OTL logfile created on: 10/31/2011 12:52:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\charles\Desktop\malware removal
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.34% Memory free
4.21 Gb Paging File | 2.96 Gb Available in Paging File | 70.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.55 Gb Total Space | 38.53 Gb Free Space | 17.39% Space Free | Partition Type: NTFS
Drive D: | 11.33 Gb Total Space | 2.61 Gb Free Space | 23.04% Space Free | Partition Type: NTFS
Drive F: | 7.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: CHARLES-PC | User Name: charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011/10/31 11:33:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\charles\Desktop\malware removal\OTL.exe
PRC - [2011/09/13 04:32:31 | 001,830,744 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2011/08/15 05:31:59 | 001,591,024 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderml.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/26 07:07:53 | 002,267,120 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\frwl_svc.exe
PRC - [2011/05/26 07:07:50 | 002,583,304 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\frwl_notify.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/04/20 07:32:56 | 001,473,264 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent.exe
PRC - [2010/12/04 18:29:11 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010/11/17 13:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/08/26 16:44:48 | 000,387,040 | ---- | M] (PC Tools Software) -- C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrvProxy.exe
PRC - [2010/08/26 16:44:46 | 001,021,920 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe
PRC - [2010/08/26 16:44:12 | 000,534,496 | ---- | M] (PC Tools Software) -- C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe
PRC - [2010/08/26 16:44:10 | 001,034,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe
PRC - [2010/08/26 11:07:04 | 000,531,664 | ---- | M] (Acronis) -- C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
PRC - [2010/08/26 10:56:16 | 003,464,632 | ---- | M] (Acronis) -- C:\Program Files\Acronis\DriveMonitor\adm.exe
PRC - [2010/06/21 18:26:00 | 003,112,696 | ---- | M] (PixelMetrics) -- C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
PRC - [2010/06/07 18:48:42 | 000,362,488 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/06/07 18:48:38 | 000,817,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/06/07 18:47:46 | 002,605,424 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/05/21 01:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 01:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/09/14 21:43:32 | 000,106,496 | ---- | M] () -- C:\Users\Public\Program Files\Lab-NC\ProNFS\xsetsrv.exe
PRC - [2008/09/29 13:19:22 | 000,415,744 | ---- | M] () -- C:\Program Files\Clock Tray Skins\timeserv.exe
PRC - [2008/07/17 18:03:34 | 000,205,952 | ---- | M] () -- C:\WINDOWS\System32\XWNTSERV.EXE
PRC - [2008/01/19 02:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
PRC - [2007/09/13 19:22:04 | 005,252,936 | ---- | M] (SpareBackup, Inc.) -- C:\Program Files\Spare Backup\SpareBackup.exe
PRC - [2007/02/12 16:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 16:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/15 09:17:31 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011/06/15 09:16:36 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\81a310f5bd696b74485a513680672a5e\System.Web.Services.ni.dll
MOD - [2011/06/15 09:16:36 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/06/15 09:16:34 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/15 09:16:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/15 09:16:24 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2011/06/15 09:16:23 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2011/06/15 09:16:22 | 002,510,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\7ce102f66f1e9a72578c6f2f07a27ef8\System.Data.SqlXml.ni.dll
MOD - [2011/06/15 09:16:22 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6a39ee17f7cefb77c8e98dbfb72b058b\System.Security.ni.dll
MOD - [2011/06/15 09:16:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/06/15 09:16:18 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
MOD - [2011/06/15 09:10:57 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/15 09:10:03 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/15 09:09:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/15 09:09:22 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011/06/15 09:07:55 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/15 09:07:43 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/12/04 17:56:03 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/12/04 17:56:02 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/12/03 03:13:45 | 000,708,608 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Web.Services2\2.0.3.0__31bf3856ad364e35\Microsoft.Web.Services2.dll
MOD - [2010/08/26 16:44:44 | 000,251,872 | ---- | M] () -- C:\Program Files\PC Tools Utilities\Tools\Repair\aDSUtils.dll
MOD - [2010/08/26 16:44:02 | 000,251,872 | ---- | M] () -- C:\Program Files\PC Tools Utilities\Tools\Defrag\aDSUtils.dll
MOD - [2010/08/26 10:46:18 | 000,012,128 | ---- | M] () -- C:\Program Files\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2010/06/07 18:05:12 | 000,028,512 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\rpc_client.dll
MOD - [2010/05/04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/29 15:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2008/07/17 18:03:32 | 000,086,251 | ---- | M] () -- C:\WINDOWS\System32\XWNTFS32.DLL
MOD - [2007/05/19 00:59:06 | 000,356,928 | ---- | M] () -- C:\Program Files\Spare Backup\sqlite3.dll
MOD - [2007/04/03 10:05:24 | 000,577,096 | ---- | M] () -- C:\Program Files\Spare Backup\System.Data.SQLite.DLL
MOD - [2007/04/03 10:04:54 | 000,183,880 | ---- | M] () -- C:\Program Files\Spare Backup\UberCrypto.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2011/09/13 04:32:31 | 001,830,744 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/26 07:07:53 | 002,267,120 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\DrWeb\frwl_svc.exe -- (DrWebFWSvc)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/08/26 16:44:46 | 001,021,920 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe -- (DMRepairService)
SRV - [2010/08/26 16:44:10 | 001,034,208 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe -- (DMDefragService)
SRV - [2010/06/07 18:48:38 | 000,817,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/09/14 21:43:32 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\Users\Public\Program Files\Lab-NC\ProNFS\xsetsrv.exe -- (XwpXSetSrvProNFS)
SRV - [2008/09/29 13:19:22 | 000,415,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Clock Tray Skins\timeserv.exe -- (AtomicAlarmClock)
SRV - [2008/07/17 18:03:34 | 000,205,952 | ---- | M] () [Auto | Running] -- C:\Windows\System32\xwntserv.exe -- (XWNTSERV)
SRV - [2008/03/18 05:28:46 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Cygwin\bin\cygrunsrv.exe -- (BrlAPI)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/12 16:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2011/09/28 07:21:07 | 000,149,272 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2011/09/26 08:00:44 | 000,109,560 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\spiderg3.sys -- (SpiderG3)
DRV - [2011/08/19 10:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/08/15 15:06:20 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/08/15 15:06:20 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/12/09 20:09:55 | 000,594,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/12/09 20:09:37 | 000,170,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/11/11 07:58:16 | 000,084,728 | ---- | M] (Doctor Web) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\drwebaf.sys -- (DRWEBAF)
DRV - [2010/11/11 07:58:16 | 000,072,568 | ---- | M] (Doctor Web) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\drwebpf.sys -- (DrWebPF)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/04 21:18:24 | 000,551,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009/07/21 05:39:32 | 000,576,896 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009/01/14 20:24:45 | 001,499,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CM102.sys -- (USBAU)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/07/17 18:03:52 | 000,177,918 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\XWPFSW2K.SYS -- (XwpNTrdr)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/29 17:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/01/30 00:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/08 04:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://translate.reference.com/
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-501\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-501\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3565876915-1613788483-8259272-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.99
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: copylinkurl@bluelightdev.com:1.5
FF - prefs.js..extensions.enabledItems: {f36c6cd1-da73-491d-b290-8fc9115bfa55}:2.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: zoteroOpenOfficeIntegration@zotero.org:3.5b1
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.10
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/16 18:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/16 18:16:42 | 000,000,000 | ---D | M]
[2010/12/05 09:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\Mozilla\Extensions
[2011/10/31 12:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions
[2011/01/16 22:40:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/16 22:40:12 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2011/09/11 21:25:43 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/09/11 21:27:32 | 000,000,000 | ---D | M] (WorldIP) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
[2010/12/22 01:06:37 | 000,000,000 | ---D | M] ("Copy Link URL") -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\copylinkurl@bluelightdev.com
[2011/01/16 22:40:12 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\isreaditlater@ideashower.com
[2011/09/27 03:15:08 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\zotero@chnm.gmu.edu
[2011/09/27 03:13:59 | 000,000,000 | ---D | M] (Zotero OpenOffice.org Integration) -- C:\Users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\1z9lwc1b.default\extensions\zoteroOpenOfficeIntegration@zotero.org
[2011/10/31 12:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/17 00:30:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/31 12:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/31 12:47:25 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Dr.Web Anti-Virus Link Checker = C:\Users\charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb\2.56_0\
CHR - Extension: Mac OS X Simple Theme = C:\Users\charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihohekcekjgjdkeljpkbaaecgfoimbj\1.0.1_0\
O1 HOSTS File: ([2011/10/17 12:45:58 | 000,614,319 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 www.pdflite.com
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 16345 more lines...
O2 - BHO: (WRShell.BHO) - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WRShell.EditBand) - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WRShell.ToolBand) - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O3 - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [adm_tray.exe] C:\Program Files\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [Cm102Sound] RunDll32 cm102.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Dr.Web Firewall] C:\Program Files\DrWeb\frwl_notify.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [SpIDerMail] C:\Program Files\DrWeb\spiderml.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3565876915-1613788483-8259272-1000..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-3565876915-1613788483-8259272-1000..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe ()
O4 - HKU\S-1-5-21-3565876915-1613788483-8259272-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3565876915-1613788483-8259272-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3565876915-1613788483-8259272-501..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
O4 - Startup: C:\Users\charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odrive.bat ()
O4 - Startup: C:\Users\charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: WebResearch: Save Link Address As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Page Area (Frame) - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Page Area (Frame) As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Picture - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Picture As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Selected Targets As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Selection - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Selection As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Target - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O8 - Extra context menu item: WebResearch: Save Target As... - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1001\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1002\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-1003\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-501\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3565876915-1613788483-8259272-501\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AA66C24-F5AD-4973-875D-B23365C7DEFE}: DhcpNameServer = 192.168.2.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/10/31 12:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/31 12:48:26 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/10/31 12:48:26 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/10/31 12:48:26 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/10/31 11:34:49 | 000,000,000 | ---D | C] -- C:\Users\charles\Desktop\malware removal
[2011/10/25 23:52:47 | 000,000,000 | ---D | C] -- C:\Users\charles\Desktop\linux
[2011/10/24 20:02:50 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/10/24 20:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/10/23 20:54:47 | 000,000,000 | ---D | C] -- C:\Users\charles\Desktop\Install Mplayer and Multimedia Codecs (libdvdcss2,w32codecs,w64codecs) in Ubuntu 9.04 (Jaunty) Ubuntu Geek_files
[2011/10/17 12:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/09 17:44:54 | 000,000,000 | ---D | C] -- C:\Users\charles\Desktop\homeschool
[2011/10/04 12:06:59 | 000,000,000 | ---D | C] -- C:\Users\charles\Desktop\minivans dodge
[2011/10/03 00:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/02 21:08:38 | 000,000,000 | ---D | C] -- C:\Users\charles\Documents\My Kindle Content
[2011/10/02 21:08:20 | 000,000,000 | ---D | C] -- C:\Users\charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/10/02 21:08:09 | 000,000,000 | ---D | C] -- C:\Users\charles\AppData\Local\Amazon
[2011/10/02 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/10/02 12:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft MapPoint 2011
[2011/10/02 12:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/10/02 11:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/10/31 12:51:27 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Dr.Web Update.job
[2011/10/31 12:47:25 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/10/31 12:47:25 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/10/31 12:47:25 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/10/31 12:47:25 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/10/31 12:42:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/31 12:12:04 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011/10/31 12:08:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 12:08:24 | 000,000,292 | ---- | M] () -- C:\XWNTFS32.TRC
[2011/10/31 12:06:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/31 12:06:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/31 12:06:45 | 000,001,024 | ---- | M] () -- C:\XWP2KFSD.TRC
[2011/10/31 12:06:45 | 000,001,024 | ---- | M] () -- C:\XWP2KFSD.TR_
[2011/10/31 12:06:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/31 12:06:37 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/31 11:38:56 | 000,001,224 | ---- | M] () -- C:\XWNTFS32.TR_
[2011/10/26 06:42:37 | 000,000,004 | ---- | M] () -- C:\Users\charles\Documents\Unsaved Document 1
[2011/10/23 20:54:47 | 000,113,217 | ---- | M] () -- C:\Users\charles\Desktop\Install Mplayer and Multimedia Codecs (libdvdcss2,w32codecs,w64codecs) in Ubuntu 9.04 (Jaunty) Ubuntu Geek.htm
[2011/10/18 10:48:31 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/18 10:48:31 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/16 18:27:24 | 000,000,762 | ---- | M] () -- C:\Users\charles\AppData\Roaming\ClockTraySkins.ini
[2011/10/11 13:33:03 | 000,001,356 | ---- | M] () -- C:\Users\charles\AppData\Local\d3d9caps.dat
[2011/10/10 21:12:43 | 000,000,833 | ---- | M] () -- C:\Users\charles\Desktop\wyzant first reponse.rtf
[2011/10/05 21:39:56 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/05 21:09:55 | 000,008,583 | ---- | M] () -- C:\Users\charles\Desktop\payment interest term calc.ods
[2011/10/04 10:10:19 | 000,244,911 | ---- | M] () -- C:\Users\charles\Desktop\classmates settlement documentation.xps
[2011/10/03 00:25:28 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/03 00:03:17 | 000,341,030 | ---- | M] () -- C:\Users\charles\Desktop\Homicide Studies-2011-Farrell-228-52.pdf
[2011/10/02 21:08:23 | 000,002,028 | ---- | M] () -- C:\Users\charles\Desktop\Kindle.lnk
[2011/10/02 19:17:54 | 000,241,498 | ---- | M] () -- C:\Users\charles\Desktop\books.xps
[2011/10/01 19:17:54 | 000,000,065 | ---- | M] () -- C:\Users\charles\Desktop\Ultimate Research Assistant.url
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/10/26 06:42:37 | 000,000,004 | ---- | C] () -- C:\Users\charles\Documents\Unsaved Document 1
[2011/10/23 20:54:46 | 000,113,217 | ---- | C] () -- C:\Users\charles\Desktop\Install Mplayer and Multimedia Codecs (libdvdcss2,w32codecs,w64codecs) in Ubuntu 9.04 (Jaunty) Ubuntu Geek.htm
[2011/10/16 18:18:18 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/05 21:09:53 | 000,008,583 | ---- | C] () -- C:\Users\charles\Desktop\payment interest term calc.ods
[2011/10/04 12:44:39 | 000,000,833 | ---- | C] () -- C:\Users\charles\Desktop\wyzant first reponse.rtf
[2011/10/04 10:10:14 | 000,244,911 | ---- | C] () -- C:\Users\charles\Desktop\classmates settlement documentation.xps
[2011/10/03 00:25:28 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/03 00:25:26 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/03 00:03:13 | 000,341,030 | ---- | C] () -- C:\Users\charles\Desktop\Homicide Studies-2011-Farrell-228-52.pdf
[2011/10/02 21:08:23 | 000,002,028 | ---- | C] () -- C:\Users\charles\Desktop\Kindle.lnk
[2011/10/02 19:17:37 | 000,241,498 | ---- | C] () -- C:\Users\charles\Desktop\books.xps
[2011/10/02 12:17:49 | 000,002,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft MapPoint North America 2011.lnk
[2011/10/01 19:17:54 | 000,000,065 | ---- | C] () -- C:\Users\charles\Desktop\Ultimate Research Assistant.url
[2011/09/25 13:33:38 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/09/22 21:29:10 | 000,000,762 | ---- | C] () -- C:\Users\charles\AppData\Roaming\ClockTraySkins.ini
[2011/09/20 01:15:33 | 000,177,918 | ---- | C] () -- C:\Windows\System32\drivers\XWPFSW2K.SYS
[2011/09/20 01:15:33 | 000,070,656 | ---- | C] () -- C:\Windows\System32\XWPSHELL.DLL
[2011/09/20 01:15:32 | 000,205,952 | ---- | C] () -- C:\Windows\System32\XWNTSERV.EXE
[2011/09/20 01:15:32 | 000,086,251 | ---- | C] () -- C:\Windows\System32\XWNTFS32.DLL
[2011/09/19 21:34:50 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2011/09/19 21:34:50 | 000,013,312 | ---- | C] () -- C:\Windows\System32\DEVLOAD.EXE
[2011/09/19 21:34:48 | 000,000,543 | ---- | C] () -- C:\Windows\SWISV3.INI
[2011/09/19 21:34:46 | 000,000,355 | ---- | C] () -- C:\Windows\SKNIFE.INI
[2011/09/19 21:34:16 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011/09/18 20:32:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib_iMiser.dll
[2011/09/13 17:29:48 | 000,000,483 | ---- | C] () -- C:\Windows\CDRipper.ini
[2011/05/17 09:31:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/04/15 04:30:00 | 000,079,296 | ---- | C] () -- C:\Windows\System32\wr4zlib.dll
[2011/01/17 08:23:26 | 000,001,356 | ---- | C] () -- C:\Users\charles\AppData\Local\d3d9caps.dat
[2011/01/10 21:11:57 | 000,000,054 | ---- | C] () -- C:\Windows\Composer.INI
[2011/01/04 13:41:56 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/04 13:41:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/17 20:56:48 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix102.dll
[2010/12/17 20:56:29 | 000,503,808 | R--- | C] () -- C:\Windows\System32\Cmeau102.exe
[2010/12/17 20:56:29 | 000,000,103 | ---- | C] () -- C:\Windows\Cm102.ini.cfl
[2010/12/17 20:55:42 | 000,000,081 | ---- | C] () -- C:\Windows\Cm102.ini.imi
[2010/12/17 20:55:41 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/12/17 20:55:41 | 000,002,027 | R--- | C] () -- C:\Windows\Cm102.ini.cfg
[2010/12/17 20:55:33 | 000,000,449 | R--- | C] () -- C:\Windows\cm102.ini
[2010/12/17 12:53:08 | 000,303,104 | ---- | C] () -- C:\Windows\emunist.exe
[2010/12/17 12:52:58 | 000,002,199 | ---- | C] () -- C:\Windows\TVEpaDrv.ini
[2010/12/05 06:05:07 | 000,037,344 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/12/03 15:11:03 | 000,037,376 | ---- | C] () -- C:\Users\charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/12/12 10:53:10 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/12 10:53:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2007/12/12 10:52:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,329,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 19:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2004/12/27 18:48:36 | 000,044,544 | ---- | C] () -- C:\Windows\System32\gif89.dll
[2003/11/18 02:37:20 | 000,072,192 | ---- | C] () -- C:\Windows\System32\cszlib.dll
[color=#E56717]========== LOP Check ==========[/color]
[2010/12/13 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Acronis
[2011/09/18 15:37:15 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Brief
[2011/03/30 13:44:43 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Canon
[2011/09/25 01:31:45 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\CloneSpy
[2011/09/17 00:59:53 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\gtk-2.0
[2011/01/11 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\MusE
[2011/01/19 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\OpenOffice.org
[2011/01/17 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Opera
[2011/02/26 16:03:50 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\PixelMetrics
[2010/12/21 20:44:04 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\QuickScan
[2010/12/20 13:23:57 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Registry Mechanic
[2010/12/03 14:57:50 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\SampleView
[2011/10/31 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Spare Backup
[2011/10/02 10:51:21 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Spotify
[2011/01/17 09:51:26 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\SwordSearcher
[2011/07/11 13:47:55 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\Sync App Settings
[2011/01/11 18:53:34 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\TaxCut
[2011/09/19 19:35:38 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\WebResearch
[2011/09/18 21:58:30 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\WinNc
[2011/01/19 00:22:05 | 000,000,000 | ---D | M] -- C:\Users\charles\AppData\Roaming\WinPatrol
[2011/04/01 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Canon
[2011/01/21 10:15:33 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\OpenOffice.org
[2011/04/17 21:14:50 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Opera
[2011/01/24 23:56:27 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PixelMetrics
[2011/10/16 18:29:21 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Spare Backup
[2011/03/04 04:54:55 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\TaxCut
[2011/09/27 19:48:59 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\WebResearch
[2011/01/29 19:57:46 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\WinPatrol
[2011/04/30 10:56:48 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\OpenOffice.org
[2011/05/02 19:49:20 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PixelMetrics
[2011/05/30 18:50:33 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\SampleView
[2011/05/31 21:23:46 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Spare Backup
[2011/05/31 19:43:30 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Spare Backup
[2011/07/08 14:11:47 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Canon
[2011/07/08 14:17:47 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\OpenOffice.org
[2011/08/20 11:55:41 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Spare Backup
[2011/10/13 08:45:14 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\WebResearch
[2011/01/01 20:33:28 | 000,000,288 | ---- | M] () -- C:\Windows\Tasks\Dr.Web Daily scan.job
[2011/10/31 12:51:27 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\Dr.Web Update.job
[2011/10/31 12:05:41 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >