[code] OTS logfile created on: 2/20/2010 12:52:02 PM - Run 1 OTS by OldTimer - Version 3.1.22.0 Folder = C:\Documents and Settings\earl.DDZQW8F1\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 894.00 Mb Total Physical Memory | 237.00 Mb Available Physical Memory | 27.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 107.84 Gb Total Space | 80.29 Gb Free Space | 74.45% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DDZQW8F1 Current User Name: earl Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Documents and Settings\earl.DDZQW8F1\Desktop\OTS.exe -> [2010/02/20 11:59:38 | 000,632,320 | ---- | M] (OldTimer Tools) fcvlsftav.exe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe -> [2010/02/20 02:03:45 | 000,278,784 | ---- | M] () avgchsvx.exe -> C:\Program Files\AVG\AVG9\avgchsvx.exe -> [2010/01/25 22:31:25 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) avgnsx.exe -> C:\Program Files\AVG\AVG9\avgnsx.exe -> [2010/01/25 22:31:24 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) avgrsx.exe -> C:\Program Files\AVG\AVG9\avgrsx.exe -> [2010/01/25 22:31:24 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) avgcsrvx.exe -> C:\Program Files\AVG\AVG9\avgcsrvx.exe -> [2010/01/25 22:31:23 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) avgtray.exe -> C:\Program Files\AVG\AVG9\avgtray.exe -> [2010/01/25 22:31:22 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) avgwdsvc.exe -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2010/01/25 22:31:18 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) rpcnet.exe -> C:\WINDOWS\system32\rpcnet.exe -> [2010/01/25 21:26:04 | 000,056,680 | ---- | M] (Absolute Software Corp.) regcure.exe -> C:\Program Files\RegCure\RegCure.exe -> [2009/12/11 14:00:44 | 013,006,104 | ---- | M] () iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/08/27 00:18:44 | 000,634,648 | ---- | M] (Microsoft Corporation) comcastantispy.exe -> C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe -> [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () comcastantispyservice.exe -> C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -> [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () sprtcmd.exe -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe -> [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 000,290,088 | ---- | M] (Apple Inc.) ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 000,536,872 | ---- | M] (Apple Inc.) applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/27 18:15:27 | 000,029,744 | ---- | M] (Google) sprtsvc.exe -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) ati2evxx.exe -> C:\WINDOWS\system32\ati2evxx.exe -> [2007/10/16 22:16:12 | 000,430,080 | ---- | M] (ATI Technologies Inc.) itmrtsvc.exe -> C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -> [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) roxwatchtray9.exe -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> [2006/11/05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) roxwatch9.exe -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> [2006/11/05 12:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) cpshelprunner.exe -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe -> [2006/11/05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2006/10/03 12:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> [2006/09/22 12:47:54 | 000,761,947 | ---- | M] (Synaptics, Inc.) stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2006/09/22 12:06:26 | 000,282,624 | ---- | M] (SigmaTel, Inc.) cli.exe -> C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe -> [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) wltray.exe -> C:\WINDOWS\system32\WLTRAY.EXE -> [2005/12/19 16:08:42 | 001,347,584 | ---- | M] (Dell Inc.) wltrysvc.exe -> C:\WINDOWS\system32\WLTRYSVC.EXE -> [2005/12/19 16:08:42 | 000,018,944 | ---- | M] () bcmwltry.exe -> C:\WINDOWS\system32\BCMWLTRY.EXE -> [2005/12/19 16:08:40 | 001,200,128 | ---- | M] (Dell Inc.) dvdlauncher.exe -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> [2005/12/09 21:29:52 | 000,049,152 | ---- | M] (CyberLink Corp.) dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) netwaiting.exe -> C:\Program Files\NetWaiting\netwaiting.exe -> [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () hpztsb06.exe -> C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe -> [2002/07/11 07:06:23 | 000,188,416 | ---- | M] (HP) [Modules - Safe List] ots.exe -> C:\Documents and Settings\earl.DDZQW8F1\Desktop\OTS.exe -> [2010/02/20 11:59:38 | 000,632,320 | ---- | M] (OldTimer Tools) [Win32 Services - Safe List] (avg9wd) AVG Free WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2010/01/25 22:31:18 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) (Rpcnet) Remote Procedure Call (RPC) Net [Auto | Running] -> C:\WINDOWS\system32\rpcnet.exe -> [2010/01/25 21:26:04 | 000,056,680 | ---- | M] (Absolute Software Corp.) (gupdate) Google Update Service (gupdate) [Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/07/01 20:24:16 | 000,133,104 | ---- | M] (Google Inc.) (AntiSpywareService) Comcast AntiSpyware [Auto | Running] -> C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -> [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () (iPod Service) iPod Service [On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 000,536,872 | ---- | M] (Apple Inc.) (Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) (Bonjour Service) Bonjour Service [Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) (GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/27 18:15:27 | 000,029,744 | ---- | M] (Google) (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Auto | Running] -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) (Ati HotKey Poller) Ati HotKey Poller [Auto | Running] -> C:\WINDOWS\system32\ati2evxx.exe -> [2007/10/16 22:16:12 | 000,430,080 | ---- | M] (ATI Technologies Inc.) (ITMRTSVC) Pest Patrol Realtime Service [Auto | Running] -> C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -> [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) (RoxMediaDB9) RoxMediaDB9 [On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2006/11/05 12:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) (RoxWatch9) Roxio Hard Drive Watcher 9 [Auto | Running] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> [2006/11/05 12:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) (stllssvr) stllssvr [On_Demand | Stopped] -> C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -> [2006/09/14 15:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) (wltrysvc) Dell Wireless WLAN Tray Service [Auto | Running] -> C:\WINDOWS\System32\WLTRYSVC.EXE -> [2005/12/19 16:08:42 | 000,018,944 | ---- | M] () (IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [Driver Services - Safe List] (AvgTdiX) AVG Free Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2010/01/25 22:32:03 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2010/01/25 22:31:57 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2010/01/25 22:31:55 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\mfehidk.sys -> [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mfeavfk.sys -> [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mfesmfk.sys -> [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mfebopk.sys -> [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mferkdk.sys -> [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaapl.sys -> [2008/11/07 14:23:30 | 000,032,000 | ---- | M] (Apple, Inc.) (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 13:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2007/10/16 22:16:14 | 001,777,152 | ---- | M] (ATI Technologies Inc.) (grmnusb) grmnusb [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\grmnusb.sys -> [2007/03/08 17:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) (BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -> [2006/12/20 14:31:34 | 000,049,904 | R--- | M] (Avanquest Software) (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2006/09/22 12:47:52 | 000,191,872 | ---- | M] (Synaptics, Inc.) (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2006/09/22 12:06:26 | 001,171,464 | ---- | M] (SigmaTel, Inc.) (DLADResM) DLADResM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResM.SYS -> [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) (DLABMFSM) DLABMFSM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABMFSM.SYS -> [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) (DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) (DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) (DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) (DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) (DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) (DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2006/08/17 14:55:16 | 000,044,544 | ---- | M] (Broadcom Corporation) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2006/08/16 04:00:00 | 000,036,592 | ---- | M] (Sonic Solutions) (DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2006/08/11 12:05:58 | 000,051,768 | ---- | M] (Roxio) (DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) (DLARTL_M) DLARTL_M [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_M.SYS -> [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) (DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2006/07/21 12:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) (AmdK8) AMD Processor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdK8.sys -> [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSX_DPV.sys -> [2005/12/01 08:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSXHWAZL.sys -> [2005/12/01 08:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSX_CNXT.sys -> [2005/12/01 08:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) (BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\BCMWL5.SYS -> [2005/11/02 20:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2005/10/05 05:57:08 | 000,012,544 | ---- | M] (Conexant) (APPDRV) APPDRV [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) (rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rimmptsk.sys -> [2005/07/15 00:58:14 | 000,028,544 | ---- | M] (REDC) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) (nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) (symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) (ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) (ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) (ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) (ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) (asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) (asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) (AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\e100b325.sys -> [2001/08/17 13:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071209 -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.comcast.net/toolbar2.0/search/ -> HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071209 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071209 -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071209 -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1 -> HKEY_USERS\.DEFAULT\: "ProxyOverride" -> -> HKEY_USERS\.DEFAULT\: "ProxyServer" -> http=127.0.0.1:5555 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071209 -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071209 -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1 -> HKEY_USERS\S-1-5-18\: "ProxyOverride" -> -> HKEY_USERS\S-1-5-18\: "ProxyServer" -> http=127.0.0.1:5555 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\] > -> -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\: Main\\"Search Page" -> http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\: Main\\"Start Page" -> http://www.post-gazette.com/ -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 