[code] OTS logfile created on: 2009-05-19 07:41:44 - Run 2 OTS by OldTimer - Version 3.0.2.1 Folder = C:\Documents and Settings\tigri-bigri\Desktop Windows XP Professional Edition Service Pack 3, v.3311 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 766.98 Mb Total Physical Memory | 350.42 Mb Available Physical Memory | 45.69% Memory free 1.83 Gb Paging File | 1.39 Gb Available in Paging File | 75.99% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.89 Gb Total Space | 35.19 Gb Free Space | 62.97% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CAVE Current User Name: tigri-bigri Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days [Processes - Safe List] acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2008-07-03 19:32:20 | 00,109,056 | ---- | M] (ArcSoft Inc.) apntex.exe -> C:\Program Files\Apoint2K\Apntex.exe -> [2003-02-26 11:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) apoint.exe -> C:\Program Files\Apoint2K\Apoint.exe -> [2003-06-18 14:44:06 | 00,151,552 | ---- | M] (Alps Electric Co., Ltd.) cdantsrv.exe -> C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE -> [2001-09-10 20:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) ceekey.exe -> C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe -> [2003-08-26 21:09:20 | 00,638,976 | ---- | M] (COMPAL ELECTRONIC INC.) cplbtq00.exe -> C:\Program Files\EzButton\CplBTQ00.EXE -> [2003-06-27 18:33:10 | 00,708,608 | ---- | M] (Dritek System Inc.) dpupdchk.exe -> c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe -> [2008-06-10 13:56:28 | 00,447,560 | ---- | M] (Microsoft Corporation) dvdramsv.exe -> C:\WINDOWS\System32\DVDRAMSV.exe -> [2003-05-23 13:38:26 | 00,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008-02-12 15:59:34 | 01,033,728 | ---- | M] (Microsoft Corporation) ezsp_px.exe -> C:\WINDOWS\System32\ezSP_Px.exe -> [2002-08-20 10:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2008-10-04 09:16:19 | 00,039,408 | ---- | M] (Google Inc.) groovemonitor.exe -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe -> [2007-08-24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) hpztsb11.exe -> C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe -> [2006-01-06 22:09:25 | 00,172,032 | ---- | M] (HP) iexplore.exe -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2007-08-13 19:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) itype.exe -> C:\Program Files\Microsoft IntelliType Pro\itype.exe -> [2008-06-10 13:56:30 | 01,442,888 | ---- | M] (Microsoft Corporation) ivpsvmgr.exe -> C:\toshiba\ivp\ism\ivpsvmgr.exe -> [2002-10-17 13:15:58 | 00,475,136 | ---- | M] (TOSHIBA Corporation) ltmoh.exe -> C:\Program Files\ltmoh\Ltmoh.exe -> [2003-01-22 14:54:00 | 00,184,320 | ---- | M] (Agere Systems) mcagent.exe -> c:\Program Files\McAfee.com\Agent\mcagent.exe -> [2007-11-01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2008-01-09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2008-01-25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2007-08-15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2007-07-24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) mcsysmon.exe -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2007-12-05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) mpfsrv.exe -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2007-07-18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) nbservice.exe -> C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -> [2007-12-03 15:21:24 | 00,869,672 | ---- | M] (Nero AG) nvsvc32.exe -> C:\WINDOWS\System32\nvsvc32.exe -> [2003-07-31 23:08:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) ots.exe -> C:\Documents and Settings\tigri-bigri\Desktop\OTS.exe -> [2009-05-19 07:34:05 | 00,503,808 | ---- | M] (OldTimer Tools) ramasst.exe -> C:\WINDOWS\System32\RAMASST.exe -> [2003-03-14 11:38:12 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) sgbhp.exe -> C:\Program Files\SpywareGuard\sgbhp.exe -> [2003-08-29 12:14:56 | 00,233,472 | ---- | M] () sgmain.exe -> C:\Program Files\SpywareGuard\sgmain.exe -> [2003-08-29 20:05:35 | 00,360,448 | ---- | M] () tptray.exe -> C:\Program Files\TOSHIBA\TouchPad\TPTray.exe -> [2003-07-18 15:24:08 | 00,049,152 | ---- | M] (COMPAL ELECTRONIC INC.) [Win32 Services - Safe List] (ACDaemon) ArcSoft Connect Daemon [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2008-07-03 19:32:20 | 00,109,056 | ---- | M] (ArcSoft Inc.) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007-04-13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) (C-DillaSrv) C-DillaSrv [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE -> [2001-09-10 20:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007-04-13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) (DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\DVDRAMSV.exe -> [2003-05-23 13:38:26 | 00,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008-03-22 17:31:28 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) (gusvc) Google Software Updater [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009-04-27 18:46:09 | 00,182,768 | ---- | M] (Google) (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2008-01-09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2008-01-25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) (McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2007-11-07 10:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2007-08-15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2007-07-24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) (McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2007-12-05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) (Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -> [2007-08-24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2007-07-18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) (Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -> [2007-12-03 15:21:24 | 00,869,672 | ---- | M] (Nero AG) (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -> [2007-12-13 20:10:56 | 00,447,784 | ---- | M] (Nero AG) (NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\nvsvc32.exe -> [2003-07-31 23:08:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) (odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007-08-24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006-10-26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\HPZipm12.exe -> [2004-03-18 16:55:48 | 00,065,536 | ---- | M] (HP) (ThreatFire) ThreatFire [Win32_Own | Auto | Stopped] -> -> File not found (usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Live\Messenger\usnsvc.exe -> [2007-10-18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) (WinDefend) Windows Defender [Win32_Own | Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) (WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Live\installer\WLSetupSvc.exe -> [2007-10-25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006-10-18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\AGRSM.sys -> [2003-05-12 12:21:00 | 01,169,856 | ---- | M] (Agere Systems) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\ALCXWDM.SYS -> [2003-05-14 18:44:06 | 00,740,044 | ---- | M] (Realtek Semiconductor Corp.) (ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -> [2003-06-20 15:40:12 | 00,093,912 | ---- | M] (Alps Electric Co., Ltd.) (AR5211) SMC Wireless Network Adapter Service [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ar5211.sys -> [2007-03-27 06:27:02 | 00,543,712 | ---- | M] (Atheros Communications, Inc.) (ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2003-08-12 14:25:12 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) (C-Dilla) C-Dilla [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\CDANT.SYS -> [2001-09-10 20:09:46 | 00,057,392 | ---- | M] (Macrovision) (CDRPDACC) Arrowkey Device Access [Kernel | Auto | Running] -> C:\Program Files\321Studios\Shared\CDRPDACC.SYS -> [2003-10-28 16:17:52 | 00,005,273 | ---- | M] (Arrowkey) (DKbFltr) Dritek HotKey Keyboard Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\DKbFltr.sys -> [2003-05-08 16:36:56 | 00,016,256 | ---- | M] (Dritek System Inc.) (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZid412.sys -> [2005-10-21 19:58:52 | 00,049,920 | ---- | M] (HP) (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -> [2005-10-21 20:58:58 | 00,016,496 | ---- | M] (HP) (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZius12.sys -> [2005-10-22 07:22:48 | 00,021,568 | ---- | M] (HP) (ISODrive) ISO DVD/CD-ROM Device Driver [File_System | System | Running] -> C:\Program Files\UltraISO\drivers\ISODrive.sys -> [2007-04-13 18:42:16 | 00,068,096 | ---- | M] (EZB Systems, Inc.) (MDC8021X) WPA Security Protocol (IEEE 802.1x) v2.2.0.0 [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -> [2008-03-16 18:54:34 | 00,011,861 | ---- | M] (Meetinghouse Data Communications) (meiudf) meiudf [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\meiudf.sys -> [2003-01-31 17:45:56 | 00,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfeavfk.sys -> [2007-11-22 07:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfebopk.sys -> [2007-11-22 07:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\mfehidk.sys -> [2007-11-22 07:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\mferkdk.sys -> [2007-11-22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfesmfk.sys -> [2007-12-02 13:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) (MPFP) MPFP [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\Mpfp.sys -> [2007-07-13 07:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) (NuidFltr) NUID filter driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\NuidFltr.sys -> [2008-06-09 14:12:10 | 00,018,504 | ---- | M] (Microsoft Corporation) (nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2003-07-31 23:08:00 | 01,329,723 | ---- | M] (NVIDIA Corporation) (pciSd) pciSd [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\tossdpci.sys -> [2003-02-12 09:03:54 | 00,015,143 | ---- | M] (TOSHIBA) (Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\Pcouffin.sys -> [2003-11-11 21:17:16 | 00,034,528 | ---- | M] (VSO Software) (pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\pfc.sys -> [2008-03-22 16:14:41 | 00,010,368 | ---- | M] (Padus, Inc.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2002-08-29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -> [2003-06-03 02:02:00 | 00,017,136 | ---- | M] (Sonic Solutions) (RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -> [2009-01-21 08:49:40 | 00,118,656 | ---- | M] (Realtek Semiconductor Corporation ) (rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\R8139n51.SYS -> [2002-10-04 10:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2008-02-12 02:06:22 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (SMCIRDA) SMC IrCC Miniport Device Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\smcirda.sys -> [2001-08-17 12:10:28 | 00,035,913 | ---- | M] (SMC) (SrvcEKIOMngr) SrvcEKIOMngr [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\EKIoMngr.sys -> [2002-12-18 19:56:32 | 00,005,888 | ---- | M] (COMPAL ELECTRONIC INC.) (SrvcSSIOMngr) SrvcSSIOMngr [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SSIoMngr.sys -> [2002-12-18 19:56:34 | 00,005,888 | ---- | M] (COMPAL ELECTRONIC INC.) (SrvcTPIOMngr) SrvcTPIOMngr [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\TPIoMngr.sys -> [2002-07-17 17:45:48 | 00,004,183 | ---- | M] () (TBiosDrv) TBiosDrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\Tbiosdrv.sys -> [2002-01-24 14:43:40 | 00,006,528 | ---- | M] () (tsdhd) TOSHIBA SD Card Host Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\tsdhd.sys -> [2003-05-14 17:38:32 | 00,025,888 | ---- | M] (TOSHIBA Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.toshiba.com -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1 -> HKEY_USERS\.DEFAULT\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.toshiba.com -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1 -> HKEY_USERS\S-1-5-18\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.toshiba.com -> HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.toshiba.com -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\] > -> -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\: Main\\"Default" -> 15 5F B8 04 6D FD 16 46 91 38 CF 80 9E 34 6F 5B [binary data] -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\: Main\\"Start Page" -> http://www.trafficswarm.com/cgi-bin/swarm.cgi?916925&e3e1c1c0fcb215d03d2d5a2c4fe57dd2 -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\: "ProxyEnable" -> 1 -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\: "ProxyOverride" -> *.local -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla < FireFox Extensions [User Folders] > -> < HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {0D82BD57-1B85-4557-9B90-76E4EB797D7C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009-02-27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated) {4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> C:\Program Files\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [2003-08-03 00:24:01 | 00,192,512 | R--- | M] () {5C43B8A2-24E8-4336-B86E-A94558E10C60} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2007-08-24 08:01:22 | 02,212,224 | ---- | M] (Microsoft Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008-06-10 04:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} [HKLM] -> C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll [del.icio.us Toolbar Helper] -> [2006-09-26 11:02:14 | 00,271,864 | ---- | M] (del.icio.us, a Yahoo! Company) {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2007-11-09 12:09:08 | 00,058,688 | ---- | M] (McAfee, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009-02-17 17:11:04 | 00,408,440 | ---- | M] (Microsoft Corporation) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009-04-27 17:28:29 | 00,259,696 | ---- | M] (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009-04-17 07:50:49 | 00,668,656 | ---- | M] (Google Inc.) {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> [2009-04-27 17:28:29 | 00,470,512 | ---- | M] (Google Inc.) {D7336D32-62F7-43B5-8B8C-3963C72CA498} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005-02-22 14:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\] > -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009-04-27 17:28:29 | 00,259,696 | ---- | M] (Google Inc.) WebBrowser\\"{3FE20A68-5F78-4CF1-A941-3AAA55DE4C9D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found WebBrowser\\"{981FE6A8-260C-4930-960F-C3BC82746CB0}" [HKLM] -> C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll [del.icio.us] -> [2006-09-26 11:02:14 | 00,271,864 | ---- | M] (del.icio.us, a Yahoo! Company) WebBrowser\\"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005-02-22 14:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009-02-27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) "Apoint" -> C:\Program Files\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> [2003-06-18 14:44:06 | 00,151,552 | ---- | M] (Alps Electric Co., Ltd.) "CeEKEY" -> C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe] -> [2003-08-26 21:09:20 | 00,638,976 | ---- | M] (COMPAL ELECTRONIC INC.) "CplBTQ00" -> C:\Program Files\EzButton\CplBTQ00.EXE [C:\Program Files\EzButton\CplBTQ00.EXE] -> [2003-06-27 18:33:10 | 00,708,608 | ---- | M] (Dritek System Inc.) "ezShieldProtector for Px" -> C:\WINDOWS\System32\ezSP_Px.exe [C:\WINDOWS\System32\ezSP_Px.exe] -> [2002-08-20 10:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) "GrooveMonitor" -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2007-08-24 08:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) "HPDJ Taskbar Utility" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe] -> [2006-01-06 22:09:25 | 00,172,032 | ---- | M] (HP) "itype" -> c:\Program Files\Microsoft IntelliType Pro\itype.exe ["c:\Program Files\Microsoft IntelliType Pro\itype.exe"] -> [2008-06-10 13:56:30 | 01,442,888 | ---- | M] (Microsoft Corporation) "LtMoh" -> C:\Program Files\ltmoh\Ltmoh.exe [C:\Program Files\ltmoh\Ltmoh.exe] -> [2003-01-22 14:54:00 | 00,184,320 | ---- | M] (Agere Systems) "mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> [2007-11-01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) "NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> [2003-07-31 23:08:00 | 04,804,608 | ---- | M] (NVIDIA Corporation) "nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2003-07-31 23:08:00 | 00,323,584 | ---- | M] (NVIDIA Corporation) "Pinger" -> c:\toshiba\ivp\ism\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> [2002-10-17 13:21:38 | 00,159,744 | ---- | M] (TOSHIBA Corporation) "QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008-04-07 16:26:24 | 00,077,824 | ---- | M] (Apple Computer, Inc.) "TPNF" -> C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [C:\Program Files\TOSHIBA\TouchPad\TPTray.exe] -> [2003-07-18 15:24:08 | 00,049,152 | ---- | M] (COMPAL ELECTRONIC INC.) "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006-11-03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2007-08-24 03:18:18 | 00,437,160 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2007-08-24 03:18:18 | 00,437,160 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\] > -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008-10-04 09:16:19 | 00,039,408 | ---- | M] (Google Inc.) < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk -> C:\WINDOWS\System32\RAMASST.exe -> [2003-03-14 11:38:12 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < tigri-bigri Startup Folder > -> C:\Documents and Settings\tigri-bigri\Start Menu\Programs\Startup -> C:\Documents and Settings\tigri-bigri\Start Menu\Programs\Startup\SpywareGuard.lnk -> C:\Program Files\SpywareGuard\sgmain.exe -> [2003-08-29 20:05:35 | 00,360,448 | ---- | M] () < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktopChanges" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"DisableTaskMgr" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004] > -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [177] -> File not found \\"NoActiveDesktop" -> [0] -> File not found \\"NoSaveSettings" -> [0] -> File not found \\"ClassicShell" -> [0] -> File not found \\"NoThemesTab" -> [0] -> File not found \\"ForceActiveDesktopOn" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004] > -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableTaskMgr" -> [0] -> File not found \\"NoDispAppearancePage" -> [0] -> File not found \\"NoColorChoice" -> [0] -> File not found \\"NoSizeChoice" -> [0] -> File not found \\"NoDispBackgroundPage" -> [0] -> File not found \\"NoDispScrSavPage" -> [0] -> File not found \\"NoDispCPL" -> [0] -> File not found \\"NoVisualStyleChoice" -> [0] -> File not found \\"NoDispSettingsPage" -> [0] -> File not found \\"disableregistrytools" -> [0] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\] > -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> [2009-02-26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation) Furl It -> [http://www.furl.net/resources/rightClick.jsp] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008-06-10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007-12-13 03:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007-12-13 03:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006-10-26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008-02-12 04:14:06 | 00,558,080 | ---- | M] (Microsoft Corporation) {F47C1DB5-ED21-4dc1-853E-D1495792D4C5}:Exec [HKLM] -> C:\Program Files\Bodog Poker\BPGame.exe [Button: Bodog Poker] -> [2008-12-02 14:19:16 | 03,682,816 | ---- | M] (Bodog) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008-02-12 15:59:46 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008-02-12 15:59:46 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-02-12 04:14:06 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008-02-12 15:59:46 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-02-12 04:14:06 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008-02-12 15:59:46 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\] > -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-02-12 04:14:06 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008-02-12 15:59:46 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 15 domain(s) found. -> 15 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\] > -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5201 domain(s) found. -> admin_1and1.com [https] -> Trusted sites -> websitebuilder_1and1.com [https] -> Trusted sites -> 420 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\] > -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1452089565-128784992-372151615-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {038E2507-7A48-41E2-94AD-7F23D199AF4E} [HKLM] -> http://www.worldwinner.com/games/v54/zengems/zengems.cab [ZenGems Control] -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab [Office Genuine Advantage Validation Tool] -> {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> {18C3FD15-74F6-4280-9C98-3590C966B7B8} [HKLM] -> http://www.worldwinner.com/games/v47/skillgam/skillgam.cab [SkillGam Control] -> {1A1F56AA-3401-46F9-B277-D57F3421F821} [HKLM] -> http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab [FunGamesLoader Object] -> {1D082E71-DF20-4AAF-863B-596428C49874} [HKLM] -> http://www.worldwinner.com/games/v50/tpir/tpir.cab [TPIR Control] -> {42FDC231-A411-45F8-B8B6-3B5026111DA8} [HKLM] -> http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab [SolitaireRush Control] -> {48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab [MySpace Uploader Control] -> {58FC4C77-71C2-4972-A8CD-78691AD85158} [HKLM] -> http://www.worldwinner.com/games/v63/bjattack/bja.cab [BJA Control] -> {615F158E-D5CA-422F-A8E7-F6A5EED7063B} [HKLM] -> http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab [Bejeweled Control] -> {62969CF2-0F7A-433B-A221-FD8818C06C2F} [HKLM] -> http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab [Blockwerx Control] -> {6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205719613403 [WUWebControl Class] -> {6B75345B-AA36-438A-BBE6-4078B4C6984D} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab [Reg Error: Key error.] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205719833777 [MUWebControl Class] -> {6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [HKLM] -> http://www.worldwinner.com/games/shared/wwlaunch.cab [Wwlaunch Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> {97438FE9-D361-4279-BA82-98CC0877A717} [HKLM] -> http://www.worldwinner.com/games/v57/cubis/cubis.cab [Cubis Control] -> {A91FB93D-7561-4524-8484-5C27C8FA8D42} [HKLM] -> http://www.worldwinner.com/games/v49/luxor/luxor.cab [WwLuxor Control] -> {AC2881FD-5760-46DB-83AE-20A5C6432A7E} [HKLM] -> http://www.worldwinner.com/games/v67/swapit/swapit.cab [SwapIt Control] -> {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} [HKLM] -> http://www.worldwinner.com/games/v42/tilecity/tilecity.cab [Tilecity Control] -> {BB637307-92FA-47EC-B3F7-6969078673CC} [HKLM] -> http://www.worldwinner.com/games/v45/royal/royal.cab [Royal Control] -> {C5326A4D-E9AA-40AD-A09A-E74304D86B47} [HKLM] -> http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab [DinerDash Control] -> {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} [HKLM] -> http://www.worldwinner.com/games/v43/paint/paint.cab [Paint Control] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} [HKLM] -> http://www.worldwinner.com/games/v44/golfsol/golfsol.cab [GolfSol Control] -> DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab [Reg Error: Key error.] -> Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\Explorer.exe -> [2008-02-12 15:59:34 | 01,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006-11-03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation) "{81559C35-8464-49F7-BB0E-07A383BEF910}" [HKLM] -> C:\Program Files\SpywareGuard\spywareguard.dll [] -> [2003-08-03 00:20:57 | 00,126,976 | R--- | M] () "{93994DE8-8239-4655-B1D1-5F4E91300429}" [HKLM] -> C:\Program Files\DVD Region+CSS Free\DVDShell.dll [] -> [2004-10-09 03:18:02 | 00,049,152 | ---- | M] (Fengtao Software Inc.) "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2007-08-24 08:01:22 | 02,212,224 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008-02-12 04:14:06 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008-02-12 15:59:52 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007-10-02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007-10-18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008-02-12 04:14:06 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008-02-12 15:59:52 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe" -> C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe [C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup] -> File not found "C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2008-08-15 16:06:10 | 00,634,160 | ---- | M] (BitTorrent, Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2008-01-25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) "C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> [2008-08-30 07:58:11 | 00,342,848 | ---- | M] (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2007-08-29 01:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008-05-21 06:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2008-05-21 05:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007-10-02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007-10-18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2003-08-12 12:28:55 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Registry - Additional Scans - Safe List] < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 2009-05-17 10:11:23 Computer Name = CAVE | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: CAVE\tigri-bigri Checkpoint ID: 1 Error Code: 0x80070005 Error description: Access is denied. Application [ Error ] 2009-05-17 10:11:23 Computer Name = CAVE | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: CAVE\tigri-bigri Checkpoint ID: 1 Error Code: 0x8000ffff Error description: Catastrophic failure Application [ Error ] 2009-05-17 23:47:56 Computer Name = CAVE | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: CAVE\tigri-bigri Checkpoint ID: 1 Error Code: 0x80070005 Error description: Access is denied. Application [ Error ] 2009-05-17 23:47:56 Computer Name = CAVE | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: CAVE\tigri-bigri Checkpoint ID: 1 Error Code: 0x8000ffff Error description: Catastrophic failure Application [ Error ] 2009-05-18 09:33:02 Computer Name = CAVE | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: CAVE\tigri-bigri Checkpoint ID: 1 Error Code: 0x80070005 Error description: Access is denied. Application [ Error ] 2009-05-18 09:33:02 Computer Name = CAVE | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: CAVE\tigri-bigri Checkpoint ID: 1 Error Code: 0x8000ffff Error description: Catastrophic failure Application [ Error ] 2009-05-18 19:00:45 Computer Name = CAVE | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: CAVE\tigri-bigri Checkpoint ID: 1 Error Code: 0x80070005 Error description: Access is denied. Application [ Error ] 2009-05-18 19:00:45 Computer Name = CAVE | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: CAVE\tigri-bigri Checkpoint ID: 1 Error Code: 0x8000ffff Error description: Catastrophic failure Application [ Error ] 2009-05-19 09:16:01 Computer Name = CAVE | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: CAVE\tigri-bigri Checkpoint ID: 1 Error Code: 0x80070005 Error description: Access is denied. Application [ Error ] 2009-05-19 09:16:01 Computer Name = CAVE | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: CAVE\tigri-bigri Checkpoint ID: 1 Error Code: 0x8000ffff Error description: Catastrophic failure System [ Error ] 2009-05-18 09:32:29 Computer Name = CAVE | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool. System [ Error ] 2009-05-18 09:32:52 Computer Name = CAVE | Source = Service Control Manager | ID = 7000 -> Description = The ThreatFire service failed to start due to the following error: %%2 System [ Error ] 2009-05-18 09:33:23 Computer Name = CAVE | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon System [ Error ] 2009-05-18 18:58:19 Computer Name = CAVE | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool. System [ Error ] 2009-05-18 18:58:38 Computer Name = CAVE | Source = Service Control Manager | ID = 7000 -> Description = The ThreatFire service failed to start due to the following error: %%2 System [ Error ] 2009-05-18 18:58:50 Computer Name = CAVE | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon System [ Error ] 2009-05-18 19:00:27 Computer Name = CAVE | Source = Service Control Manager | ID = 7011 -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service. System [ Error ] 2009-05-19 09:05:37 Computer Name = CAVE | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool. System [ Error ] 2009-05-19 09:05:57 Computer Name = CAVE | Source = Service Control Manager | ID = 7000 -> Description = The ThreatFire service failed to start due