cb743015f c\AGP440.sys
[2008/01/19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e 35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e 35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/02/13 10:35:26 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- D:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf 3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\ atapi.sys
[2010/05/12 23:47:33 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35 _6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008/01/19 09:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- D:\Windows.old\Windows\System32\DriverStore\FileRe pository\mshdc.inf_1d87dda2\atapi.sys
[2008/01/19 09:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- D:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf 3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\ atapi.sys
[2008/01/19 09:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35 _6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/02/13 10:35:27 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- D:\Windows.old\Windows\System32\DriverStore\FileRe pository\mshdc.inf_800fd020\atapi.sys
[2008/02/13 10:35:27 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- D:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf 3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\ atapi.sys
[2010/05/12 23:47:34 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35 _6.0.6000.16632_none_375215c7dcd73562\atapi.sys
[2006/11/02 13:01:02 | 000,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- D:\Windows.old\Windows\System32\DriverStore\FileRe pository\mshdc.inf_f8cccc79\atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- D:\Windows.old\Windows\System32\drivers\atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- D:\Windows.old\Windows\System32\DriverStore\FileRe pository\mshdc.inf_b6d20d6f\atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- D:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf 3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\ atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35 _6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- D:\Windows.old\Windows\System32\cngaudit.dll
[2006/11/02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4ace b06de1c\cngaudit.dll
[2006/11/02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4ace b06de1c\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- D:\Windows.old\Windows\SysWOW64\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d29293 2a96ce6\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- D:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- D:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d29293 2a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f7 00fe698beb14\explorer.exe
[2010/05/13 00:03:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f7 00fe698beb14\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb 106e66a7ac19\explorer.exe
[2010/05/13 00:03:32 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb 106e66a7ac19\explorer.exe
[2008/10/29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba2 56ac352b2919\explorer.exe
[2010/05/13 00:03:33 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba2 56ac352b2919\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b858 3e9d7fda0512\explorer.exe
[2010/05/13 00:03:32 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b858 3e9d7fda0512\explorer.exe
[2006/11/02 12:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c 809a352ecf21\explorer.exe
[2006/11/02 12:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c 809a352ecf21\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- D:\Windows.old\Windows\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbe bba22f3bab41\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- D:\Windows\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbe bba22f3bab41\explorer.exe
[2007/11/14 08:38:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_b61f 6f46696c67ab\explorer.exe
[2010/05/12 23:59:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_b61f 6f46696c67ab\explorer.exe
[2008/10/28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac52 66dd4e2b0a41\explorer.exe
[2010/05/13 00:03:33 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac52 66dd4e2b0a41\explorer.exe
[2007/11/14 08:38:19 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=819D88EC82C2C44B556DC32ED22044DE -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_ac3d c19d4e3a6405\explorer.exe
[2010/05/12 23:59:26 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=819D88EC82C2C44B556DC32ED22044DE -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_ac3d c19d4e3a6405\explorer.exe
[2008/10/29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96 661c3246ea1e\explorer.exe
[2010/05/13 00:03:32 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96 661c3246ea1e\explorer.exe
[2007/11/14 08:38:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_b692 6bef829b2600\explorer.exe
[2010/05/12 23:59:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_b692 6bef829b2600\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- D:\Windows.old\Windows\SysWOW64\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba13 65f4639c6d3c\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- D:\Windows\SysWOW64\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- D:\Windows\SysWOW64\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba13 65f4639c6d3c\explorer.exe
[2008/10/30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03 944b4b794317\explorer.exe
[2010/05/13 00:03:32 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03 944b4b794317\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7 112f828bcc3c\explorer.exe
[2010/05/13 00:03:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7 112f828bcc3c\explorer.exe
[2008/01/19 09:00:15 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add3 42963219dff5\explorer.exe
[2008/01/19 09:00:15 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add3 42963219dff5\explorer.exe
