[code] OTS logfile created on: 22/03/2011 20:37:56 - Run 2 OTS by OldTimer - Version 3.1.42.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 179.56 Gb Total Space | 140.27 Gb Free Space | 78.12% Space Free | Partition Type: NTFS Drive D: | 6.73 Gb Total Space | 0.66 Gb Free Space | 9.79% Space Free | Partition Type: FAT32 Drive E: | 557.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OLLY Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Quick Scan [Processes - Safe List] ots.exe -> C:\Documents and Settings\HP_Administrator\Desktop\OTS.exe -> [2011/03/21 19:07:49 | 000,645,632 | ---- | M] (OldTimer Tools) msseces.exe -> C:\Program Files\Microsoft Security Client\msseces.exe -> [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) msmpeng.exe -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2010/02/16 12:49:15 | 000,198,160 | ---- | M] (RealNetworks, Inc.) affinegyservice.exe -> C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -> [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) symlcsvc.exe -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/01/23 22:51:32 | 001,251,720 | ---- | M] () wg111v3.exe -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe -> [2007/09/12 15:14:42 | 001,527,808 | ---- | M] () apdproxy.exe -> C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) dmascheduler.exe -> C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe -> [2006/04/13 01:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) ssaad.exe -> C:\Program Files\Sony\SonicStage\SSAAD.exe -> [2006/01/07 01:36:10 | 000,081,920 | ---- | M] () jusched.exe -> C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe -> [2005/11/10 12:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) arpwrmsg.exe -> C:\WINDOWS\arpwrmsg.exe -> [2005/08/02 15:19:16 | 000,077,312 | ---- | M] (Microsoft) arservice.exe -> C:\WINDOWS\arservice.exe -> [2005/08/02 15:19:16 | 000,058,880 | ---- | M] (Microsoft) [Modules - Safe List] ots.exe -> C:\Documents and Settings\HP_Administrator\Desktop\OTS.exe -> [2011/03/21 19:07:49 | 000,645,632 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Auto | Stopped] -> -> File not found (MSIServer) Windows Installer [Disabled | Stopped] -> -> File not found (HidServ) Human Interface Device Access [Disabled | Stopped] -> -> File not found (gupdate) Google Update Service (gupdate) [Auto | Stopped] -> -> File not found (MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) (StumbleUponUpdateService) StumbleUponUpdateService [On_Demand | Stopped] -> C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -> [2010/03/25 20:21:24 | 000,120,232 | ---- | M] (stumbleupon.com) (SolidWorks Licensing Service) SolidWorks Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -> [2010/03/12 18:14:40 | 000,079,360 | ---- | M] (SolidWorks) (sdCoreService) PC Tools Security Service [On_Demand | Stopped] -> C:\Program Files\Spyware Doctor\pctsSvc.exe -> [2009/08/24 17:49:12 | 001,097,096 | ---- | M] (PC Tools) (ThreatFire) ThreatFire [On_Demand | Stopped] -> C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -> [2009/03/31 10:23:06 | 000,070,944 | ---- | M] (PC Tools) (sdAuxService) PC Tools Auxiliary Service [On_Demand | Stopped] -> C:\Program Files\Spyware Doctor\pctsAuxs.exe -> [2009/01/07 11:40:56 | 000,348,752 | ---- | M] (PC Tools) (AffinegyService) AffinegyService [Auto | Running] -> C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -> [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) (Symantec Core LC) Symantec Core LC [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/01/23 22:51:32 | 001,251,720 | ---- | M] () (WinDefend) Windows Defender [Auto | Stopped] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) (SSScsiSV) SonicStage SCSI Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -> [2006/01/06 21:25:12 | 000,069,632 | ---- | M] (Sony Corporation) (MSCSPTISRV) MSCSPTISRV [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -> [2005/11/24 16:03:22 | 000,053,337 | ---- | M] (Sony Corporation) (PACSPTISVR) PACSPTISVR [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -> [2005/11/24 15:57:44 | 000,053,337 | ---- | M] (Sony Corporation) (SPTISRV) Sony SPTI Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -> [2005/11/24 15:47:30 | 000,069,718 | ---- | M] (Sony Corporation) (ARSVC) ARSVC [Auto | Running] -> C:\WINDOWS\arservice.exe -> [2005/08/02 15:19:16 | 000,058,880 | ---- | M] (Microsoft) [Driver Services - Safe List] (MpKsl7a8c3fc5) MpKsl7a8c3fc5 [Kernel | System | Running] -> c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85931F55-8E0A-440E-AB93-65B75740E157}\MpKsl7a8c3fc5.sys -> [2011/03/22 18:52:23 | 000,028,752 | ---- | M] (Microsoft Corporation) (PCTCore) PCTools KDS [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\PCTCore.sys -> [2009/11/24 19:25:44 | 000,206,256 | ---- | M] (PC Tools) (TfSysMon) TfSysMon [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\TfSysMon.sys -> [2009/03/31 10:23:26 | 000,039,200 | ---- | M] (PC Tools) (TfNetMon) TfNetMon [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\TfNetMon.sys -> [2009/03/31 10:23:24 | 000,033,056 | ---- | M] (PC Tools) (TfFsMon) TfFsMon [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\TfFsMon.sys -> [2009/03/31 10:23:20 | 000,051,488 | ---- | M] (PC Tools) (pctgntdi) pctgntdi [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\pctgntdi.sys -> [2008/12/11 07:38:22 | 000,159,600 | ---- | M] (PC Tools) (pctplsg) pctplsg [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pctplsg.sys -> [2008/12/10 10:36:04 | 000,064,392 | ---- | M] (PC Tools) (AFGSp50) AFGSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\AFGSp50.sys -> [2008/05/26 16:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (USB_RNDIS) USB Remote NDIS Network Device Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usb8023.sys -> [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) (RTL8187B) NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wg111v3.sys -> [2007/12/28 20:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) (RTLWUSB) Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8187.sys -> [2007/01/11 10:20:06 | 000,194,304 | R--- | M] (Realtek Semiconductor Corporation ) (symlcbrd) symlcbrd [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\symlcbrd.sys -> [2006/10/23 10:15:07 | 000,010,344 | ---- | M] (Symantec Corporation) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2006/07/24 16:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2006/04/04 21:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) (MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRENDIS5.sys -> [2006/03/24 16:53:07 | 000,018,003 | ---- | M] (Motive, Inc.) (RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtnicxp.sys -> [2006/02/27 05:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) (Ps2) Ps2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\PS2.sys -> [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> HKEY_USERS\.DEFAULT\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-18\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\] > -> -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\: Main\\"SearchMigratedDefaultName" -> Google -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\: Main\\"Start Page" -> http://community.tes.co.uk/forums/31.aspx -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\: SearchURL\\"" -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\: "ProxyOverride" -> *.local -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739} -> C:\PROGRAM FILES\SITEADVISOR\FF1\ [C:\PROGRAM FILES\SITEADVISOR\FF1\] -> [2009/05/30 13:35:20 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> < HOSTS File > ([2011/03/16 23:16:41 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} [HKLM] -> C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [StumbleUpon Launcher] -> [2010/03/25 20:21:24 | 001,283,472 | ---- | M] (stumbleupon.com) {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2010/02/16 12:51:00 | 000,329,312 | ---- | M] (RealPlayer) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{5093EB4C-3E93-40AB-9266-B607BA87BDC8}" [HKLM] -> C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [StumbleUpon Toolbar] -> [2010/03/25 20:21:24 | 001,283,472 | ---- | M] (stumbleupon.com) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) "AlwaysReady Power Message APP" -> C:\WINDOWS\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/02 15:19:16 | 000,077,312 | ---- | M] (Microsoft) "DMAScheduler" -> c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe ["c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"] -> [2006/04/13 01:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) "ftutil2" -> C:\WINDOWS\System32\ftutil2.dll [rundll32.exe ftutil2.dll,SetWriteCacheMode] -> [2004/06/07 06:05:38 | 000,106,496 | ---- | M] (Promise Technology, Inc.) "HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/15 14:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) "MSC" -> c:\Program Files\Microsoft Security Client\msseces.exe ["c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) "Recguard" -> C:\WINDOWS\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/22 14:14:00 | 000,237,568 | ---- | M] () "SsAAD.exe" -> C:\Program Files\Sony\SonicStage\SSAAD.exe [C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe] -> [2006/01/07 01:36:10 | 000,081,920 | ---- | M] () "TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2010/02/16 12:49:15 | 000,198,160 | ---- | M] (RealNetworks, Inc.) "Wireless Manager" -> C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe ["C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup] -> [2008/05/26 16:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe -> [2007/09/12 15:14:42 | 001,527,808 | ---- | M] () < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 00:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.) C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 00:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.) < HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007] > -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Policies\Microsoft\Internet Explorer\Recovery \Recovery\\"NoReopenLastSession" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDrives" -> [0] -> File not found \\"NoCDBurning" -> [0] -> File not found \\"HonorAutoRunSetting" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/09 18:39:00 | 001,347,728 | ---- | M] (Microsoft) \\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/27 17:03:28 | 000,001,293 | ---- | M] () < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007] > -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007] > -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\] > -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\Software\Microsoft\Internet Explorer\MenuExt\ -> StumbleUpon PhotoBlog It! -> [res://StumbleUponIEBar.dll/blogimage] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll [Menu: Sun Java Console] -> [2008/02/22 04:25:19 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) {E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Connection Help] -> [2008/10/11 14:13:39 | 000,000,706 | ---- | M] () {E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Connection Help] -> [2008/10/11 14:13:39 | 000,000,706 | ---- | M] () < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Connection Help] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Connection Help] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\] > -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\] > -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2228557363-1226132215-2784982647-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3C5DD490-121D-473B-AB63-58109E2EFD16}\\DhcpNameServer -> 192.168.1.1 (Voyager 220V USB Remote NDIS Device) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2006/04/04 21:53:40 | 000,061,440 | ---- | M] (ATI Technologies Inc.) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" -> C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe [C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager] -> [2008/05/26 16:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4] -> [2006/03/30 11:51:12 | 011,747,976 | ---- | M] (Firaxis Games) "C:\Program Files\Spotify\spotify.exe" -> C:\Program Files\Spotify\spotify.exe [C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify] -> [2010/12/17 19:34:01 | 003,982,928 | ---- | M] (Spotify Ltd) "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" -> C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe [C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager] -> [2008/05/26 16:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) "E:\Autorun.exe" -> E:\Autorun.exe [E:\Autorun.exe:*:Enabled:CD navigator] -> [2005/06/06 20:47:44 | 000,884,736 | R--- | M] (FIRAXIS Games, Inc.) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2005/10/10 08:20:36 | 000,000,000 | ---- | M] () D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () E:\autorun.exe [MZ | ] -> E:\autorun.exe [ CDFS ] -> [2005/06/06 20:47:44 | 000,884,736 | R--- | M] (FIRAXIS Games, Inc.) E:\autorun.inf [[autorun] | OPEN=autorun.exe | icon=autorun.exe,0 | ] -> E:\autorun.inf [ CDFS ] -> [2004/08/04 16:53:20 | 000,000,049 | R--- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 30 Days] _OTS -> C:\_OTS -> [2011/03/22 20:27:02 | 000,000,000 | ---D | C] OTS.exe -> C:\Documents and Settings\HP_Administrator\Desktop\OTS.exe -> [2011/03/21 19:07:38 | 000,645,632 | ---- | C] (OldTimer Tools) PIF -> C:\WINDOWS\PIF -> [2011/03/19 21:30:59 | 000,000,000 | -H-D | C] setup_9.0.0.722_19.03.2011_16-06.exe -> C:\Documents and Settings\HP_Administrator\Desktop\setup_9.0.0.722_19.03.2011_16-06.exe -> [2011/03/19 17:59:19 | 095,524,232 | ---- | C] ( ) Kaspersky Lab Setup Files -> C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files -> [2011/03/19 17:45:22 | 000,000,000 | ---D | C] kav9.0.0.736en.exe -> C:\Documents and Settings\HP_Administrator\Desktop\kav9.0.0.736en.exe -> [2011/03/19 17:44:43 | 069,870,696 | ---- | C] (Kaspersky Lab) RECYCLER -> C:\RECYCLER -> [2011/03/17 19:14:41 | 000,000,000 | -HSD | C] cmdcons -> C:\cmdcons -> [2011/03/16 23:03:39 | 000,000,000 | RHSD | C] SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2011/03/16 22:52:27 | 000,212,480 | ---- | C] (SteelWerX) aswMBR.exe -> C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe -> [2011/03/16 22:09:33 | 000,566,272 | ---- | C] (AVAST Software) _OTL -> C:\_OTL -> [2011/03/15 22:10:52 | 000,000,000 | ---D | C] OTL.exe -> C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe -> [2011/03/15 18:51:03 | 000,580,608 | ---- | C] (OldTimer Tools) _OTM -> C:\_OTM -> [2011/03/15 18:21:53 | 000,000,000 | ---D | C] TfSysMon.sys -> C:\WINDOWS\System32\drivers\TfSysMon.sys -> [2011/03/13 11:14:53 | 000,039,200 | ---- | C] (PC Tools) TfNetMon.sys -> C:\WINDOWS\System32\drivers\TfNetMon.sys -> [2011/03/13 11:14:53 | 000,033,056 | ---- | C] (PC Tools) TfKbMon.sys -> C:\WINDOWS\System32\drivers\TfKbMon.sys -> [2011/03/13 11:14:53 | 000,012,576 | ---- | C] (PC Tools) TfFsMon.sys -> C:\WINDOWS\System32\drivers\TfFsMon.sys -> [2011/03/13 11:14:52 | 000,051,488 | ---- | C] (PC Tools) PC Tools -> C:\Documents and Settings\All Users\Application Data\PC Tools -> [2011/03/12 20:33:19 | 000,000,000 | ---D | C] XoftSpySE -> C:\Documents and Settings\All Users\Application Data\XoftSpySE -> [2011/03/11 21:26:25 | 000,000,000 | ---D | C] Microsoft Security Client -> C:\Program Files\Microsoft Security Client -> [2011/03/08 19:24:32 | 000,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes -> [2011/03/07 21:58:46 | 000,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2011/03/07 21:58:37 | 000,000,000 | ---D | C] RandFont.dll -> C:\WINDOWS\Fonts\RandFont.dll -> [2006/02/19 02:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files/Folders - Modified Within 30 Days] hpsysdrv.DAT -> C:\WINDOWS\System\hpsysdrv.DAT -> [2011/03/22 20:30:13 | 000,000,188 | ---- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/03/22 20:29:27 | 000,002,206 | ---- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/03/22 20:28:38 | 2079,772,672 | -HS- | M] () OTS.exe -> C:\Documents and Settings\HP_Administrator\Desktop\OTS.exe -> [2011/03/21 19:07:49 | 000,645,632 | ---- | M] (OldTimer Tools) d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/03/21 18:39:30 | 000,000,664 | ---- | M] () setup_9.0.0.722_19.03.2011_16-06.exe -> C:\Documents and Settings\HP_Administrator\Desktop\setup_9.0.0.722_19.03.2011_16-06.exe -> [2011/03/19 17:59:54 | 095,524,232 | ---- | M] ( ) kav9.0.0.736en.exe -> C:\Documents and Settings\HP_Administrator\Desktop\kav9.0.0.736en.exe -> [2011/03/19 17:44:53 | 069,870,696 | ---- | M] (Kaspersky Lab) setup_9.0.0.722_18.03.2011_20-05drv.spi -> C:\WINDOWS\setup_9.0.0.722_18.03.2011_20-05drv.spi -> [2011/03/18 19:50:44 | 000,000,444 | -HS- | M] () setup_9.0.0.722_17.03.2011_22-06drv.spi -> C:\WINDOWS\setup_9.0.0.722_17.03.2011_22-06drv.spi -> [2011/03/17 22:04:31 | 000,000,652 | -HS- | M] () hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/03/16 23:16:41 | 000,000,027 | ---- | M] () boot.ini -> C:\boot.ini -> [2011/03/16 23:03:44 | 000,000,325 | RHS- | M] () ComboFix.exe -> C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe -> [2011/03/16 22:34:09 | 004,288,660 | R--- | M] () aswMBR.exe -> C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe -> [2011/03/16 22:09:46 | 000,566,272 | ---- | M] (AVAST Software) imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/03/16 16:42:03 | 000,001,374 | ---- | M] () OTL.exe -> C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe -> [2011/03/15 18:51:09 | 000,580,608 | ---- | M] (OldTimer Tools) avinstall[1].exe -> C:\Documents and Settings\HP_Administrator\Desktop\avinstall[1].exe -> [2011/03/12 20:33:18 | 000,513,008 | ---- | M] () epplauncher.mif -> C:\WINDOWS\epplauncher.mif -> [2011/03/08 19:25:35 | 000,001,945 | ---- | M] () Launch Microsoft Office Outlook.lnk -> C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk -> [2011/02/26 14:58:34 | 000,000,803 | ---- | M] () FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/02/25 19:23:49 | 000,216,064 | ---- | M] () 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 11 C:\Documents and Settings\HP_Administrator\Local Settings\temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\temp\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files - No Company Name] setup_9.0.0.722_18.03.2011_20-05drv.spi -> C:\WINDOWS\setup_9.0.0.722_18.03.2011_20-05drv.spi -> [2011/03/18 19:49:28 | 000,000,444 | -HS- | C] () setup_9.0.0.722_17.03.2011_22-06drv.spi -> C:\WINDOWS\setup_9.0.0.722_17.03.2011_22-06drv.spi -> [2011/03/17 20:24:55 | 000,000,652 | -HS- | C] () PEV.exe -> C:\WINDOWS\PEV.exe -> [2011/03/16 22:52:27 | 000,256,512 | ---- | C] () MBR.exe -> C:\WINDOWS\MBR.exe -> [2011/03/16 22:52:27 | 000,089,088 | ---- | C] () ComboFix.exe -> C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe -> [2011/03/16 22:33:51 | 004,288,660 | R--- | C] () hiberfil.sys -> C:\hiberfil.sys -> [2011/03/13 15:10:08 | 2079,772,672 | -HS- | C] () avinstall[1].exe -> C:\Documents and Settings\HP_Administrator\Desktop\avinstall[1].exe -> [2011/03/12 20:33:19 | 000,513,008 | ---- | C] () epplauncher.mif -> C:\WINDOWS\epplauncher.mif -> [2011/03/08 19:25:35 | 000,001,945 | ---- | C] () Microsoft Security Essentials.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk -> [2011/03/08 19:24:52 | 000,001,691 | ---- | C] () d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/03/08 19:02:05 | 000,000,664 | ---- | C] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/03/07 23:31:02 | 000,002,206 | ---- | C] () eDrawingOfficeAutomator.INI -> C:\WINDOWS\eDrawingOfficeAutomator.INI -> [2010/03/12 18:14:44 | 000,000,000 | ---- | C] () housecall.guid.cache -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\housecall.guid.cache -> [2009/07/25 16:13:48 | 000,000,036 | ---- | C] () sed.exe -> C:\WINDOWS\sed.exe -> [2009/04/29 20:35:58 | 000,098,816 | ---- | C] () grep.exe -> C:\WINDOWS\grep.exe -> [2009/04/29 20:35:58 | 000,080,412 | ---- | C] () zip.exe -> C:\WINDOWS\zip.exe -> [2009/04/29 20:35:58 | 000,068,096 | ---- | C] () Tiny_Run.ini -> C:\WINDOWS\Tiny_Run.ini -> [2008/04/27 19:02:00 | 000,000,034 | ---- | C] () cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2008/03/06 00:26:17 | 000,000,025 | ---- | C] () QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2007/08/14 09:13:50 | 000,001,751 | ---- | C] () YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2007/04/21 09:46:06 | 000,065,536 | ---- | C] () wklnhst.dat -> C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat -> [2007/03/14 22:59:57 | 000,001,276 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/02/17 15:48:37 | 000,116,736 | ---- | C] () avgas-setup-7.5.0.50.exe -> C:\Program Files\avgas-setup-7.5.0.50.exe -> [2007/02/17 14:25:29 | 006,469,352 | ---- | C] () ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/02/17 12:44:57 | 000,000,504 | ---- | C] () jautoexp.dat -> C:\WINDOWS\jautoexp.dat -> [2007/02/17 11:07:34 | 000,006,550 | ---- | C] () fusioncache.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat -> [2007/02/17 10:50:34 | 000,000,139 | ---- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/10/23 10:26:53 | 000,000,061 | ---- | C] () USBkey.sys -> C:\WINDOWS\System32\drivers\USBkey.sys -> [2006/10/23 10:05:08 | 000,028,848 | ---- | C] () CHODDI.SYS -> C:\WINDOWS\System32\CHODDI.SYS -> [2006/10/23 10:00:38 | 000,014,309 | ---- | C] () hpreg.dll -> C:\WINDOWS\System32\hpreg.dll -> [2006/10/23 10:00:33 | 000,045,056 | ---- | C] () WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2006/10/23 09:52:43 | 000,000,157 | ---- | C] () hpqins69.dat -> C:\WINDOWS\hpqins69.dat -> [2006/10/23 09:47:41 | 000,095,822 | ---- | C] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2006/10/23 09:46:41 | 000,001,793 | ---- | C] () atiicdxx.dat -> C:\WINDOWS\System32\atiicdxx.dat -> [2006/10/23 09:43:29 | 000,125,796 | ---- | C] () orun32.ini -> C:\WINDOWS\orun32.ini -> [2006/10/23 09:25:56 | 000,000,791 | ---- | C] () pythoncom22.dll -> C:\WINDOWS\System32\pythoncom22.dll -> [2006/10/23 09:18:01 | 000,323,584 | ---- | C] () pywintypes22.dll -> C:\WINDOWS\System32\pywintypes22.dll -> [2006/10/23 09:18:01 | 000,094,208 | ---- | C] () bcbmm.dll -> C:\WINDOWS\System32\bcbmm.dll -> [2006/10/23 09:17:41 | 000,016,896 | ---- | C] () px.ini -> C:\WINDOWS\System32\px.ini -> [2006/06/16 11:58:18 | 000,000,000 | ---- | C] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2005/10/10 08:27:46 | 000,445,370 | ---- | C] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2005/10/10 08:27:46 | 000,072,576 | ---- | C] () FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2005/10/10 08:25:26 | 000,216,064 | ---- | C] () ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2005/10/10 08:20:06 | 000,004,161 | ---- | C] () emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2005/10/10 08:15:30 | 000,021,640 | ---- | C] () psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 13:01:54 | 000,235,008 | ---- | C] () armcex.dll -> C:\WINDOWS\armcex.dll -> [2005/08/02 15:19:16 | 000,050,176 | ---- | C] () secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/08/10 04:00:00 | 000,004,569 | ---- | C] () mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2004/08/09 21:00:00 | 000,673,088 | ---- | C] () sbe(2).dll -> C:\WINDOWS\System32\sbe(2).dll -> [2004/08/09 21:00:00 | 000,282,112 | ---- | C] () perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2004/08/09 21:00:00 | 000,272,128 | ---- | C] () dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2004/08/09 21:00:00 | 000,218,003 | ---- | C] () mib.bin -> C:\WINDOWS\System32\mib.bin -> [2004/08/09 21:00:00 | 000,046,258 | ---- | C] () perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2004/08/09 21:00:00 | 000,028,626 | ---- | C] () dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2004/08/09 21:00:00 | 000,001,804 | ---- | C] () noise.dat -> C:\WINDOWS\System32\noise.dat -> [2004/08/09 21:00:00 | 000,000,741 | ---- | C] () oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/07/08 13:37:36 | 000,000,567 | ---- | C] () OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2001/08/23 08:12:28 | 013,107,200 | ---- | C] () oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2001/08/23 08:11:02 | 000,004,490 | ---- | C] () [File - Lop Check] AVG10 -> C:\Documents and Settings\All Users\Application Data\AVG10 -> [2011/03/18 20:00:21 | 000,000,000 | ---D | M] avg9 -> C:\Documents and Settings\All Users\Application Data\avg9 -> [2010/12/04 19:25:41 | 000,000,000 | ---D | M] Common Files -> C:\Documents and Settings\All Users\Application Data\Common Files -> [2010/12/04 20:24:32 | 000,000,000 | -H-D | M] DassaultSystemes -> C:\Documents and Settings\All Users\Application Data\DassaultSystemes -> [2010/03/12 18:15:25 | 000,000,000 | ---D | M] FirstClass -> C:\Documents and Settings\All Users\Application Data\FirstClass -> [2009/07/22 15:12:32 | 000,000,000 | ---D | M] Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [2008/08/01 20:47:33 | 000,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2011/03/22 20:25:34 | 000,000,000 | ---D | M] {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/10/24 17:25:39 | 000,000,000 | ---D | M] {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2010/02/18 09:55:50 | 000,000,000 | ---D | M] SACore -> C:\Documents and Settings\LocalService\Application Data\SACore -> [2009/05/31 08:25:31 | 000,000,000 | ---D | M] [File - Purity Scan] [Alternate Data Streams] @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > [/code]