10 4D 79 29 1C 63 CA 01 [binary data] -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\: URLSearchHooks\\"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] () HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\: "ProxyEnable" -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{8484F8E9-4816-4E01-AB54-8D74884CCDEC} -> C:\Documents and Settings\earl.DDZQW8F1\Local Settings\Application Data\{8484F8E9-4816-4E01-AB54-8D74884CCDEC} [C:\DOCUMENTS AND SETTINGS\EARL.DDZQW8F1\LOCAL SETTINGS\APPLICATION DATA\{8484F8E9-4816-4E01-AB54-8D74884CCDEC}] -> [2010/01/20 14:24:57 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{CB15839E-D81C-4F4D-B4EE-A841580A0DB5} -> C:\DOCUMENTS AND SETTINGS\CAROL\LOCAL SETTINGS\APPLICATION DATA\{CB15839E-D81C-4F4D-B4EE-A841580A0DB5}\ [C:\DOCUMENTS AND SETTINGS\CAROL\LOCAL SETTINGS\APPLICATION DATA\{CB15839E-D81C-4F4D-B4EE-A841580A0DB5}\] -> [2010/01/20 17:41:02 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> < HOSTS File > ([2009/11/16 18:50:05 | 000,351,393 | R--- | M] - 12096 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> First 25 entries... Reset Hosts 127.0.0.1 localhost ::1 localhost 91.212.127.226 osguard-pro.microsoft.com 91.212.127.226 osguard-pro.com 91.212.127.226 www.osguard-pro.com 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 100sexlinks.com < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2010/01/25 22:31:29 | 001,484,056 | ---- | M] (AVG Technologies CZ, s.r.o.) {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKLM] -> C:\Program Files\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> [2006/11/07 14:21:58 | 001,821,184 | ---- | M] (Comcast Cable Communications. ) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} [HKLM] -> C:\Program Files\comcasttb\comcastdx.dll [Comcast Toolbar] -> [2009/05/25 09:06:48 | 000,091,608 | ---- | M] () < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" [HKLM] -> C:\Program Files\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> [2006/11/07 14:21:58 | 001,821,184 | ---- | M] (Comcast Cable Communications. ) "{79CEEA4E-C231-4614-9E3B-53B2A02F39B7}" [HKLM] -> C:\Program Files\comcasttb\comcastdx.dll [Comcast Toolbar] -> [2009/05/25 09:06:48 | 000,091,608 | ---- | M] () "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] () "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" [HKLM] -> C:\Program Files\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> [2006/11/07 14:21:58 | 001,821,184 | ---- | M] (Comcast Cable Communications. ) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" [HKLM] -> C:\Program Files\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> [2006/11/07 14:21:58 | 001,821,184 | ---- | M] (Comcast Cable Communications. ) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\] > -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" [HKLM] -> C:\Program Files\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> [2006/11/07 14:21:58 | 001,821,184 | ---- | M] (Comcast Cable Communications. ) WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] () < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "" -> [] -> File not found "ATICCC" -> C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"] -> [2006/05/10 12:12:06 | 000,090,112 | ---- | M] () "AVG9_TRAY" -> C:\Program Files\AVG\AVG9\avgtray.exe [C:\PROGRA~1\AVG\AVG9\avgtray.exe] -> [2010/01/25 22:31:22 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) "Broadcom Wireless Manager UI" -> C:\WINDOWS\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY.exe] -> [2005/12/19 16:08:42 | 001,347,584 | ---- | M] (Dell Inc.) "DellSupportCenter" -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) "DVDLauncher" -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> [2005/12/09 21:29:52 | 000,049,152 | ---- | M] (CyberLink Corp.) "gekjxsuu" -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe [C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe] -> [2010/02/20 02:03:45 | 000,278,784 | ---- | M] () "Google Desktop Search" -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2008/08/27 18:15:27 | 000,029,744 | ---- | M] (Google) "HPDJ Taskbar Utility" -> C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe] -> [2002/07/11 07:06:23 | 000,188,416 | ---- | M] (HP) "ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2006/10/03 12:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) "iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 13:20:54 | 000,290,088 | ---- | M] (Apple Inc.) "QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/11/04 10:30:50 | 000,413,696 | ---- | M] (Apple Inc.) "RoxWatchTray" -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe ["C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"] -> [2006/11/05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) "SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2006/09/22 12:06:26 | 000,282,624 | ---- | M] (SigmaTel, Inc.) "SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/09/22 12:47:54 | 000,761,947 | ---- | M] (Synaptics, Inc.) "Tzibidetay" -> C:\WINDOWS\uduxivuxeruxile.DLL [rundll32.exe "C:\WINDOWS\uduxivuxeruxile.dll",Startup] -> File not found < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "gekjxsuu" -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe [C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe] -> [2010/02/20 02:03:45 | 000,278,784 | ---- | M] () < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "gekjxsuu" -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe [C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu\fcvlsftav.exe] -> [2010/02/20 02:03:45 | 000,278,784 | ---- | M] () < Run [HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\] > -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ComcastAntispyClient" -> C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ["C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide] -> [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () "ModemOnHold" -> C:\Program