[2007/11/14 08:38:20 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=FCBF8AC1855EF986CDEC2387760F71C6 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_abca c4f4350ba5b0\explorer.exe
[2010/05/12 23:59:27 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=FCBF8AC1855EF986CDEC2387760F71C6 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_abca c4f4350ba5b0\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f1 2aec698f911c\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f1 2aec698f911c\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827 ece8667aa1f0\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827 ece8667aa1f0\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/19 09:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- D:\Windows.old\Windows\System32\DriverStore\FileRe pository\iastorv.inf_fbe95c71\iaStorV.sys
[2008/01/19 09:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- D:\Windows.old\Windows\winsxs\amd64_iastorv.inf_31 bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc 5\iaStorV.sys
[2008/01/19 09:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e 35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sy s
[2006/11/02 12:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- D:\Windows.old\Windows\System32\DriverStore\FileRe pository\iastorv.inf_69d79584\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/19 09:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d6 52c6f057598d\netlogon.dll
[2008/01/19 09:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d6 52c6f057598d\netlogon.dll
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f4 3b1d27cd0ab4\netlogon.dll
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f4 3b1d27cd0ab4\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- D:\Windows.old\Windows\SysWOW64\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616 762521d9e6d4\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- D:\Windows\SysWOW64\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- D:\Windows\SysWOW64\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616 762521d9e6d4\netlogon.dll
[2009/04/11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- D:\Windows.old\Windows\System32\netlogon.dll
[2009/04/11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1 cbd2ed7924d9\netlogon.dll
[2009/04/11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1 cbd2ed7924d9\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642a fd1924b81b88\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642a fd1924b81b88\netlogon.dll
[2006/11/02 12:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f 90caf36c48b9\netlogon.dll
[2006/11/02 12:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f 90caf36c48b9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 13:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- D:\Windows.old\Windows\System32\DriverStore\FileRe pository\nvraid.inf_a5403adf\nvstor.sys
[2008/01/19 09:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- D:\Windows.old\Windows\System32\DriverStore\FileRe pository\nvraid.inf_63cdbcfd\nvstor.sys
[2008/01/19 09:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- D:\Windows.old\Windows\winsxs\amd64_nvraid.inf_31b f3856ad364e35_6.0.6001.18000_none_95f95eab775c159d \nvstor.sys
[2008/01/19 09:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e3 5_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_9e812831c5d9a243\scecli.dll
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_9e812831c5d9a243\scecli.dll
[2006/11/02 12:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.1 6386_none_91f5bbe3948dcf74\scecli.dll
[2006/11/02 12:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.1 6386_none_91f5bbe3948dcf74\scecli.dll
[2008/01/19 09:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_942c7ddf9178e048\scecli.dll
[2008/01/19 09:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_942c7ddf9178e048\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.1 6386_none_9c4a6635c8ee916f\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.1 6386_none_9c4a6635c8ee916f\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- D:\Windows.old\Windows\SysWOW64\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- D:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- D:\Windows\SysWOW64\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- D:\Windows\SysWOW64\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- D:\Windows.old\Windows\System32\scecli.dll
[2009/04/11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_9617f6eb8e9aab94\scecli.dll
[2009/04/11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- D:\Windows.old\Windows\SysWOW64\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28 ba15d1aff80b\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- D:\Windows\SysWOW64\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- D:\Windows\SysWOW64\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28 ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- D:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1 f819d4c4e737\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1 f819d4c4e737\userinit.exe
[2006/11/02 12:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610 939d8d22586d\userinit.exe
[2006/11/02 12:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610 939d8d22586d\userinit.exe
[2008/01/19 09:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- D:\Windows.old\Windows\System32\userinit.exe
[2008/01/19 09:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- D:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_3847 55998a0d6941\userinit.exe
[2008/01/19 09:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_3847 55998a0d6941\userinit.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\SysWOW64\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\SysWOW64\dxtrans.dll
[2008/01/19 08:36:39 | 000,357,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\SysWOW64\taskschd.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> D:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 107 bytes -> D:\ProgramData\TEMP:BFE23423
< End of report >

**dwsolo** · 07-08-2010

OTL extras
OTL Extras logfile created on: 07/08/2010 07:43:18 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Users\david2\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 276.88 Gb Total Space | 17.84 Gb Free Space | 6.44% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 150.45 Gb Free Space | 50.47% Space Free | Partition Type: NTFS
Drive E: | 11.74 Gb Total Space | 9.77 Gb Free Space | 83.21% Space Free | Partition Type: NTFS
Drive F: | 9.00 Mb Total Space | 5.42 Mb Free Space | 60.23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 3.74 Gb Total Space | 0.55 Gb Free Space | 14.61% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 1397.26 Gb Total Space | 719.65 Gb Free Space | 51.50% Space Free | Partition Type: NTFS

Computer Name: DAVID2-PC
Current User Name: david2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = A2 98 6F 9A 79 F2 CA 01 [binary data]
"VistaSp2" = 4B A7 67 78 82 F2 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{055E71B7-05F7-4AF8-B1DE-2B5FF709A0C3}" = protocol=6 | dir=in | app=d:\windows\temp\~os52bc.tmp\pmropn.exe |
"{26769625-2DB7-4450-AC7A-60A94DB40AC4}" = dir=in | app=d:\program files (x86)\windows live\sync\windowslivesync.exe |
"{59D8114A-81C2-4B1D-AA43-D5F0BDABAA00}" = protocol=6 | dir=in | app=d:\windows\temp\~os5bd4.tmp\pmropn.exe |
"TCP Query User{F63AB1B6-6571-4A35-BC19-E4AC520174C3}D:\program files (x86)\premieropinion\pmropn.exe" = protocol=6 | dir=in | app=d:\program files (x86)\premieropinion\pmropn.exe |
"UDP Query User{309A65B6-063F-48BC-8D48-BAA76A5989A2}D:\program files (x86)\premieropinion\pmropn.exe" = protocol=17 | dir=in | app=d:\program files (x86)\premieropinion\pmropn.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"__ARIA_1013___is1" = Garritan Instruments for Finale
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ARIA Engine_is1" = ARIA Engine v1.0.7.3
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"doPDF 6 printer_is1" = doPDF 6.2 printer
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02418C87-F90C-4E47-8BA6-16226B35D9C3}" = Serif MoviePlus X3
"{0A1CAF84-CDC8-477F-997F-800AB090EA46}" = Serif Premium Template Pack 1 for WebPlus
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36F8A1AC-D75B-4B50-AD16-1E015B06BA1D}" = Serif Premium Image Collection 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55485AA6-B3C8-4FEF-9A1E-09B7DE3DB589}" = Serif WebPlus X4 Bonus Content Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7070E859-68A6-4539-A629-58B06CBCACD4}" = Serif MoviePlus X3 Resources
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Premium
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3DE6A9E-1FD0-4208-92F4-EC9004E34774}" = Sonic Foundry Sound Forge 6.0e
"{C93D1FA3-F6A7-4D66-9E3C-ADBB19D9C65D}" = Serif Premium Template Pack 2 for WebPlus
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"5244-9769-3058-9401" = Moneydance 2010
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Awave Studio_is1" = Awave Studio v10.3
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DigiGuide TV Guide" = DigiGuide TV Guide
"EASEUS Todo Backup 1.1_is1" = EASEUS Todo Backup 1.1
"Everything" = Everything 1.2.1.371
"Finale 2010" = Finale 2010
"FlexiMusic Composer_is1" = FlexiMusic Composer
"Foxit Reader" = Foxit Reader
"Glary Utilities_is1" = Glary Utilities 2.26.0.956
"iCopy" = iCopy
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"jv16 PowerTools 2010" = jv16 PowerTools 2010
"Karen's Directory Printer" = Karen's Directory Printer
"Karen's Replicator" = Karen's Replicator
"KoolMoves (Serif Edition)_is1" = KoolMoves 7.2.2 (Serif Edition)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.15
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nature Illusion Studio" = Nature Illusion Studio
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Reimage Repair" = Reimage Repair
"Secunia PSI" = Secunia PSI
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.2
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"SugarSync" = SugarSync Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/08/2010 11:10:41 | Computer Name = david2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/08/2010 11:10:41 | Computer Name = david2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07/08/2010 01:05:22 | Computer Name = david2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07/08/2010 01:05:22 | Computer Name = david2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07/08/2010 01:05:28 | Computer Name = david2-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "D:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "D:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32", version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",ve rsion="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 07/08/2010 01:05:28 | Computer Name = david2-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "D:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "D:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32", version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",ve rsion="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 07/08/2010 01:30:41 | Computer Name = david2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07/08/2010 01:30:41 | Computer Name = david2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07/08/2010 01:38:29 | Computer Name = david2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07/08/2010 01:38:29 | Computer Name = david2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 13/05/2010 02:23:15 | Computer Name = david2-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered
a non-retryable error and could not start. The data contains the error code.

Error - 13/05/2010 02:28:08 | Computer Name = david2-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 13/05/2010 02:28:08 | Computer Name = david2-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 13/05/2010 02:28:08 | Computer Name = david2-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 13/05/2010 02:28:41 | Computer Name = david2-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 13/05/2010 02:37:57 | Computer Name = david2-PC | Source = DCOM | ID = 10010
Description =

Error - 13/05/2010 03:00:09 | Computer Name = david2-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered
a non-retryable error and could not start. The data contains the error code.

Error - 13/05/2010 03:10:17 | Computer Name = david2-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered
a non-retryable error and could not start. The data contains the error code.

Error - 13/05/2010 03:24:50 | Computer Name = david2-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered
a non-retryable error and could not start. The data contains the error code.

Error - 13/05/2010 03:39:23 | Computer Name = david2-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered
a non-retryable error and could not start. The data contains the error code.

< End of report >

**broni** · 07-08-2010

You're running very low on C drive free space:

Drive C: | 276.88 Gb Total Space | 17.84 Gb Free Space | 6.44% Space Free

================================================== =============

Update your Java version here: Verify Java Version

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

================================================== ============

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: UserInit - (D:\Program Files\Soluto\soluto.exe /userinit) - D:\Program Files\Soluto\soluto.exe File not found
@Alternate Data Stream - 136 bytes -> D:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 107 bytes -> D:\ProgramData\TEMP:BFE23423


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

**dwsolo** · 07-08-2010

Thanks again.
Results of fix:
All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\http\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF4 2-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\http\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF4 0-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\https\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF4 2-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\https\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF4 0-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\msdaipp\0x00000001\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF4 2-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\msdaipp\oledb\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF4 0-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C 0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\mso-offdap11\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3250511 4-5902-49B2-880A-1F7738E5A384}\ not found.
File {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filt er\text/xml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807553E 5-5146-11D5-A672-00B0D022E945}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit

:\Program Files\Soluto\soluto.exe /userinit deleted successfully.
ADS D:\ProgramData\TEMP:07BF512B deleted successfully.
ADS D:\ProgramData\TEMP:BFE23423 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: david2
->Temp folder emptied: 21987102 bytes
->Temporary Internet Files folder emptied: 40785548 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 38495770 bytes
->Flash cache emptied: 5507 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151686 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 71433133 bytes

Total Files Cleaned = 165.00 mb

[EMPTYFLASH]

User: All Users

User: david2
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08072010_201552

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...