OTL logfile created on: 5/22/2011 12:07:42 PM - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = D:\ 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 580.66 Gb Total Space | 510.67 Gb Free Space | 87.95% Space Free | Partition Type: NTFS Drive D: | 15.51 Gb Total Space | 8.00 Gb Free Space | 51.55% Space Free | Partition Type: NTFS Drive E: | 1.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: EXPROCARS-PC | User Name: iee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2011/05/22 05:32:22 | 000,879,035 | ---- | M] () -- D:\SecurityCheck.exe PRC - [2011/05/22 05:29:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2010/12/30 15:43:51 | 000,017,408 | R--- | M] (http://www.hiren.info) -- E:\HBCD\WINTOOLS\HBCDMENU.EXE PRC - [2010/09/14 14:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe PRC - [2010/09/14 12:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2009/02/26 10:49:18 | 000,099,328 | ---- | M] (Opera Software) -- C:\Users\iee\AppData\Local\temp\HBCD\Opera\opera.exe PRC - [2008/05/11 02:38:48 | 000,049,152 | ---- | M] (IOI) -- C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe PRC - [2008/01/20 22:48:06 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011/05/22 05:29:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.exe MOD - [2011/05/11 11:33:42 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll MOD - [2011/05/11 11:33:37 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d1cb520e4353d918\ATL80.dll MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2006/11/02 04:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2008/03/19 12:30:56 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:[b]64bit:[/b] - [2008/03/16 09:37:32 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService) SRV:[b]64bit:[/b] - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/02/04 15:01:45 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/09/14 12:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\711B.tmp -- (MEMSWEEP2) DRV:[b]64bit:[/b] - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:[b]64bit:[/b] - [2009/04/28 16:20:06 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM) DRV:[b]64bit:[/b] - [2008/05/01 01:17:40 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR) DRV:[b]64bit:[/b] - [2008/04/17 13:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2008/03/25 12:50:18 | 007,715,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2008/03/18 15:09:28 | 000,128,512 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:[b]64bit:[/b] - [2008/03/16 09:48:25 | 000,324,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R) DRV:[b]64bit:[/b] - [2008/03/16 09:37:38 | 001,513,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV) DRV:[b]64bit:[/b] - [2008/03/16 09:37:37 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf) DRV:[b]64bit:[/b] - [2008/03/16 09:37:37 | 000,403,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2) DRV:[b]64bit:[/b] - [2008/03/16 09:37:34 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV:[b]64bit:[/b] - [2008/03/16 09:37:32 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio) DRV:[b]64bit:[/b] - [2008/02/11 15:57:10 | 000,070,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:[b]64bit:[/b] - [2008/01/20 22:47:27 | 000,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2007/08/06 13:32:42 | 000,314,880 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock) DRV:[b]64bit:[/b] - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV:[b]64bit:[/b] - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV) DRV:[b]64bit:[/b] - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4710-UB801A IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4710-UB801A IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4710-UB801A IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-140862942-3505633946-997447935-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/21 17:47:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/18 11:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iee\AppData\Roaming\Mozilla\Extensions [2011/05/11 11:37:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- [2010/12/21 04:00:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/05/21 17:47:06 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2011/05/20 18:01:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\Run: [Smart Copy] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe (IOI) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKU\S-1-5-21-140862942-3505633946-997447935-1001\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-140862942-3505633946-997447935-1001\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.2 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/12/31 20:43:16 | 000,000,146 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/05/22 10:54:20 | 000,000,000 | ---D | C] -- C:\rsit [2011/05/21 17:51:49 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\iee\Documents\tdsskiller.exe [2011/05/21 17:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/21 17:45:14 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/05/21 17:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/05/21 17:44:56 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\iee\Documents\mbam-setup.exe [2011/05/21 17:43:29 | 000,000,000 | ---D | C] -- C:\Users\iee\AppData\Roaming\Malwarebytes [2011/05/21 17:43:29 | 000,000,000 | ---D | C] -- C:\Malwarebytes [2011/05/21 17:42:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011/05/21 17:41:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/05/21 17:41:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/05/21 17:41:00 | 000,000,000 | ---D | C] -- C:\Users\iee\AppData\Local\temp [2011/05/20 17:56:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/05/20 17:56:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/05/20 17:56:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/05/20 17:55:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/05/20 17:55:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/05/20 17:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/05/19 15:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Support.com [2011/05/19 15:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Support.com [2011/05/18 11:09:32 | 000,000,000 | ---D | C] -- C:\Users\iee\AppData\Roaming\Mozilla [2011/05/18 11:09:32 | 000,000,000 | ---D | C] -- C:\Users\iee\AppData\Local\Mozilla [2011/05/18 11:09:15 | 000,000,000 | ---D | C] -- C:\Users\iee\AppData\Local\Google [2011/05/18 11:09:10 | 000,000,000 | R--D | C] -- C:\Users\iee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/05/18 11:09:10 | 000,000,000 | R--D | C] -- C:\Users\iee\Searches [2011/05/18 11:09:10 | 000,000,000 | R--D | C] -- C:\Users\iee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011/05/18 11:09:06 | 000,000,000 | ---D | C] -- C:\Users\iee\AppData\Roaming\Identities [2011/05/18 11:09:05 | 000,000,000 | R--D | C] -- C:\Users\iee\Contacts [2011/05/18 11:09:04 | 000,000,000 | ---D | C] -- C:\Users\iee\AppData\Local\VirtualStore [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\AppData\Local\Temporary Internet Files [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\Templates [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\Start Menu [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\SendTo [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\Recent [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\PrintHood [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\NetHood [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\Documents\My Videos [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\Documents\My Pictures [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\Documents\My Music [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\My Documents [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\Local Settings [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\AppData\Local\History [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\Cookies [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\Application Data [2011/05/18 11:09:01 | 000,000,000 | -HSD | C] -- C:\Users\iee\AppData\Local\Application Data [2011/05/18 11:09:00 | 000,000,000 | --SD | C] -- C:\Users\iee\AppData\Roaming\Microsoft [2011/05/18 11:09:00 | 000,000,000 | R--D | C] -- C:\Users\iee\Videos [2011/05/18 11:09:00 | 000,000,000 | R--D | C] -- C:\Users\iee\Saved Games [2011/05/18 11:09:00 | 000,000,000 | R--D | C] -- C:\Users\iee\Pictures [2011/05/18 11:09:00 | 000,000,000 | R--D | C] -- C:\Users\iee\Music [2011/05/18 11:09:00 | 000,000,000 | R--D | C] -- C:\Users\iee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011/05/18 11:09:00 | 000,000,000 | R--D | C] -- C:\Users\iee\Links [2011/05/18 11:09:00 | 000,000,000 | R--D | C] -- C:\Users\iee\Favorites [2011/05/18 11:09:00 | 000,000,000 | R--D | C] -- C:\Users\iee\Downloads [2011/05/18 11:09:00 | 000,000,000 | R--D | C] -- C:\Users\iee\Documents [2011/05/18 11:09:00 | 000,000,000 | R--D | C] -- C:\Users\iee\Desktop [2011/05/18 11:09:00 | 000,000,000 | R--D | C] -- C:\Users\iee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011/05/18 11:09:00 | 000,000,000 | -H-D | C] -- C:\Users\iee\AppData [2011/05/18 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\iee\AppData\Local\Microsoft Help [2011/05/18 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\iee\AppData\Local\Microsoft [2011/05/18 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\iee\AppData\Roaming\Media Center Programs [2011/05/18 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\iee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint [2011/05/18 10:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011/05/18 10:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011/05/12 17:40:28 | 000,000,000 | ---D | C] -- C:\Sun [2011/05/11 12:38:13 | 000,000,000 | ---D | C] -- C:\$AVG [2011/05/11 12:08:24 | 000,000,000 | ---D | C] -- C:\CADFldr [2011/05/11 12:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2011/05/11 11:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011/05/10 13:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011/05/10 12:40:52 | 000,000,000 | ---D | C] -- C:\Intuit [2011/05/10 11:58:33 | 000,000,000 | ---D | C] -- C:\found.000 [2011/04/27 07:09:45 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011/04/27 