Files\NetWaiting\netwaiting.exe [C:\Program Files\NetWaiting\netWaiting.exe] -> [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe -> [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 02:01:04 | 000,083,360 | ---- | M] (Microsoft Corporation) < carol Startup Folder > -> C:\Documents and Settings\carol\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < earl Startup Folder > -> C:\Documents and Settings\earl\Start Menu\Programs\Startup -> < earl.DDZQW8F1 Startup Folder > -> C:\Documents and Settings\earl.DDZQW8F1\Start Menu\Programs\Startup -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HonorAutoRunSetting" -> [1] -> File not found \\"NoCDBurning" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008] > -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Menu: Sun Java Console] -> [2005/11/10 14:22:12 | 000,069,746 | ---- | M] (Sun Microsystems, Inc.) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> [2005/11/10 14:22:12 | 000,069,746 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> [2005/11/10 14:22:12 | 000,069,746 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6251 domain(s) found. -> 57 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6251 domain(s) found. -> 57 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6251 domain(s) found. -> 57 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\] > -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6258 domain(s) found. -> login_comcast.net [https] -> Trusted sites -> signin_ebay.com [https] -> Trusted sites -> www_ebay.com [https] -> Trusted sites -> www_fnfg.com [https] -> Trusted sites -> internet .[about] -> Trusted sites -> mcafee.com .[http] -> Trusted sites -> mcafee.com .[https] -> Trusted sites -> www.update_microsoft.com [https] -> Trusted sites -> enterprise2_openbank.com [https] -> Trusted sites -> 62 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\] > -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1446883429-823023976-1181295350-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257808869062 [MUWebControl Class] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.1 -> NameServer -> 93.188.165.99,93.188.161.88 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {2DE162A0-1EFE-4005-AC32-A42AE97CE852}\\DhcpNameServer -> 192.168.1.1 (Dell Wireless 1390 WLAN Mini-Card) -> {2DE162A0-1EFE-4005-AC32-A42AE97CE852}\\NameServer -> 93.188.165.99,93.188.161.88 (Dell Wireless 1390 WLAN Mini-Card) -> {6CA486CD-7FC2-434D-903C-92E78AF4E34B}\\NameServer -> 93.188.165.99,93.188.161.88 (Broadcom 440x 10/100 Integrated Controller) -> IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles "MaxScriptStatements" -> Reg Error: Invalid data type. "Use My Stylesheet" -> Reg Error: Invalid data type. "User Stylesheet" -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\sdra64.exe -> C:\WINDOWS\system32\sdra64.exe -> [2009/02/09 07:10:48 | 000,143,872 | R--- | M] () *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2007/10/16 22:16:12 | 000,090,112 | ---- | M] (ATI Technologies Inc.) avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2010/01/25 22:32:03 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> Reg Error: Key error. [CDBurn] -> File not found < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\AVG\AVG9\avgnsx.exe" -> C:\Program Files\AVG\AVG9\avgnsx.exe [C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2010/01/25 22:31:24 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" -> C:\Program Files\AVG\AVG9\avgupd.exe [C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe] -> [2010/01/25 22:31:21 | 001,007,896 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) "C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2009/08/27 00:18:44 | 000,634,648 | ---- | M] (Microsoft Corporation) "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 014,294,824 | ---- | M] (Apple Inc.) "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" -> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe [C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox] -> [2007/06/17 07:56:42 | 006,399,480 | ---- | M] (Yahoo! Inc.) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 -> [2001/02/13 01:59:26 | 000,066,976 | ---- | M] (Microsoft Corporation) htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/08/27 00:18:44 | 000,634,648 | ---- | M] (Microsoft Corporation) htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/08/27 00:18:44 | 000,634,648 | ---- | M] (Microsoft Corporation) htmlfile [print] -> "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 -> [2001/02/13 01:59:26 | 000,066,976 | ---- | M] (Microsoft Corporation) http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/08/27 00:18:44 | 000,634,648 | ---- | M] (Microsoft Corporation) https [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/08/27 00:18:44 | 000,634,648 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> regfile [merge] -> Reg Error: Key error. scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 19:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> txtfile [edit] -> Reg Error: Key error. Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/08/27 00:18:44 | 000,634,648 | ---- | M] (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" -> [2009/08/27 00:18:44 | 000,634,648 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 2/20/2010 1:21:21 AM Computer Name = DDZQW8F1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: A connection with the server could not be established Application [ Error ] 2/20/2010 3:21:22 AM Computer Name = DDZQW8F1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The connection with the server was terminated abnormally Application [ Error ] 2/20/2010 5:21:23 AM Computer Name = DDZQW8F1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The connection with the server was terminated abnormally Application [ Error ] 2/20/2010 7:21:24 AM Computer Name = DDZQW8F1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The connection with the server was terminated abnormally Application [ Error ] 2/20/2010 9:21:25 AM Computer Name = DDZQW8F1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The connection with the server was terminated abnormally Application [ Error ] 2/20/2010 11:21:25 AM Computer Name = DDZQW8F1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The connection with the server was terminated abnormally Application [ Error ] 2/20/2010 12:09:18 PM Computer Name = DDZQW8F1 | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb. Application [ Error ] 2/20/2010 1:21:27 PM Computer Name = DDZQW8F1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: The connection with the server was terminated abnormally Application [ Error ] 2/20/2010 1:51:14 PM Computer Name = DDZQW8F1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: A connection with the server could not be established Application [ Error ] 2/20/2010 1:51:14 PM Computer Name = DDZQW8F1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: This network connection does not exist. System [ Error ] 2/20/2010 12:06:52 PM Computer Name = DDZQW8F1 | Source = DCOM | ID = 10010 -> Description = The server {1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} did not register with DCOM within the required timeout. System [ Error ] 2/20/2010 12:07:04 PM Computer Name = DDZQW8F1 | Source = DCOM | ID = 10010 -> Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout. System [ Error ] 2/20/2010 12:07:22 PM Computer Name = DDZQW8F1 | Source = DCOM | ID = 10010 -> Description = The server {1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} did not register with DCOM within the required timeout. System [ Error ] 2/20/2010 12:07:37 PM Computer Name = DDZQW8F1 | Source = DCOM | ID = 10010 -> Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout. System [ Error ] 2/20/2010 12:07:59 PM Computer Name = DDZQW8F1 | Source = DCOM | ID = 10010 -> Description = The server {1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} did not register with DCOM within the required timeout. System [ Error ] 2/20/2010 12:08:07 PM Computer Name = DDZQW8F1 | Source = DCOM | ID = 10010 -> Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout. System [ Error ] 2/20/2010 12:09:00 PM Computer Name = DDZQW8F1 | Source = DCOM | ID = 10010 -> Description = The server {1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} did not register with DCOM within the required timeout. System [ Error ] 2/20/2010 12:49:13 PM Computer Name = DDZQW8F1 | Source = DCOM | ID = 10010 -> Description = The server {1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} did not register with DCOM within the required timeout. System [ Error ] 2/20/2010 1:46:17 PM Computer Name = DDZQW8F1 | Source = Ftdisk | ID = 262189 -> Description = The system could not sucessfully load the crash dump driver. System [ Error ] 2/20/2010 1:46:17 PM Computer Name = DDZQW8F1 | Source = Ftdisk | ID = 262193 -> Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Documents and Settings\earl.DDZQW8F1\Desktop\OTS.exe -> [2010/02/20 11:59:38 | 000,632,320 | ---- | C] (OldTimer Tools) COMCASTTOOLBAR -> C:\Documents and Settings\NetworkService\Application Data\COMCASTTOOLBAR -> [2010/02/20 11:09:04 | 000,000,000 | ---D | M] comcasttb -> C:\Documents and Settings\NetworkService\Application Data\comcasttb -> [2010/02/20 10:41:24 | 000,000,000 | ---D | M] CallingID -> C:\Documents and Settings\NetworkService\Application Data\CallingID -> [2010/02/20 10:38:42 | 000,000,000 | ---D | M] sqnypu -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\sqnypu -> [2010/02/20 02:04:21 | 000,000,000 | ---D | M] Sun -> C:\Documents and Settings\NetworkService\Application Data\Sun -> [2010/02/17 16:25:42 | 000,000,000 | ---D | M] Identities -> C:\Documents and Settings\NetworkService\Application Data\Identities -> [2010/02/15 19:40:57 | 000,000,000 | ---D | M] Adobe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe -> [2010/02/15 19:06:33 | 000,000,000 | ---D | M] Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/02/15 19:06:06 | 000,000,000 | ---D | M] lowsec -> C:\WINDOWS\System32\lowsec -> [2010/02/15 18:06:49 | 000,000,000 | -HSD | C] Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2010/02/15 10:54:32 | 000,000,000 | ---D | M] SupportSoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft -> [2010/02/12 17:02:19 | 000,000,000 | ---D | M] Temp -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp -> [2010/02/08 19:35:51 | 000,000,000 | ---D | M] RegCure -> C:\Program Files\RegCure -> [2010/01/29 13:15:39 | 000,000,000 | ---D | C] RegCure -> C:\Documents and Settings\All Users\Application Data\RegCure -> [2010/01/29 13:15:39 | 000,000,000 | ---D | C] Apple -> C:\Documents and Settings\earl.DDZQW8F1\Local Settings\Application Data\Apple -> [2010/01/29 11:34:02 | 000,000,000 | ---D | C] Recent -> C:\Documents and Settings\earl.DDZQW8F1\Recent -> [2010/01/26 08:37:19 | 000,000,000 | RH-D | C] AVG8 -> C:\Documents and Settings\earl.DDZQW8F1\Application Data\AVG8 -> [2010/01/25 23:29:40 | 000,000,000 | ---D | C] $AVG -> C:\$AVG -> [2010/01/25 22:32:17 | 000,000,000 | -H-D | C] avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2010/01/25 22:32:03 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2010/01/25 22:32:03 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2010/01/25 22:31:57 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2010/01/25 22:31:55 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) Avg -> C:\WINDOWS\System32\drivers\Avg -> [2010/01/25 22:31:44 | 000,000,000 | ---D | C] AVG Security Toolbar -> C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> [2010/01/25 22:31:39 | 000,000,000 | ---D | C] AVG -> C:\Program Files\AVG -> [2010/01/25 22:31:18 | 000,000,000 | ---D | C] avg9 -> C:\Documents and Settings\All Users\Application Data\avg9 -> [2010/01/25 22:31:15 | 000,000,000 | ---D | C] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2010/01/25 22:30:07 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2010/01/25 22:30:07 | 000,000,000 | --SD | M] Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2010/01/25 22:30:07 | 000,000,000 | ---D | M] Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2010/01/25 22:30:07 | 000,000,000 | ---D | M] avg_free_stb_all_9_40_cnet.exe -> C:\Documents and Settings\earl.DDZQW8F1\Desktop\avg_free_stb_all_9_40_cnet.exe -> [2010/01/25 22:02:00 | 000,891,248 | ---- | C] (AVG Technologies) Upgrd.exe -> C:\WINDOWS\System32\Upgrd.exe -> [2010/01/25 21:26:04 | 000,013,160 | ---- | C] (Absolute Software Corp.) Cyberlink -> C:\Documents and Settings\earl.DDZQW8F1\My Documents\Cyberlink -> [2010/01/24 19:31:52 | 000,000,000 | ---D | C] CyberLink -> C:\Documents and Settings\earl.DDZQW8F1\Application Data\CyberLink -> [2010/01/24 19:31:52 | 000,000,000 | ---D | C] PowerDVD -> C:\Documents and Settings\earl.DDZQW8F1\Local Settings\Application Data\PowerDVD -> [2010/01/24 19:31:47 | 000,000,000 | ---D | C] Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2009/07/01 20:29:00 | 000,000,000 | ---D | M] Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2009/07/01 20:24:45 | 000,000,000 | ---D | M] Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2009/06/20 20:32:13 | 000,000,000 | ---D | M] Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/06/20 20:31:56 | 000,000,000 | ---D | M] Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2009/02/06 11:34:01 | 000,000,000 | ---D | M] cshost.dll -> C:\WINDOWS\System32\cshost.dll -> [2008/04/30 16:04:31 | 000,008,192 | ---- | C] ( ) Roxio -> C:\Documents and Settings\LocalService\Application Data\Roxio -> [2007/12/09 23:13:52 | 000,000,000 | ---D | M] 93 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 86 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files/Folders - Modified Within 30 Days] rpcnetp.dll -> C:\WINDOWS\System32\rpcnetp.dll -> [2010/02/20 12:46:51 | 000,017,408 | ---- | M] () rpcnet.dll -> C:\WINDOWS\System32\rpcnet.dll -> [2010/02/20 12:46:50 | 000,056,680 | ---- | M] (Absolute Software Corp.) GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/02/20 12:46:42 | 000,000,878 | ---- | M] () RegCure Startup.job -> C:\WINDOWS\tasks\RegCure Startup.job -> [2010/02/20 12:46:40 | 000,000,376 | ---- | M] () SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/20 12:46:16 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/02/20 12:46:05 | 000,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/02/20 12:45:52 | 937,472,000 | -HS- | M] () rpcnetp.exe -> C:\WINDOWS\System32\rpcnetp.exe -> [2010/02/20 12:45:43 | 000,017,408 | ---- | M] () GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/02/20 12:35:00 | 000,000,882 | ---- | M] () OTS.exe -> C:\Documents and Settings\earl.DDZQW8F1\Desktop\OTS.exe -> [2010/02/20 11:59:38 | 000,632,320 | ---- | M] (OldTimer Tools) rkill.com -> C:\Documents and Settings\earl.DDZQW8F1\Desktop\rkill.com -> [2010/02/20 11:52:51 | 000,363,008 | ---- | M] () ntuser.dat -> C:\Documents and Settings\earl.DDZQW8F1\ntuser.dat -> [2010/02/20 10:47:56 | 006,815,744 | ---- | M] () incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/02/19 17:48:34 | 055,938,014 | ---- | M] () RegCure Program Check.job -> C:\WINDOWS\tasks\RegCure Program Check.job -> [2010/02/19 17:00:11 | 000,000,388 | ---- | M] () AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/02/19 11:34:06 | 000,000,284 | ---- | M] () d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/17 16:26:45 | 000,000,664 | ---- | M] () d3d8caps.dat -> C:\WINDOWS\System32\d3d8caps.dat -> [2010/02/17 16:26:45 | 000,000,552 | ---- | M] () kr_done1 -> C:\WINDOWS\System32\kr_done1 -> [2010/02/17 16:26:37 | 000,000,010 | ---- | M] () Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/02/15 11:38:02 | 000,001,915 | ---- | M] () atapi.sys -> C:\WINDOWS\System32\dllcache\atapi.sys -> [2010/02/15 11:20:52 | 000,096,512 | ---- | M] (Microsoft Corporation) RegCure.job -> C:\WINDOWS\tasks\RegCure.job -> [2010/02/11 03:22:02 | 000,000,370 | ---- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/02/07 16:29:01 | 000,002,206 | ---- | M] () Bpudevevukovik.dat -> C:\WINDOWS\Bpudevevukovik.dat -> [2010/01/29 16:36:52 | 000,000,120 | ---- | M] () RegCure.lnk -> C:\Documents and Settings\All Users\Desktop\RegCure.lnk -> [2010/01/29 13:16:14 | 000,000,738 | ---- | M] () Wtuxejefifinoh.bin -> C:\WINDOWS\Wtuxejefifinoh.bin -> [2010/01/29 07:11:33 | 000,000,000 | ---- | M] () wklnhst.dat -> C:\Documents and Settings\earl.DDZQW8F1\Application Data\wklnhst.dat -> [2010/01/27 13:36:06 | 000,003,514 | ---- | M] () avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2010/01/25 22:32:03 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2010/01/25 22:32:03 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) AVG Free 9.0.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk -> [2010/01/25 22:32:03 | 000,001,507 | ---- | M] () avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2010/01/25 22:31:57 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) iavichjw.avm -> C:\WINDOWS\System32\drivers\Avg\iavichjw.avm -> [2010/01/25 22:31:55 | 000,113,461 | ---- | M] () avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2010/01/25 22:31:55 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) avi7.avg -> C:\WINDOWS\System32\drivers\Avg\avi7.avg -> [2010/01/25 22:31:45 | 006,061,540 | ---- | M] () miniavi.avg -> C:\WINDOWS\System32\drivers\Avg\miniavi.avg -> [2010/01/25 22:31:45 | 000,492,629 | ---- | M] () microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2010/01/25 22:31:45 | 000,142,495 | ---- | M] () avg_free_stb_all_9_40_cnet.exe -> C:\Documents and Settings\earl.DDZQW8F1\Desktop\avg_free_stb_all_9_40_cnet.exe -> [2010/01/25 22:01:36 | 000,891,248 | ---- | M] (AVG Technologies) Upgrd.exe -> C:\WINDOWS\System32\Upgrd.exe -> [2010/01/25 21:26:08 | 000,013,160 | ---- | M] (Absolute Software Corp.) rpcnet.exe -> C:\WINDOWS\System32\rpcnet.exe -> [2010/01/25 21:26:04 | 000,056,680 | ---- | M] (Absolute Software Corp.) 93 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 86 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> 400 C:\Documents and Settings\earl.DDZQW8F1\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\earl.DDZQW8F1\Local Settings\Temp\*.tmp -> 400 C:\Documents and Settings\earl.DDZQW8F1\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\earl.DDZQW8F1\Local Settings\Temp\*.tmp -> 400 C:\Documents and Settings\earl.DDZQW8F1\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\earl.DDZQW8F1\Local Settings\Temp\*.tmp -> 381 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files - No Company Name] rkill.com -> C:\Documents and Settings\earl.DDZQW8F1\Desktop\rkill.com -> [2010/02/20 11:52:51 | 000,363,008 | ---- | C] () d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/17 16:26:45 | 000,000,664 | ---- | C] () d3d8caps.dat -> C:\WINDOWS\System32\d3d8caps.dat -> [2010/02/17 16:26:45 | 000,000,552 | ---- | C] () kr_done1 -> C:\WINDOWS\System32\kr_done1 -> [2010/02/17 16:26:37 | 000,000,010 | ---- | C] () Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/02/15 11:38:02 | 000,001,915 | ---- | C] () RegCure Program Check.job -> C:\WINDOWS\tasks\RegCure Program Check.job -> [2010/01/29 13:15:48 | 000,000,388 | ---- | C] () RegCure Startup.job -> C:\WINDOWS\tasks\RegCure Startup.job -> [2010/01/29 13:15:47 | 000,000,376 | ---- | C] () RegCure.job -> C:\WINDOWS\tasks\RegCure.job -> [2010/01/29 13:15:45 | 000,000,370 | ---- | C] () RegCure.lnk -> C:\Documents and Settings\All Users\Desktop\RegCure.lnk -> [2010/01/29 13:15:39 | 000,000,738 | ---- | C] () AVG Free 9.0.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk -> [2010/01/25 22:32:03 | 000,001,507 | ---- | C] () iavichjw.avm -> C:\WINDOWS\System32\drivers\Avg\iavichjw.avm -> [2010/01/25 22:31:55 | 000,113,461 | ---- | C] () incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/01/25 22:31:45 | 055,938,014 | ---- | C] () miniavi.avg -> C:\WINDOWS\System32\drivers\Avg\miniavi.avg -> [2010/01/25 22:31:45 | 000,492,629 | ---- | C] () microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2010/01/25 22:31:45 | 000,142,495 | ---- | C] () avi7.avg -> C:\WINDOWS\System32\drivers\Avg\avi7.avg -> [2010/01/25 22:31:44 | 006,061,540 | ---- | C] () MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2009/06/26 16:00:36 | 000,000,206 | ---- | C] () _000006_.tmp.dll -> C:\WINDOWS\_000006_.tmp.dll -> [2009/06/25 16:05:12 | 000,010,511 | ---- | C] () _000053_.tmp.dll -> C:\WINDOWS\_000053_.tmp.dll -> [2009/06/25 16:05:08 | 000,031,624 | ---- | C] () _000005_.tmp.dll -> C:\WINDOWS\_000005_.tmp.dll -> [2009/06/25 16:05:08 | 000,009,370 | ---- | C] () MTSTACK.INI -> C:\WINDOWS\MTSTACK.INI -> [2008/06/18 19:16:43 | 000,000,000 | ---- | C] () rpcnetp.dll -> C:\WINDOWS\System32\rpcnetp.dll -> [2008/01/05 09:19:28 | 000,017,408 | ---- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2007/12/09 23:14:16 | 000,000,061 | ---- | C] () ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/12/09 23:08:58 | 000,000,376 | ---- | C] () DLAAPI_W.DLL -> C:\WINDOWS\System32\DLAAPI_W.DLL -> [2007/12/09 22:59:31 | 000,056,056 | ---- | C] () wininit.ini -> C:\WINDOWS\wininit.ini -> [2007/12/09 22:59:31 | 000,000,120 | ---- | C] () preflib.dll -> C:\WINDOWS\System32\preflib.dll -> [2007/12/09 22:22:44 | 000,086,016 | ---- | C] () bcm1xsup.dll -> C:\WINDOWS\System32\bcm1xsup.dll -> [2007/12/09 22:22:40 | 000,757,760 | ---- | C] () OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2007/12/09 22:22:16 | 000,001,120 | ---- | C] () px.ini -> C:\WINDOWS\System32\px.ini -> [2006/11/07 12:25:58 | 000,000,000 | ---- | C] () CddbPlaylist2Roxio.dll -> C:\WINDOWS\System32\CddbPlaylist2Roxio.dll -> [2006/09/17 00:36:50 | 000,520,192 | ---- | C] () CddbFileTaggerRoxio.dll -> C:\WINDOWS\System32\CddbFileTaggerRoxio.dll -> [2006/09/17 00:36:50 | 000,204,800 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 13:58:52 | 000,030,808 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 13:53:56 | 000,026,489 | ---- | C] () GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 14:39:28 | 000,029,779 | ---- | C] () GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 14:39:28 | 000,026,040 | ---- | C] () orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 14:12:05 | 000,000,780 | ---- | C] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 14:01:18 | 000,001,793 | ---- | C] () [File - Lop Check] AVG Security Toolbar -> C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> [2010/01/25 23:37:43 | 000,000,000 | ---D | M] avg9 -> C:\Documents and Settings\All Users\Application Data\avg9 -> [2010/02/17 17:31:33 | 000,000,000 | ---D | M] Citrix -> C:\Documents and Settings\All Users\Application Data\Citrix -> [2009/06/26 16:58:30 | 000,000,000 | ---D | M] Go Go Gourmet -> C:\Documents and Settings\All Users\Application Data\Go Go Gourmet -> [2008/02/25 15:37:17 | 000,000,000 | ---D | M] PlayFirst -> C:\Documents and Settings\All Users\Application Data\PlayFirst -> [2008/01/21 12:53:31 | 000,000,000 | ---D | M] RegCure -> C:\Documents and Settings\All Users\Application Data\RegCure -> [2010/01/29 13:15:39 | 000,000,000 | ---D | M] SupportSoft -> C:\Documents and Settings\All Users\Application Data\SupportSoft -> [2007/12/09 23:06:18 | 000,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/04/28 19:15:41 | 000,000,000 | ---D | M] YAHOO -> C:\Documents and Settings\All Users\Application Data\YAHOO -> [2007/12/09 23:03:29 | 000,000,000 | ---D | M] {3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/12/30 18:34:56 | 000,000,000 | ---D | M] CallingID -> C:\Documents and Settings\carol\Application Data\CallingID -> [2010/01/04 16:47:34 | 000,000,000 | ---D | M] comcasttb -> C:\Documents and Settings\carol\Application Data\comcasttb -> [2009/12/29 15:17:47 | 000,000,000 | ---D | M] COMCASTTOOLBAR -> C:\Documents and Settings\carol\Application Data\COMCASTTOOLBAR -> [2009/11/23 20:51:40 | 000,000,000 | ---D | M] PlayFirst -> C:\Documents and Settings\carol\Application Data\PlayFirst -> [2008/01/21 12:53:31 | 000,000,000 | ---D | M] ComcastToolbar -> C:\Documents and Settings\earl\Application Data\ComcastToolbar -> [2008/12/10 19:11:02 | 000,000,000 | ---D | M] GARMIN -> C:\Documents and Settings\earl\Application Data\GARMIN -> [2008/01/16 17:51:48 | 000,000,000 | ---D | M] Template -> C:\Documents and Settings\earl\Application Data\Template -> [2008/02/03 19:09:05 | 000,000,000 | ---D | M] CallingID -> C:\Documents and Settings\earl.DDZQW8F1\Application Data\CallingID -> [2009/11/20 13:16:13 | 000,000,000 | ---D | M] comcasttb -> C:\Documents and Settings\earl.DDZQW8F1\Application Data\comcasttb -> [2009/11/20 13:15:16 | 000,000,000 | ---D | M] ComcastToolbar -> C:\Documents and Settings\earl.DDZQW8F1\Application Data\ComcastToolbar -> [2009/11/21 11:20:08 | 000,000,000 | ---D | M] Costco Photo Organizer -> C:\Documents and Settings\earl.DDZQW8F1\Application Data\Costco Photo Organizer -> [2009/12/03 19:50:05 | 000,000,000 | ---D | M] Costco Photo Viewer US -> C:\Documents and Settings\earl.DDZQW8F1\Application Data\Costco Photo Viewer US -> [2009/12/03 19:48:59 | 000,000,000 | ---D | M] GARMIN -> C:\Documents and Settings\earl.DDZQW8F1\Application Data\GARMIN -> [2009/05/20 20:45:18 | 000,000,000 | ---D | M] CallingID -> C:\Documents and Settings\NetworkService\Application Data\CallingID -> [2010/02/20 10:38:42 | 000,000,000 | ---D | M] comcasttb -> C:\Documents and Settings\NetworkService\Application Data\comcasttb -> [2010/02/20 10:41:24 | 000,000,000 | ---D | M] COMCASTTOOLBAR -> C:\Documents and Settings\NetworkService\Application Data\COMCASTTOOLBAR -> [2010/02/20 11:09:04 | 000,000,000 | ---D | M] RegCure Program Check.job -> C:\WINDOWS\Tasks\RegCure Program Check.job -> [2010/02/19 17:00:11 | 000,000,388 | ---- | M] () RegCure Startup.job -> C:\WINDOWS\Tasks\RegCure Startup.job -> [2010/02/20 12:46:40 | 000,000,376 | ---- | M] () RegCure.job -> C:\WINDOWS\Tasks\RegCure.job -> [2010/02/11 03:22:02 | 000,000,370 | ---- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > < MD5 Scans Start> < %systemdrive%\AGP440.SYS /md5 /s > AGP440.sys : .cab file -> C:\i386\sp2.cab:AGP440.sys -> [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys -> [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys -> [2008/10/27 16:16:43 | 023,852,652 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2008/10/27 16:16:43 | 023,852,652 | ---- | M] () agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\ServicePackFiles\i386\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\system32\dllcache\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\system32\drivers\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) AGP440.SYS : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\i386\AGP440.SYS -> [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys -> [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) < %systemdrive%\ATAPI.SYS /md5 /s > atapi.sys : .cab file -> C:\i386\sp2.cab:atapi.sys -> [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys -> [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys -> [2008/10/27 16:16:43 | 023,852,652 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2008/10/27 16:16:43 | 023,852,652 | ---- | M] () atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ServicePackFiles\i386\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\system32\dllcache\atapi.sys -> [2010/02/15 11:20:52 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\system32\drivers\atapi.sys -> [2010/02/15 11:20:52 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\i386\atapi.sys -> [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -> [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) < %systemdrive%\EVENTLOG.DLL /md5 /s > eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\system32\dllcache\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\system32\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\i386\eventlog.dll -> [2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -> [2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) < %systemdrive%\NETLOGON.DLL /md5 /s > netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\system32\dllcache\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\system32\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\i386\netlogon.dll -> [2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -> [2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) < %systemdrive%\SCECLI.DLL /md5 /s > scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\i386\scecli.dll -> [2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -> [2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ServicePackFiles\i386\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\system32\dllcache\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\system32\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > Restore point Set: OTS Restore Point (0) < %systemroot%\system32\*.dll /lockedfiles > dxtmsft.dll : Unable to obtain MD5 -> C:\WINDOWS\system32\dxtmsft.dll -> [2009/08/29 02:36:24 | 000,347,136 | ---- | M] (Microsoft Corporation) dxtrans.dll : Unable to obtain MD5 -> C:\WINDOWS\system32\dxtrans.dll -> [2009/08/29 02:36:24 | 000,214,528 | ---- | M] (Microsoft Corporation) 93 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > default.sav -> C:\WINDOWS\system32\config\default.sav -> [2004/08/10 13:56:48 | 000,094,208 | ---- | M] () software.sav -> C:\WINDOWS\system32\config\software.sav -> [2004/08/10 13:56:46 | 000,634,880 | ---- | M] () system.sav -> C:\WINDOWS\system32\config\system.sav -> [2004/08/10 13:56:46 | 000,872,448 | ---- | M] () [Alternate Data Streams] @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39 < End of report > [/code]