to the following error: %%2 System [ Error ] 2009-05-19 09:06:08 Computer Name = CAVE | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Documents and Settings\tigri-bigri\Desktop\OTS.exe -> [2009-05-19 07:33:48 | 00,503,808 | ---- | C] (OldTimer Tools) Plato Atlantisza.docx -> C:\Documents and Settings\tigri-bigri\Desktop\Plato Atlantisza.docx -> [2009-05-18 18:36:46 | 00,022,723 | ---- | C] () Bigfish 3 Days Zoo Mystery -> C:\Documents and Settings\tigri-bigri\Application Data\Bigfish 3 Days Zoo Mystery -> [2009-05-17 13:35:49 | 00,000,000 | ---D | C] Play 3 Days - Zoo Mystery.lnk -> C:\Documents and Settings\All Users\Desktop\Play 3 Days - Zoo Mystery.lnk -> [2009-05-17 13:35:22 | 00,001,668 | ---- | C] () 3 Days - Zoo Mystery -> C:\Program Files\3 Days - Zoo Mystery -> [2009-05-17 13:32:47 | 00,000,000 | ---D | C] Orneon -> C:\Documents and Settings\tigri-bigri\Application Data\Orneon -> [2009-05-15 21:51:25 | 00,000,000 | ---D | C] Gogii -> C:\Documents and Settings\All Users\Application Data\Gogii -> [2009-05-08 21:56:26 | 00,000,000 | ---D | C] cerasus.media -> C:\Documents and Settings\tigri-bigri\Application Data\cerasus.media -> [2009-04-24 16:55:48 | 00,000,000 | ---D | C] Mystery Stories Island of Hope.lnk -> C:\Documents and Settings\tigri-bigri\Desktop\Mystery Stories Island of Hope.lnk -> [2009-04-24 16:54:59 | 00,000,856 | ---- | C] () Mystery Stories Island of Hope -> C:\Program Files\Mystery Stories Island of Hope -> [2009-04-24 16:54:30 | 00,000,000 | ---D | C] PICSDK.ini -> C:\WINDOWS\System32\PICSDK.ini -> [2009-03-22 18:46:48 | 00,000,097 | ---- | C] () EPWF500.ini -> C:\WINDOWS\EPWF500.ini -> [2009-03-22 18:44:55 | 00,000,044 | ---- | C] () cdTextCtl.dll -> C:\WINDOWS\System32\cdTextCtl.dll -> [2009-01-03 13:14:23 | 00,061,440 | ---- | C] () MSREGUSR.INI -> C:\WINDOWS\MSREGUSR.INI -> [2008-12-27 16:40:21 | 00,000,088 | ---- | C] () ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2008-10-07 17:34:46 | 00,000,376 | ---- | C] () wcx_ftp.ini -> C:\WINDOWS\wcx_ftp.ini -> [2008-10-07 16:14:50 | 00,000,133 | ---- | C] () wincmd.ini -> C:\WINDOWS\wincmd.ini -> [2008-10-07 16:08:09 | 00,001,257 | ---- | C] () vfhysoyq.ini -> C:\WINDOWS\System32\vfhysoyq.ini -> [2008-09-25 07:02:21 | 00,986,903 | -HS- | C] () BASSMOD.dll -> C:\WINDOWS\System32\BASSMOD.dll -> [2008-09-17 08:14:15 | 00,013,312 | ---- | C] () qwimp.ini -> C:\WINDOWS\qwimp.ini -> [2008-09-01 13:31:36 | 00,000,240 | ---- | C] () intuprof.ini -> C:\WINDOWS\intuprof.ini -> [2008-09-01 13:27:04 | 00,000,576 | ---- | C] () FBF9941D77.sys -> C:\WINDOWS\System32\FBF9941D77.sys -> [2008-04-07 16:27:27 | 00,000,056 | RHS- | C] () KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2008-04-07 16:27:26 | 00,005,018 | -HS- | C] () NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2008-04-01 21:10:19 | 00,000,069 | ---- | C] () TPTray.INI -> C:\WINDOWS\TPTray.INI -> [2008-03-22 08:18:40 | 00,000,000 | ---- | C] () DVDRegionFree.INI -> C:\WINDOWS\DVDRegionFree.INI -> [2008-03-21 22:00:57 | 00,000,067 | ---- | C] () unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2008-03-21 20:05:39 | 00,164,352 | ---- | C] () qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2008-03-21 20:05:33 | 03,596,288 | ---- | C] () xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2008-03-21 20:05:33 | 01,559,040 | ---- | C] () xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2008-03-21 20:05:33 | 00,282,624 | ---- | C] () ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2008-03-21 20:05:31 | 00,007,680 | ---- | C] () ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2008-03-21 20:05:31 | 00,000,547 | ---- | C] () wininit.ini -> C:\WINDOWS\wininit.ini -> [2008-03-16 21:30:45 | 00,000,024 | ---- | C] () msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2008-03-16 21:30:36 | 00,000,002 | ---- | C] () libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2008-03-16 18:54:32 | 00,651,264 | ---- | C] () ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2008-03-16 18:54:32 | 00,147,456 | ---- | C] () OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2008-02-04 19:23:10 | 00,693,792 | ---- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2003-08-27 16:21:21 | 00,000,061 | ---- | C] () CeEKPolicy.dll -> C:\WINDOWS\System32\CeEKPolicy.dll -> [2003-08-26 17:59:10 | 00,024,576 | ---- | C] () CS_setup.ini -> C:\WINDOWS\CS_setup.ini -> [2003-08-12 14:41:16 | 00,000,021 | ---- | C] () CeEKey.INI -> C:\WINDOWS\CeEKey.INI -> [2003-08-12 14:37:28 | 00,000,000 | ---- | C] () QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2003-08-12 14:35:20 | 00,000,823 | ---- | C] () NDSTray.INI -> C:\WINDOWS\NDSTray.INI -> [2003-08-12 14:33:02 | 00,000,000 | ---- | C] () psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2003-08-12 14:30:24 | 00,363,520 | ---- | C] () Px.ini -> C:\WINDOWS\System32\Px.ini -> [2003-08-12 14:23:21 | 00,000,426 | ---- | C] () swupdate.ini -> C:\WINDOWS\swupdate.ini -> [2003-08-12 14:20:19 | 00,000,067 | ---- | C] () CePMTray.INI -> C:\WINDOWS\CePMTray.INI -> [2003-08-12 14:08:33 | 00,000,000 | ---- | C] () Tbiosdrv.sys -> C:\WINDOWS\System32\drivers\Tbiosdrv.sys -> [2003-08-12 14:05:31 | 00,006,528 | ---- | C] () csellang.ini -> C:\WINDOWS\System32\csellang.ini -> [2003-08-12 14:04:30 | 00,128,113 | ---- | C] () csellang.dll -> C:\WINDOWS\System32\csellang.dll -> [2003-08-12 14:04:30 | 00,045,056 | ---- | C] () tosmreg.ini -> C:\WINDOWS\System32\tosmreg.ini -> [2003-08-12 14:04:30 | 00,009,538 | ---- | C] () cseltbl.ini -> C:\WINDOWS\System32\cseltbl.ini -> [2003-08-12 14:04:30 | 00,007,671 | ---- | C] () orun32.ini -> C:\WINDOWS\orun32.ini -> [2003-08-12 12:32:23 | 00,000,791 | ---- | C] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2003-08-12 12:25:16 | 00,001,793 | ---- | C] () oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2003-08-12 11:33:49 | 00,000,382 | ---- | C] () win.ini -> C:\WINDOWS\win.ini -> [2003-08-12 11:33:01 | 00,000,754 | ---- | C] () system.ini -> C:\WINDOWS\system.ini -> [2003-08-12 11:32:50 | 00,000,227 | ---- | C] () TPIOMngr.sys -> C:\WINDOWS\System32\drivers\TPIOMngr.sys -> [2002-07-17 17:45:48 | 00,004,183 | ---- | C] () UNACEV2.DLL -> C:\WINDOWS\System32\UNACEV2.DLL -> [2002-03-21 16:39:02 | 00,073,728 | ---- | C] () [Files/Folders - Modified Within 30 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> OTS.exe -> C:\Documents and Settings\tigri-bigri\Desktop\OTS.exe -> [2009-05-19 07:34:05 | 00,503,808 | ---- | M] (OldTimer Tools) qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009-05-19 06:09:11 | 00,004,232 | ---- | M] () qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009-05-19 06:09:10 | 00,005,485 | ---- | M] () MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2009-05-19 06:08:42 | 00,000,330 | -H-- | M] () Config.MPF -> C:\WINDOWS\System32\Config.MPF -> [2009-05-19 06:06:15 | 00,021,464 | ---- | M] () SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009-05-19 06:05:38 | 00,000,006 | -H-- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009-05-19 06:05:35 | 00,002,048 | --S- | M] () ntuser.dat -> C:\Documents and Settings\tigri-bigri\ntuser.dat -> [2009-05-18 19:19:41 | 09,961,472 | ---- | M] () ntuser.ini -> C:\Documents and Settings\tigri-bigri\ntuser.ini -> [2009-05-18 19:19:41 | 00,000,178 | -HS- | M] () Plato Atlantisza.docx -> C:\Documents and Settings\tigri-bigri\Desktop\Plato Atlantisza.docx -> [2009-05-18 18:36:47 | 00,022,723 | ---- | M] () Microsoft Office Word 2007.lnk -> C:\Documents and Settings\tigri-bigri\Desktop\Microsoft Office Word 2007.lnk -> [2009-05-18 16:09:31 | 00,002,515 | ---- | M] () User_Feed_Synchronization-{51499EAF-AC4C-4E75-B712-8B20C1380463}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{51499EAF-AC4C-4E75-B712-8B20C1380463}.job -> [2009-05-18 08:48:30 | 00,000,434 | -H-- | M] () IconCache.db -> C:\Documents and Settings\tigri-bigri\Local Settings\Application Data\IconCache.db -> [2009-05-17 15:35:38 | 02,646,748 | -H-- | M] () Play 3 Days - Zoo Mystery.lnk -> C:\Documents and Settings\All Users\Desktop\Play 3 Days - Zoo Mystery.lnk -> [2009-05-17 13:35:22 | 00,001,668 | ---- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009-05-17 07:06:33 | 00,001,158 | ---- | M] () Microsoft Office FrontPage 2003.lnk -> C:\Documents and Settings\tigri-bigri\Desktop\Microsoft Office FrontPage 2003.lnk -> [2009-05-13 19:28:57 | 00,002,473 | ---- | M] () DVD list.docx -> C:\Documents and Settings\tigri-bigri\My Documents\DVD list.docx -> [2009-05-05 19:42:35 | 00,019,747 | ---- | M] () CCleaner.lnk -> C:\Documents and Settings\tigri-bigri\Desktop\CCleaner.lnk -> [2009-05-05 17:46:55 | 00,001,548 | ---- | M] () SpywareBlaster.lnk -> C:\Documents and Settings\tigri-bigri\Desktop\SpywareBlaster.lnk -> [2009-05-05 17:36:10 | 00,000,690 | ---- | M] () machine.ver -> C:\WINDOWS\machine.ver -> [2009-04-27 14:17:43 | 00,002,838 | ---- | M] () Mystery Stories Island of Hope.lnk -> C:\Documents and Settings\tigri-bigri\Desktop\Mystery Stories Island of Hope.lnk -> [2009-04-24 16:54:59 | 00,000,856 | ---- | M] () DVDRegionFree.INI -> C:\WINDOWS\DVDRegionFree.INI -> [2009-04-24 16:29:29 | 00,000,067 | ---- | M] () hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2008-12-27 13:53:06 | 00,000,184 | ---- | M] () opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2008-10-08 11:44:17 | 00,008,206 | ---- | M] () CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [2008-09-25 07:23:30 | 00,004,620 | ---- | M] () wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2008-03-27 21:41:53 | 00,016,384 | ---- | M] () opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2008-03-22 11:10:36 | 00,008,206 | ---- | M] () [File - Lop Check] Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2008-11-17 08:36:02 | 00,000,000 | RH-D | M] Drag'n Drop CD+DVD -> C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD+DVD -> [2003-08-12 14:24:24 | 00,000,000 | ---D | M] InterVideo -> C:\Documents and Settings\Administrator\Application Data\InterVideo -> [2003-08-12 14:55:39 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009-05-08 21:56:26 | 00,000,000 | RH-D | M] ACD Systems -> C:\Documents and Settings\All Users\Application Data\ACD Systems -> [2008-03-22 16:14:54 | 00,000,000 | ---D | M] ArcSoft -> C:\Documents and Settings\All Users\Application Data\ArcSoft -> [2009-03-22 18:50:33 | 00,000,000 | ---D | M] Avery -> C:\Documents and Settings\All Users\Application Data\Avery -> [2008-09-10 13:59:27 | 00,000,000 | ---D | M] COMMON FILES -> C:\Documents and Settings\All Users\Application Data\COMMON FILES -> [2008-03-27 09:49:31 | 00,000,000 | ---D | M] CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2008-09-14 17:49:41 | 00,000,000 | ---D | M] EPSON -> C:\Documents and Settings\All Users\Application Data\EPSON -> [2009-03-22 18:48:34 | 00,000,000 | ---D | M] FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [2008-03-21 20:59:48 | 00,000,000 | ---D | M] FunGames -> C:\Documents and Settings\All Users\Application Data\FunGames -> [2009-02-01 15:11:09 | 00,000,000 | ---D | M] Gogii -> C:\Documents and Settings\All Users\Application Data\Gogii -> [2009-05-08 21:56:26 | 00,000,000 | ---D | M] HoverBee Studios -> C:\Documents and Settings\All Users\Application Data\HoverBee Studios -> [2009-04-08 16:26:50 | 00,000,000 | ---D | M] Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [2008-09-01 19:12:12 | 00,000,000 | ---D | M] Messenger Plus! -> C:\Documents and Settings\All Users\Application Data\Messenger Plus! -> [2008-03-22 16:22:27 | 00,000,000 | ---D | M] MumboJumbo -> C:\Documents and Settings\All Users\Application Data\MumboJumbo -> [2009-04-13 19:36:48 | 00,000,000 | ---D | M] NortonInstaller -> C:\Documents and Settings\All Users\Application Data\NortonInstaller -> [2008-11-17 08:15:35 | 00,000,000 | ---D | M] PlayPond -> C:\Documents and Settings\All Users\Application Data\PlayPond -> [2009-04-07 18:18:52 | 00,000,000 | ---D | M] Playrix Entertainment -> C:\Documents and Settings\All Users\Application Data\Playrix Entertainment -> [2009-02-05 17:54:29 | 00,000,000 | ---D | M] QuickClick -> C:\Documents and Settings\All Users\Application Data\QuickClick -> [2009-04-08 18:52:23 | 00,000,000 | ---D | M] Sandlot Games -> C:\Documents and Settings\All Users\Application Data\Sandlot Games -> [2009-04-14 19:09:02 | 00,000,000 | ---D | M] SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2003-08-12 12:33:01 | 00,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009-05-18 08:33:52 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Default User\Application Data -> [2003-08-12 14:55:39 | 00,000,000 | RH-D | M] Drag'n Drop CD+DVD -> C:\Documents and Settings\Default User\Application Data\Drag'n Drop CD+DVD -> [2003-08-12 14:24:24 | 00,000,000 | ---D | M] InterTrust -> C:\Documents and Settings\Default User\Application Data\InterTrust -> [2003-08-12 14:22:19 | 00,000,000 | ---D | M] InterVideo -> C:\Documents and Settings\Default User\Application Data\InterVideo -> [2003-08-12 14:55:39 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2003-08-12 12:32:02 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2003-08-12 12:32:01 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\tigri-bigri\Application Data -> [2009-05-15 21:51:25 | 00,000,000 | RH-D | M] 7Wonders -> C:\Documents and Settings\tigri-bigri\Application Data\7Wonders -> [2009-02-05 19:07:04 | 00,000,000 | ---D | M] ACD Systems -> C:\Documents and Settings\tigri-bigri\Application Data\ACD Systems -> [2008-03-22 16:15:37 | 00,000,000 | ---D | M] Arcsoft -> C:\Documents and Settings\tigri-bigri\Application Data\Arcsoft -> [2009-03-27 16:32:43 | 00,000,000 | ---D | M] Big Fish Games -> C:\Documents and Settings\tigri-bigri\Application Data\Big Fish Games -> [2009-04-14 17:44:44 | 00,000,000 | ---D | M] BitTorrent -> C:\Documents and Settings\tigri-bigri\Application Data\BitTorrent -> [2009-03-10 19:56:35 | 00,000,000 | ---D | M] cerasus.media -> C:\Documents and Settings\tigri-bigri\Application Data\cerasus.media -> [2009-04-24 16:55:48 | 00,000,000 | ---D | M] CyberLink -> C:\Documents and Settings\tigri-bigri\Application Data\CyberLink -> [2008-09-14 17:49:50 | 00,000,000 | ---D | M] DNA -> C:\Documents and Settings\tigri-bigri\Application Data\DNA -> [2008-08-30 08:11:46 | 00,000,000 | ---D | M] Drag'n Drop CD+DVD -> C:\Documents and Settings\tigri-bigri\Application Data\Drag'n Drop CD+DVD -> [2003-08-12 14:24:24 | 00,000,000 | ---D | M] Dream Farm Games -> C:\Documents and Settings\tigri-bigri\Application Data\Dream Farm Games -> [2009-04-13 18:35:13 | 00,000,000 | ---D | M] Individual Software -> C:\Documents and Settings\tigri-bigri\Application Data\Individual Software -> [2008-09-07 09:31:51 | 00,000,000 | ---D | M] InterTrust -> C:\Documents and Settings\tigri-bigri\Application Data\InterTrust -> [2003-08-12 14:22:19 | 00,000,000 | ---D | M] InterVideo -> C:\Documents and Settings\tigri-bigri\Application Data\InterVideo -> [2003-08-12 14:55:39 | 00,000,000 | ---D | M] Intuit -> C:\Documents and Settings\tigri-bigri\Application Data\Intuit -> [2008-03-27 09:36:32 | 00,000,000 | ---D | M] Leadertech -> C:\Documents and Settings\tigri-bigri\Application Data\Leadertech -> [2009-03-22 19:03:46 | 00,000,000 | ---D | M] Orneon -> C:\Documents and Settings\tigri-bigri\Application Data\Orneon -> [2009-05-15 21:51:25 | 00,000,000 | ---D | M] SerpentOfIsis -> C:\Documents and Settings\tigri-bigri\Application Data\SerpentOfIsis -> [2009-03-02 18:48:22 | 00,000,000 | ---D | M] Skunk Studios -> C:\Documents and Settings\tigri-bigri\Application Data\Skunk Studios -> [2009-04-13 17:10:23 | 00,000,000 | ---D | M] Template -> C:\Documents and Settings\tigri-bigri\Application Data\Template -> [2008-07-11 20:07:50 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009-05-19 06:08:42 | 00,000,000 | --SD | M] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2002-08-29 05:00:00 | 00,000,065 | RH-- | M] () McDefragTask.job -> C:\WINDOWS\Tasks\McDefragTask.job -> [2008-06-15 02:09:09 | 00,000,352 | ---- | M] () McQcTask.job -> C:\WINDOWS\Tasks\McQcTask.job -> [2008-05-17 08:42:05 | 00,000,344 | ---- | M] () Microsoft_Hardware_Launch_IType_exe.job -> C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job -> [2008-12-27 11:58:47 | 00,000,312 | -H-- | M] () MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2009-05-19 06:08:42 | 00,000,330 | -H-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009-05-19 06:05:38 | 00,000,006 | -H-- | M] () User_Feed_Synchronization-{51499EAF-AC4C-4E75-B712-8B20C1380463}.job -> C:\WINDOWS\Tasks\User_Feed_Synchronization-{51499EAF-AC4C-4E75-B712-8B20C1380463}.job -> [2009-05-18 08:48:30 | 00,000,434 | -H-- | M] () [File - Purity Scan] [Alternate Data Streams] @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECCE99EF @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C988F7D @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB3CECA4 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3EFA8A8 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:102394C6 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572 @Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FC7B9E4 @Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF54CFFD @Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2E567F @Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:330E66BD @Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8 @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72F57408 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E636D62 < End of report > [/code]