07:09:45 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011/04/27 07:09:42 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2011/04/27 07:09:42 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2011/04/27 07:09:42 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll [2011/04/27 07:09:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/05/22 11:18:48 | 000,708,480 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/05/22 11:18:48 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/05/22 11:18:48 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/05/22 11:17:23 | 004,490,279 | ---- | M] () -- C:\Users\iee\Documents\removeit_pro.exe [2011/05/22 11:14:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/05/22 11:14:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/05/22 11:14:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/05/22 11:14:38 | 4283,621,376 | -HS- | M] () -- C:\hiberfil.sys [2011/05/21 17:51:49 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\iee\Documents\tdsskiller.exe [2011/05/21 17:45:17 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/21 17:44:57 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\iee\Documents\mbam-setup.exe [2011/05/20 18:01:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/05/12 10:22:24 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini [2011/05/12 10:22:13 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks Premier Edition 2009.lnk [2011/05/11 11:37:08 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/05/07 14:10:50 | 000,020,152 | ---- | M] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe [2011/05/07 13:54:51 | 000,007,181 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/05/22 11:14:38 | 4283,621,376 | -HS- | C] () -- C:\hiberfil.sys [2011/05/21 17:45:17 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/20 17:56:15 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011/05/20 17:56:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/05/20 17:56:15 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011/05/20 17:56:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/05/20 17:56:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/05/18 11:09:14 | 000,000,960 | ---- | C] () -- C:\Users\iee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011/05/18 11:09:11 | 000,000,950 | ---- | C] () -- C:\Users\iee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/05/18 11:09:10 | 000,000,945 | ---- | C] () -- C:\Users\iee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011/05/18 11:09:05 | 000,000,926 | ---- | C] () -- C:\Users\iee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2011/05/18 11:09:00 | 000,000,258 | ---- | C] () -- C:\Users\iee\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2011/05/18 11:09:00 | 000,000,240 | ---- | C] () -- C:\Users\iee\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2011/05/12 10:22:13 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Premier Edition 2009.lnk [2011/05/11 11:37:08 | 000,000,827 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/05/11 11:37:08 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/05/07 14:10:50 | 000,020,152 | ---- | C] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe [2011/05/07 13:54:51 | 000,007,181 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2011/04/01 14:41:26 | 000,000,048 | ---- | C] () -- C:\Windows\PickList.ini [2011/04/01 14:41:14 | 000,000,088 | ---- | C] () -- C:\Windows\od5.ini [2010/12/22 12:22:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2010/12/22 12:21:39 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2010/12/22 12:21:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2010/12/19 05:09:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2010/12/17 12:56:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/11/27 14:09:09 | 000,709,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/04 04:40:16 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini [2008/06/02 22:42:21 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin [2008/06/02 22:42:21 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin [2008/06/02 22:42:20 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin [2008/04/09 17:10:19 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\HotlineClient.exe [2008/04/08 21:54:44 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll [2008/04/08 21:54:44 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll [2008/04/08 21:54:44 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini [2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll [color=#E56717]========== LOP Check ==========[/color] [2011/03/10 09:07:11 | 000,000,000 | ---D | M] -- C:\Users\EXPRO CARS\AppData\Roaming\Avery [2011/05/11 12:11:43 | 000,000,000 | ---D | M] -- C:\Users\EXPRO CARS\AppData\Roaming\AVG10 [2010/11/04 02:43:44 | 000,000,000 | ---D | M] -- C:\Users\EXPRO CARS\AppData\Roaming\Canon [2010/12/02 15:14:50 | 000,000,000 | ---D | M] -- C:\Users\EXPRO CARS\AppData\Roaming\SampleView [2011/03/10 08:40:26 | 000,000,000 | ---D | M] -- C:\Users\EXPRO CARS\AppData\Roaming\Template [2011/05/20 17:52:30 | 000,028,754 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >