[code] OTS logfile created on: 4/30/2011 4:46:26 PM - Run 1 OTS by OldTimer - Version 3.1.42.0 Folder = C:\Documents and Settings\Jamie Heinemann\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 443.00 Mb Available Physical Memory | 43.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 34.29 Gb Total Space | 12.61 Gb Free Space | 36.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MOBILEBEAST Current User Name: Jamie Heinemann Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\OTS.exe -> [2011/04/30 16:42:54 | 000,645,632 | ---- | M] (OldTimer Tools) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) vptray.exe -> C:\Program Files\Symantec AntiVirus\VPTray.exe -> [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) rtvscan.exe -> C:\Program Files\Symantec AntiVirus\Rtvscan.exe -> [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) defwatch.exe -> C:\Program Files\Symantec AntiVirus\DefWatch.exe -> [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) ccsetmgr.exe -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) ccevtmgr.exe -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) spbbcsvc.exe -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -> [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) tctrliohook.exe -> C:\WINDOWS\system32\TCtrlIOHook.exe -> [2005/01/24 16:51:28 | 000,028,672 | ---- | M] (TOSHIBA) tduphook.exe -> C:\WINDOWS\system32\TDuPHook.exe -> [2004/12/25 22:11:52 | 000,020,480 | ---- | M] () baysrvis.exe -> C:\Program Files\Toshiba\Bay Service\BaySrvis.exe -> [2004/12/15 20:07:30 | 000,110,592 | ---- | M] (Dritek System Inc.) fnkeyhook.exe -> C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe -> [2004/12/07 08:24:38 | 000,024,576 | ---- | M] (TOSHIBA) tmerzctl.exe -> C:\Program Files\Toshiba\TME3\TMERzCtl.exe -> [2004/12/07 00:54:28 | 000,081,920 | ---- | M] (TOSHIBA) tmeejme.exe -> C:\Program Files\Toshiba\TME3\TMEEJME.exe -> [2004/12/07 00:52:46 | 000,077,824 | ---- | M] (TOSHIBA) ceekey.exe -> C:\Program Files\Toshiba\E-KEY\CeEKey.exe -> [2004/11/29 12:10:22 | 000,667,648 | ---- | M] (COMPAL ELECTRONIC INC.) tmesrv31.exe -> C:\Program Files\Toshiba\TME3\TMESRV31.exe -> [2004/11/11 13:43:56 | 000,126,976 | ---- | M] (TOSHIBA) plbkmon.exe -> C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe -> [2004/11/11 10:37:28 | 000,090,112 | R--- | M] (Prolific Technology Inc.) cfsvcs.exe -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2004/11/10 14:14:08 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) tfncky.exe -> C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe -> [2004/10/25 18:23:10 | 000,114,688 | ---- | M] (TOSHIBA Corporation) ifrmewrk.exe -> C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe -> [2004/10/15 13:27:56 | 000,385,024 | ---- | M] (Intel Corporation) zcfgsvc.exe -> C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe -> [2004/10/15 13:27:38 | 000,389,120 | ---- | M] (Intel Corporation) 1xconfig.exe -> C:\Program Files\Intel\Wireless\Bin\1XConfig.exe -> [2004/10/15 13:23:12 | 000,245,760 | ---- | M] (Intel) smoothview.exe -> C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> [2004/09/15 18:03:08 | 000,135,168 | ---- | M] (TOSHIBA Corporation) zoominghook.exe -> C:\WINDOWS\system32\ZoomingHook.exe -> [2004/07/14 19:07:32 | 000,024,576 | ---- | M] (TOSHIBA) tpsbattm.exe -> C:\WINDOWS\system32\TPSBattM.exe -> [2004/06/01 23:43:10 | 000,045,056 | ---- | M] (TOSHIBA Corporation) swupdtmr.exe -> c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () kmw_run.exe -> C:\WINDOWS\system32\kmw_run.exe -> [2003/12/01 09:39:18 | 000,106,496 | ---- | M] (Kensington Technology Group) kmw_show.exe -> C:\WINDOWS\system32\kmw_show.exe -> [2003/12/01 09:38:08 | 000,172,032 | ---- | M] () tedtray.exe -> C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe -> [2003/11/11 22:19:04 | 000,159,744 | ---- | M] (TOSHIBA) toscdspd.exe -> C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe -> [2003/09/05 06:24:46 | 000,065,536 | ---- | M] (TOSHIBA) hotfixq0306270.exe -> C:\WINDOWS\system32\HotFixQ0306270.exe -> [2003/08/05 02:43:04 | 000,045,056 | R--- | M] (Prolific Technology Inc.) dvdramsv.exe -> C:\WINDOWS\system32\DVDRAMSV.exe -> [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Modules - Safe List] ots.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\OTS.exe -> [2011/04/30 16:42:54 | 000,645,632 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) ntvdm.exe -> C:\WINDOWS\system32\ntvdm.exe -> [2008/04/13 19:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) wow32.dll -> C:\WINDOWS\system32\wow32.dll -> [2008/04/13 19:12:10 | 000,264,192 | ---- | M] (Microsoft Corporation) tsappcmp.dll -> C:\WINDOWS\system32\tsappcmp.dll -> [2004/08/04 07:00:00 | 000,052,224 | ---- | M] (Microsoft Corporation) kmw_dll.dll -> C:\WINDOWS\system32\kmw_dll.dll -> [2003/12/01 09:38:50 | 000,110,592 | ---- | M] (Kensington Technology Group) [Win32 Services - Safe List] (PEVSystemStart) PEVSystemStart [Auto | Stopped] -> -> File not found (WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) (SavRoam) SavRoam [On_Demand | Stopped] -> C:\Program Files\Symantec AntiVirus\SavRoam.exe -> [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) (Symantec AntiVirus) Symantec AntiVirus [Auto | Running] -> C:\Program Files\Symantec AntiVirus\Rtvscan.exe -> [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) (DefWatch) Symantec AntiVirus Definition Watcher [Auto | Running] -> C:\Program Files\Symantec AntiVirus\DefWatch.exe -> [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) (LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -> [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) (SNDSrvc) Symantec Network Drivers Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) (ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) (ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) (SPBBCSvc) Symantec SPBBCSvc [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -> [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) (Tmesrv) Tmesrv3 [Auto | Running] -> C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -> [2004/11/11 13:43:56 | 000,126,976 | ---- | M] (TOSHIBA) (CFSvcs) ConfigFree Service [Auto | Running] -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2004/11/10 14:14:08 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) (Swupdtmr) Swupdtmr [Auto | Running] -> c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [2004/05/13 16:46:02 | 000,053,248 | ---- | M] () (DVD-RAM_Service) DVD-RAM_Service [Auto | Running] -> C:\WINDOWS\system32\DVDRAMSV.exe -> [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Driver Services - Safe List] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\NAVEX15.SYS -> [2011/04/18 03:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) (NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\NAVENG.SYS -> [2011/04/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2010/05/29 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2010/05/29 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) (usb_rndis) USB Remote NDIS Device Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usb8023.sys -> [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaudio.sys -> [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) (SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Program Files\Symantec\SYMEVENT.SYS -> [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) (SAVRT) SAVRT [Kernel | System | Running] -> C:\Program Files\Symantec AntiVirus\savrt.sys -> [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> C:\Program Files\Symantec AntiVirus\Savrtpel.sys -> [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) (SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS -> [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -> [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) (usbsermpt) Motorola USB Modem Driver for MPT [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbsermpt.sys -> [2006/03/20 07:33:11 | 000,022,768 | ---- | M] (Microsoft Corporation) (ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2005/01/08 16:52:16 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) (DritekPortIO) Dritek General Port I/O [Kernel | Auto | Running] -> C:\Program Files\Toshiba\Bay Service\DPortIO.sys -> [2004/12/15 17:22:08 | 000,010,240 | ---- | M] (Dritek System Inc.) (TPwSav) Toshiba Power Saver Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TPwSav.sys -> [2004/12/14 05:29:28 | 000,016,128 | ---- | M] (TOSHIBA ) (SPCtl) TOSHIBA Supervisor Password [Kernel | System | Running] -> C:\Program Files\Toshiba\Windows Utilities\spDispatch.sys -> [2004/12/11 17:12:00 | 000,006,144 | ---- | M] (TOSHIBA ) (HWSCtrl) TOSHIBA Hardware Setup [Kernel | System | Running] -> C:\Program Files\Toshiba\TOSHIBA Applet\HWS_IoDispatch.sys -> [2004/12/11 17:12:00 | 000,006,144 | ---- | M] () (DualPointDev) DualPointDev [Kernel | System | Running] -> C:\Program Files\Toshiba\DualPointUtility\DualPointDev.sys -> [2004/12/11 08:24:28 | 000,006,144 | ---- | M] (TOAHIBA, ) (TCtrlIO) TOSHIBA Controls Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\TCtrlIO.sys -> [2004/12/11 05:52:14 | 000,006,144 | ---- | M] (TOSHIBA ) (StickyMesger) StickyMesger [Kernel | System | Running] -> C:\Program Files\Toshiba\Accessibility\StickyMesger.sys -> [2004/12/10 17:00:44 | 000,006,144 | ---- | M] (TOSHIBA) (EKECioCtl) ECioCtl [Kernel | System | Running] -> C:\Program Files\Toshiba\E-KEY\EKECioCtl.sys -> [2004/12/10 11:29:50 | 000,006,144 | ---- | M] (TOAHIBA, ) (yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\yk51x86.sys -> [2004/11/26 10:29:00 | 000,224,000 | ---- | M] (Marvell) (tifm21) tifm21 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tifm21.sys -> [2004/11/17 13:30:00 | 000,147,840 | ---- | M] (Texas Instruments) (ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Apfiltr.sys -> [2004/11/15 19:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) (w29n51) Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\w29n51.sys -> [2004/10/29 21:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) (AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2004/10/28 17:37:50 | 001,270,572 | ---- | M] (Agere Systems) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2004/10/27 16:57:38 | 002,284,864 | ---- | M] (Realtek Semiconductor Corp.) (s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2004/10/15 13:20:04 | 000,011,354 | ---- | M] (Intel Corporation) (Tosrfbd) Bluetooth RFBUS from TOSHIBA [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\TosRfbd.sys -> [2004/09/03 14:02:40 | 000,095,616 | ---- | M] (TOSHIBA CORPORATION) (IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\iwca.sys -> [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) (Tosrfhid) Bluetooth RFHID from TOSHIBA [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\TosRfhid.sys -> [2004/08/04 19:34:08 | 000,048,512 | ---- | M] (TOSHIBA Corporation.) (tosporte) Bluetooth Port Driver from Toshiba [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Tosporte.sys -> [2004/08/03 10:13:06 | 000,049,070 | ---- | M] (TOSHIBA Corporation) (SerTVOutCtlr) TOSHIBA Controls Driver -EPIOMngr [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\EPIOMngr.sys -> [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) (SrvcSSIOMngr) SrvcSSIOMngr [Kernel | System | Running] -> C:\Program Files\Toshiba\E-KEY\SSIOMngr.sys -> [2004/07/30 02:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) (SrvcEKIOMngr) SrvcEKIOMngr [Kernel | System | Running] -> C:\Program Files\Toshiba\E-KEY\EKIOMngr.sys -> [2004/07/30 02:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) (Aspi32) Aspi32 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\ASPI32.SYS -> [2004/07/16 03:24:34 | 000,016,512 | ---- | M] (Adaptec) (Tosrfbnp) Bluetooth RFBNEP from TOSHIBA [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\tosrfbnp.sys -> [2004/07/09 12:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) (SMCIRDA) SMSC IrCC Miniport Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\smcirda.sys -> [2004/06/16 14:19:58 | 000,046,080 | ---- | M] (SMSC) (TMEI3E) TMEI3E [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TMEI3E.sys -> [2004/06/16 14:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) (TVALG) Toshiba Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\TVALG.SYS -> [2004/06/15 15:15:00 | 000,005,888 | ---- | M] (TOSHIBA Corporation) (Tosrfusb) Bluetooth USB Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tosrfusb.sys -> [2004/06/04 06:45:22 | 000,057,344 | ---- | M] (TOSHIBA CORPORATION) (tosrfec) Bluetooth ACPI from TOSHIBA [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Tosrfec.sys -> [2004/05/18 10:18:26 | 000,008,573 | ---- | M] (TOSHIBA Corporation) (tosrfnds) Bluetooth Personal Area Network from TOSHIBA [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\tosrfnds.sys -> [2004/05/07 09:35:10 | 000,018,308 | ---- | M] (TOSHIBA Corporation.) (Tosrfcom) Bluetooth RFCOMM from TOSHIBA [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\tosrfcom.sys -> [2004/04/20 07:02:50 | 000,062,959 | ---- | M] (TOSHIBA Corporation) (meiudf) meiudf [File_System | System | Running] -> C:\WINDOWS\system32\drivers\meiudf.sys -> [2004/01/30 13:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\alcan5wn.sys -> [2003/12/08 06:53:48 | 000,053,600 | ---- | M] (THOMSON) (alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\alcaudsl.sys -> [2003/12/08 06:53:46 | 000,070,688 | ---- | M] (THOMSON) (KMW_SYS) Kensington MouseWorks Mouse filter driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\KMW_SYS.sys -> [2003/12/01 09:54:36 | 000,090,496 | ---- | M] (Kensington Technology Group) (KMW_KBD) Kensington Input Devices Class filter driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\KMW_KBD.sys -> [2003/12/01 09:53:22 | 000,005,248 | ---- | M] (Kensington Technology Group) (KMW_USB) Kensington MouseWorks USB filter driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\KMW_USB.sys -> [2003/12/01 09:53:06 | 000,009,984 | ---- | M] (Kensington Technology Group) (Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\cdr4_xp.sys -> [2003/10/22 23:15:02 | 000,067,024 | ---- | M] (Roxio) (Cdralw2k) Cdralw2k [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\cdralw2k.sys -> [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) (PLFF) USB Flash Disk Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PLFF.sys -> [2003/10/06 03:29:08 | 000,007,424 | R--- | M] (Prolific Technology Inc.) (TBiosDrv) TBiosDrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tbiosdrv.sys -> [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () (Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\Netdevio.sys -> [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.toshibadirect.com/dpdstart -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> -> HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\] > -> -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\: Main\\"Start Page" -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 0A E3 F8 B3 DC 06 CC 01 [binary data] -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Jamie Heinemann\Application Data\Mozilla\FireFox\Profiles\ugqkiz74.default\prefs.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/04/29 21:10:09 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS -> < FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\Jamie Heinemann\Application Data\Mozilla\Extensions -> [2011/04/29 23:52:32 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2011/04/29 21:10:09 | 000,000,000 | ---D | M] No name found -> -> File not found < HOSTS File > ([2011/04/30 12:05:54 | 000,000,789 | ---- | M] - 21 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [2001/03/02 15:02:04 | 000,037,808 | ---- | M] () {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> [2004/12/30 04:05:00 | 000,118,842 | ---- | M] (Sonic Solutions) {CE7C3CF0-4B15-11D1-ABED-709549C10000} [HKLM] -> [IEHlprObjClass] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\] > -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Bay Service" -> C:\Program Files\TOSHIBA\Bay Service\BaySrvis.exe ["C:\Program Files\TOSHIBA\Bay Service\BaySrvis.exe" Run] -> [2004/12/15 20:07:30 | 000,110,592 | ---- | M] (Dritek System Inc.) "ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) "CeEKEY" -> C:\Program Files\Toshiba\E-KEY\CeEKey.exe [C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe] -> [2004/11/29 12:10:22 | 000,667,648 | ---- | M] (COMPAL ELECTRONIC INC.) "CORSAIR_PLUtil" -> C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe [C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe] -> [2004/11/11 10:37:28 | 000,090,112 | R--- | M] (Prolific Technology Inc.) "DPED" -> C:\WINDOWS\System32\TDuPHook.exe [TDuPHook.exe] -> [2004/12/25 22:11:52 | 000,020,480 | ---- | M] () "DpUtil" -> C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe [C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe] -> [2003/11/11 22:19:04 | 000,159,744 | ---- | M] (TOSHIBA) "HWSetup" -> C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP] -> [2004/12/23 21:07:02 | 000,028,672 | ---- | M] (TOSHIBA CO.,LTD.) "IntelWireless" -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless] -> [2004/10/15 13:27:56 | 000,385,024 | ---- | M] (Intel Corporation) "kmw_run.exe" -> C:\WINDOWS\System32\kmw_run.exe [kmw_run.exe] -> [2003/12/01 09:39:18 | 000,106,496 | ---- | M] (Kensington Technology Group) "masqform.exe" -> C:\Program Files\PureEdge\Viewer 6.0\masqform.exe [C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser] -> [2004/01/26 16:47:22 | 001,048,576 | ---- | M] (PureEdge Solutions Inc.) "MSWheel" -> [] -> File not found "NeroFilterCheck" -> C:\WINDOWS\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 03:50:42 | 000,155,648 | ---- | M] (Ahead Software Gmbh) "NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2004/11/25 01:01:00 | 005,419,008 | ---- | M] (NVIDIA Corporation) "nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2004/11/25 01:01:00 | 001,490,944 | ---- | M] (NVIDIA Corporation) "Pinger" -> c:\toshiba\ivp\ism\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> [2004/11/03 14:12:26 | 000,147,456 | ---- | M] (TOSHIBA Corporation) "PLFFAP" -> C:\WINDOWS\system32\HotFixQ0306270.exe [C:\WINDOWS\system32\HotfixQ0306270.exe] -> [2003/08/05 02:43:04 | 000,045,056 | R--- | M] (Prolific Technology Inc.) "SmoothView" -> C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> [2004/09/15 18:03:08 | 000,135,168 | ---- | M] (TOSHIBA Corporation) "SVPWUTIL" -> C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL] -> [2004/12/27 13:26:58 | 000,061,440 | ---- | M] (TOSHIBA) "TCtryIOHook" -> C:\WINDOWS\System32\TCtrlIOHook.exe [TCtrlIOHook.exe] -> [2005/01/24 16:51:28 | 000,028,672 | ---- | M] (TOSHIBA) "TFncKy" -> [TFncKy.exe] -> File not found "TMERzCtl.EXE" -> C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service] -> [2004/12/07 00:54:28 | 000,081,920 | ---- | M] (TOSHIBA) "TMESRV.EXE" -> C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon] -> [2004/11/11 13:43:56 | 000,126,976 | ---- | M] (TOSHIBA) "TOSHIBA Accessibility" -> C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe [C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe] -> [2004/12/07 08:24:38 | 000,024,576 | ---- | M] (TOSHIBA) "TPSMain" -> C:\WINDOWS\System32\TPSMain.exe [TPSMain.exe] -> [2004/08/27 12:34:20 | 000,278,528 | ---- | M] (TOSHIBA Corporation) "vptray" -> C:\Program Files\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) "ZoomingHook" -> C:\WINDOWS\System32\ZoomingHook.exe [ZoomingHook.exe] -> [2004/07/14 19:07:32 | 000,024,576 | ---- | M] (TOSHIBA) < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) < Run [HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\] > -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "NBJ" -> C:\Program Files\Ahead\Nero BackItUp\NBJ.exe ["C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"] -> [2005/07/14 13:35:42 | 001,961,984 | ---- | M] (Ahead Software AG) "TOSCDSPD" -> C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> [2003/09/05 06:24:46 | 000,065,536 | ---- | M] (TOSHIBA) < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Jamie Heinemann Startup Folder > -> C:\Documents and Settings\Jamie Heinemann\Start Menu\Programs\Startup -> -> C:\Documents and Settings\Jamie Heinemann\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe -> [2009/07/25 22:19:45 | 000,225,280 | ---- | M] (Leader Technologies) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HonorAutoRunSetting" -> [1] -> File not found \\"NoCDBurning" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [323] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"CDRAutoRun" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"CDRAutoRun" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005] > -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005] > -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll [Menu: Sun Java Console] -> [2005/01/08 16:43:23 | 000,069,740 | ---- | M] (Sun Microsystems, Inc.) {77E68763-4284-41d6-B7E7-B6E1F053A9E7}:Exec [HKLM] -> [Button: EmpirePoker] -> File not found {77E68763-4284-41d6-B7E7-B6E1F053A9E7}:Exec [HKLM] -> [Menu: EmpirePoker] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll [Sun Java Console] -> [2005/01/08 16:43:23 | 000,069,740 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll [Sun Java Console] -> [2005/01/08 16:43:23 | 000,069,740 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> Extension\.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Error: Value error.] -> [2001/01/30 16:56:24 | 000,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.) < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\] > -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\] > -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3361997368-2367576671-3140262136-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll [YInstStarter Class] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab [MSN Photo Upload Tool] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 97.64.209.36 97.64.168.13 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {2DD13B67-487A-483E-9FB3-BE4E2AE5AFFB}\\DhcpNameServer -> 192.168.2.1 (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) -> {B6A587AD-3FBF-47FF-93B5-F86ED4D2B1AC}\\DhcpNameServer -> 97.64.209.36 97.64.168.13 (Intel(R) PRO/Wireless 2915ABG Network Connection) -> IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles "MaxScriptStatements" -> Reg Error: Invalid data type. "Use My Stylesheet" -> Reg Error: Invalid data type. < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> IntelWireless -> C:\Program Files\Intel\Wireless\Bin\LgNotify.dll -> [2004/10/15 13:27:42 | 000,110,592 | ---- | M] (Intel Corporation) NavLogon -> C:\WINDOWS\system32\NavLogon.dll -> [2006/09/27 20:33:54 | 000,043,760 | ---- | M] (Symantec Corporation) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 18:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Program Files\America Online 9.0\waol.exe" -> [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\MSN Messenger\livecall.exe" -> [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Documents and Settings\Jamie Heinemann\My Documents\My Received Files\wowclient-downloader.exe" -> C:\Documents and Settings\Jamie Heinemann\My Documents\My Received Files\wowclient-downloader.exe [C:\Documents and Settings\Jamie Heinemann\My Documents\My Received Files\wowclient-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/01/02 12:16:38 | 001,027,090 | ---- | M] (Blizzard Entertainment) "C:\Program Files\MSN Messenger\livecall.exe" -> [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found "C:\Program Files\Real\RealPlayer\realplay.exe" -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> [2005/01/08 16:52:13 | 000,026,112 | ---- | M] (RealNetworks, Inc.) "C:\Program Files\SecondLife\SLVoice.exe" -> [C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice] -> File not found "C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe" -> C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe [C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad] -> [2006/08/28 05:48:16 | 002,392,064 | ---- | M] () "C:\Program Files\SopCast\SopCast.exe" -> [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application] -> File not found "C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe" -> [C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW] -> File not found "C:\Program Files\World of Warcraft\BackgroundDownloader.exe" -> [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> File not found "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> File not found "C:\Program Files\Yahoo!\Messenger\YPager.exe" -> [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found "C:\TOSHIBA\Ivp\ISM\pinger.exe" -> C:\TOSHIBA\IVP\ISM\pinger.exe [C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] -> [2004/11/03 14:12:26 | 000,147,456 | ---- | M] (TOSHIBA Corporation) "C:\TOSHIBA\ivp\NetInt\Netint.exe" -> C:\TOSHIBA\ivp\NetInt\Netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine] -> [2004/11/03 17:06:34 | 000,462,848 | ---- | M] (TOSHIBA Corporation) "C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\System32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/13 19:12:18 | 000,083,456 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{f55066b5-6c46-11e0-9229-0012f07c9ce1} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell \{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell\AutoRun \{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell\AutoRun\command \{f55066b5-6c46-11e0-9229-0012f07c9ce1}\Shell\AutoRun\command\\"" -> [E:\KODAK_Software_Downloader.exe] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> "bootini" -> 0 -> "services" -> 0 -> "startup" -> 0 -> "system.ini" -> 0 -> "win.ini" -> 0 -> < Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 19:12:42 | 000,199,680 | ---- | M] (Intel Corporation) "msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010/01/29 09:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 19:10:50 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.) "msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 07:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.) "vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2010/06/17 09:03:00 | 000,080,384 | ---- | M] (Radius Inc.) "vidc.DIVX" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2005/08/09 17:13:59 | 000,692,736 | ---- | M] (DivXNetworks) "vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 07:00:00 | 000,199,168 | ---- | M] () "vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 07:00:00 | 000,199,168 | ---- | M] () "vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 19:12:42 | 000,848,384 | ---- | M] (Intel Corporation) "vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 19:11:55 | 000,755,200 | ---- | M] (Intel Corporation) "vidc.yv12" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2005/08/09 17:13:59 | 000,692,736 | ---- | M] (DivXNetworks) < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> 6to4 -> -> File not found Ias -> -> File not found Iprip -> -> File not found NWCWorkstation -> -> File not found Nwsapagent -> -> File not found WmdmPmSp -> -> File not found *MultiFile Done* -> -> < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group PCI Configuration -> Driver Group PEVSystemStart -> -> File not found PNP Filter -> Driver Group Primary disk -> Driver Group procexp90.Sys -> Driver SCSI Class -> Driver Group sermouse.sys -> Driver System Bus Extender -> Driver Group vds -> Service vga.sys -> Driver WinDefend -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> exefile [open] -> "%1" %* -> InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 4/30/2011 11:50:53 AM Computer Name = MOBILEBEAST | Source = Userenv | ID = 1041 -> Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Application [ Error ] 4/30/2011 11:50:57 AM Computer Name = MOBILEBEAST | Source = Userenv | ID = 1041 -> Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Application [ Error ] 4/30/2011 11:50:57 AM Computer Name = MOBILEBEAST | Source = Userenv | ID = 1041 -> Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Application [ Error ] 4/30/2011 11:52:00 AM Computer Name = MOBILEBEAST | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: MOBILEBEAST\Jamie Heinemann Checkpoint ID: 1 Error Code: 0x80070005 Error description: Access is denied. Application [ Error ] 4/30/2011 11:52:00 AM Computer Name = MOBILEBEAST | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: MOBILEBEAST\Jamie Heinemann Checkpoint ID: 1 Error Code: 0x8000ffff Error description: Catastrophic failure Application [ Error ] 4/30/2011 1:09:10 PM Computer Name = MOBILEBEAST | Source = Userenv | ID = 1041 -> Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Application [ Error ] 4/30/2011 1:09:10 PM Computer Name = MOBILEBEAST | Source = Userenv | ID = 1041 -> Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Application [ Error ] 4/30/2011 1:09:20 PM Computer Name = MOBILEBEAST | Source = Userenv | ID = 1041 -> Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Application [ Error ] 4/30/2011 1:09:20 PM Computer Name = MOBILEBEAST | Source = Userenv | ID = 1041 -> Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Application [ Error ] 4/30/2011 1:10:41 PM Computer Name = MOBILEBEAST | Source = WinDefendRtp | ID = 3003 -> Description = %%827 Real-Time Protection checkpoint has encountered an error and failed to start. User: MOBILEBEAST\Jamie Heinemann Checkpoint ID: 1 Error Code: 0x80070005 Error description: Access is denied. System [ Error ] 4/30/2011 9:31:23 AM Computer Name = MOBILEBEAST | Source = Service Control Manager | ID = 7034 -> Description = The RegSrvc service terminated unexpectedly. It has done this 1 time(s). System [ Error ] 4/30/2011 9:31:23 AM Computer Name = MOBILEBEAST | Source = Service Control Manager | ID = 7034 -> Description = The Swupdtmr service terminated unexpectedly. It has done this 1 time(s). System [ Error ] 4/30/2011 9:31:23 AM Computer Name = MOBILEBEAST | Source = Service Control Manager | ID = 7034 -> Description = The Tmesrv3 service terminated unexpectedly. It has done this 1 time(s). System [ Error ] 4/30/2011 12:12:06 PM Computer Name = MOBILEBEAST | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} System [ Error ] 4/30/2011 12:12:15 PM Computer Name = MOBILEBEAST | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} System [ Error ] 4/30/2011 12:13:02 PM Computer Name = MOBILEBEAST | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: DualPointDev eeCtrl EKECioCtl Fips HWSCtrl intelppm SAVRT SAVRTPEL SerTVOutCtlr SPBBCDrv SPCtl SrvcEKIOMngr SrvcSSIOMngr StickyMesger SYMTDI TMEI3E Tosrfcom TPwSav System [ Error ] 4/30/2011 1:06:14 PM Computer Name = MOBILEBEAST | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} System [ Error ] 4/30/2011 1:07:20 PM Computer Name = MOBILEBEAST | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} System [ Error ] 4/30/2011 2:00:06 PM Computer Name = MOBILEBEAST | Source = Service Control Manager | ID = 7034 -> Description = The Swupdtmr service terminated unexpectedly. It has done this 1 time(s). System [ Error ] 4/30/2011 3:36:53 PM Computer Name = MOBILEBEAST | Source = Service Control Manager | ID = 7034 -> Description = The Swupdtmr service terminated unexpectedly. It has done this 1 time(s). [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\OTS.exe -> [2011/04/30 16:42:55 | 000,645,632 | ---- | C] (OldTimer Tools) mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/04/30 16:27:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) mbam-setup-1.50.1.1100.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\mbam-setup-1.50.1.1100.exe -> [2011/04/30 16:26:43 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) LastGood -> C:\WINDOWS\LastGood -> [2011/04/30 16:01:19 | 000,000,000 | ---D | C] ComboFix -> C:\ComboFix -> [2011/04/30 14:35:08 | 000,000,000 | --SD | C] cmdcons -> C:\cmdcons -> [2011/04/30 13:42:23 | 000,000,000 | ---D | C] WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> [2011/04/30 13:40:12 | 004,614,888 | ---- | C] (Microsoft Corporation) NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2011/04/30 12:57:11 | 000,031,232 | ---- | C] (NirSoft) SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2011/04/30 12:47:25 | 000,212,480 | ---- | C] (SteelWerX) SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2011/04/30 12:47:25 | 000,161,792 | ---- | C] (SteelWerX) SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2011/04/30 12:47:25 | 000,136,704 | ---- | C] (SteelWerX) DoctorWeb -> C:\Documents and Settings\Jamie Heinemann\DoctorWeb -> [2011/04/30 11:13:09 | 000,000,000 | ---D | C] setup_9.0.0.722_30.04.2011_17-36.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\setup_9.0.0.722_30.04.2011_17-36.exe -> [2011/04/30 10:27:32 | 111,964,744 | ---- | C] ( ) ERDNT -> C:\WINDOWS\ERDNT -> [2011/04/30 09:32:43 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2011/04/30 09:32:26 | 000,000,000 | ---D | C] RK_Quarantine -> C:\Documents and Settings\Jamie Heinemann\Desktop\RK_Quarantine -> [2011/04/30 09:29:25 | 000,000,000 | ---D | C] aswMBR.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\aswMBR.exe -> [2011/04/30 08:42:39 | 000,574,464 | ---- | C] (AVAST Software) _OTL -> C:\_OTL -> [2011/04/30 08:22:21 | 000,000,000 | ---D | C] OTL.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\OTL.exe -> [2011/04/30 03:09:50 | 000,580,608 | ---- | C] (OldTimer Tools) GooredFix Backups -> C:\Documents and Settings\Jamie Heinemann\Desktop\GooredFix Backups -> [2011/04/30 02:32:59 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2011/04/30 01:45:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/04/30 01:45:27 | 000,000,000 | ---D | C] Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/04/30 01:45:23 | 000,000,000 | ---D | C] _OTM -> C:\_OTM -> [2011/04/30 00:08:52 | 000,000,000 | ---D | C] Downloads -> C:\Documents and Settings\Jamie Heinemann\My Documents\Downloads -> [2011/04/30 00:05:21 | 000,000,000 | ---D | C] Mozilla -> C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\Mozilla -> [2011/04/29 23:52:19 | 000,000,000 | ---D | C] Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2011/04/29 21:10:06 | 000,000,000 | ---D | C] Recent -> C:\Documents and Settings\Jamie Heinemann\Recent -> [2011/04/28 18:26:11 | 000,000,000 | R--D | C] Malwarebytes -> C:\Documents and Settings\Jamie Heinemann\Application Data\Malwarebytes -> [2011/04/28 18:14:12 | 000,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2011/04/28 18:13:59 | 000,000,000 | ---D | C] {A2A58654-12AA-408A-B411-58A76959BE7F} -> C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F} -> [2011/04/21 14:10:10 | 000,000,000 | ---D | C] Downloaded Installations -> C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\Downloaded Installations -> [2011/04/21 11:48:36 | 000,000,000 | ---D | C] 2 C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp files -> C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files/Folders - Modified Within 30 Days] OTS.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\OTS.exe -> [2011/04/30 16:42:54 | 000,645,632 | ---- | M] (OldTimer Tools) Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/04/30 16:27:50 | 000,000,842 | ---- | M] () mbam-setup-1.50.1.1100.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\mbam-setup-1.50.1.1100.exe -> [2011/04/30 16:27:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) MBR.dat -> C:\Documents and Settings\Jamie Heinemann\Desktop\MBR.dat -> [2011/04/30 16:23:34 | 000,000,512 | ---- | M] () aswMBR.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\aswMBR.exe -> [2011/04/30 16:19:49 | 000,574,464 | ---- | M] (AVAST Software) wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/04/30 16:10:39 | 000,001,158 | ---- | M] () MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2011/04/30 15:59:02 | 000,000,330 | -H-- | M] () nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2011/04/30 15:57:08 | 000,017,549 | ---- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/04/30 15:55:50 | 000,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/04/30 15:55:41 | 1072,156,672 | -HS- | M] () boot.ini -> C:\boot.ini -> [2011/04/30 13:42:29 | 000,000,327 | RHS- | M] () WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> [2011/04/30 13:40:30 | 004,614,888 | ---- | M] (Microsoft Corporation) ComboFix.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\ComboFix.exe -> [2011/04/30 12:43:44 | 004,333,869 | R--- | M] () DrWeb.csv -> C:\Documents and Settings\Jamie Heinemann\Desktop\DrWeb.csv -> [2011/04/30 12:06:12 | 000,000,147 | ---- | M] () hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/04/30 12:05:54 | 000,000,789 | ---- | M] () d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/04/30 11:14:15 | 000,000,664 | ---- | M] () g29q2ady.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\g29q2ady.exe -> [2011/04/30 11:09:01 | 061,003,072 | ---- | M] () setup_9.0.0.722_30.04.2011_17-36drv.spi -> C:\WINDOWS\setup_9.0.0.722_30.04.2011_17-36drv.spi -> [2011/04/30 10:43:11 | 000,000,096 | -HS- | M] () setup_9.0.0.722_30.04.2011_17-36.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\setup_9.0.0.722_30.04.2011_17-36.exe -> [2011/04/30 10:32:41 | 111,964,744 | ---- | M] ( ) RogueKiller.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\RogueKiller.exe -> [2011/04/30 09:28:35 | 000,450,560 | ---- | M] () default.pls -> C:\Documents and Settings\Jamie Heinemann\default.pls -> [2011/04/30 08:44:25 | 000,000,107 | ---- | M] () NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2011/04/30 08:44:21 | 000,000,229 | ---- | M] () OTL.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\OTL.exe -> [2011/04/30 03:09:49 | 000,580,608 | ---- | M] (OldTimer Tools) Mozilla Firefox.lnk -> C:\Documents and Settings\Jamie Heinemann\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2011/04/29 21:10:10 | 000,000,800 | ---- | M] () Mozilla Firefox.lnk -> C:\Documents and Settings\Jamie Heinemann\Desktop\Mozilla Firefox.lnk -> [2011/04/29 21:10:10 | 000,000,782 | ---- | M] () QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [2011/04/28 18:18:02 | 000,054,156 | ---- | M] () PhotoSnapViewer.INI -> C:\WINDOWS\PhotoSnapViewer.INI -> [2011/04/21 16:20:27 | 000,000,151 | ---- | M] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/04/20 18:10:38 | 000,385,164 | ---- | M] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/04/20 18:10:38 | 000,054,682 | ---- | M] () FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/04/17 20:42:29 | 000,285,312 | ---- | M] () imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/04/16 20:32:04 | 000,001,374 | ---- | M] () Microsoft Office Word 2003.lnk -> C:\Documents and Settings\Jamie Heinemann\Desktop\Microsoft Office Word 2003.lnk -> [2011/04/10 00:41:33 | 000,002,497 | ---- | M] () 2 C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp files -> C:\Documents and Settings\Jamie Heinemann\Desktop\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files - No Company Name] Boot.bak -> C:\Boot.bak -> [2011/04/30 13:42:29 | 000,000,211 | ---- | C] () cmldr -> C:\cmldr -> [2011/04/30 12:50:08 | 000,260,272 | ---- | C] () PEV.exe -> C:\WINDOWS\PEV.exe -> [2011/04/30 12:47:25 | 000,256,512 | ---- | C] () sed.exe -> C:\WINDOWS\sed.exe -> [2011/04/30 12:47:25 | 000,098,816 | ---- | C] () MBR.exe -> C:\WINDOWS\MBR.exe -> [2011/04/30 12:47:25 | 000,089,088 | ---- | C] () grep.exe -> C:\WINDOWS\grep.exe -> [2011/04/30 12:47:25 | 000,080,412 | ---- | C] () zip.exe -> C:\WINDOWS\zip.exe -> [2011/04/30 12:47:25 | 000,068,096 | ---- | C] () hiberfil.sys -> C:\hiberfil.sys -> [2011/04/30 12:08:40 | 1072,156,672 | -HS- | C] () DrWeb.csv -> C:\Documents and Settings\Jamie Heinemann\Desktop\DrWeb.csv -> [2011/04/30 12:06:12 | 000,000,147 | ---- | C] () d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/04/30 11:14:15 | 000,000,664 | ---- | C] () g29q2ady.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\g29q2ady.exe -> [2011/04/30 11:05:10 | 061,003,072 | ---- | C] () setup_9.0.0.722_30.04.2011_17-36drv.spi -> C:\WINDOWS\setup_9.0.0.722_30.04.2011_17-36drv.spi -> [2011/04/30 10:43:11 | 000,000,096 | -HS- | C] () ComboFix.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\ComboFix.exe -> [2011/04/30 09:30:22 | 004,333,869 | R--- | C] () RogueKiller.exe -> C:\Documents and Settings\Jamie Heinemann\Desktop\RogueKiller.exe -> [2011/04/30 09:28:36 | 000,450,560 | ---- | C] () MBR.dat -> C:\Documents and Settings\Jamie Heinemann\Desktop\MBR.dat -> [2011/04/30 08:44:59 | 000,000,512 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/04/30 01:45:27 | 000,000,842 | ---- | C] () Mozilla Firefox.lnk -> C:\Documents and Settings\Jamie Heinemann\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2011/04/29 21:10:10 | 000,000,800 | ---- | C] () Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk -> [2011/04/29 21:10:10 | 000,000,788 | ---- | C] () Mozilla Firefox.lnk -> C:\Documents and Settings\Jamie Heinemann\Desktop\Mozilla Firefox.lnk -> [2011/04/29 21:10:10 | 000,000,782 | ---- | C] () OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () OGAEXEC.exe -> C:\WINDOWS\System32\OGAEXEC.exe -> [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2007/11/09 10:10:08 | 000,001,755 | ---- | C] () vpc32.INI -> C:\WINDOWS\vpc32.INI -> [2007/10/10 22:58:47 | 000,000,000 | ---- | C] () pcf.INI -> C:\WINDOWS\pcf.INI -> [2007/05/06 01:52:38 | 000,000,000 | ---- | C] () MCC16.dll -> C:\WINDOWS\System32\MCC16.dll -> [2007/02/22 14:45:31 | 000,006,048 | ---- | C] () pcfriend.INI -> C:\WINDOWS\pcfriend.INI -> [2007/02/14 18:32:43 | 000,000,000 | ---- | C] () CmdLineExt03.dll -> C:\WINDOWS\System32\CmdLineExt03.dll -> [2006/08/30 18:08:43 | 000,043,520 | ---- | C] () stci.dll -> C:\WINDOWS\System32\stci.dll -> [2006/02/23 06:37:53 | 000,005,606 | ---- | C] () PureEdgeAPI.ini -> C:\WINDOWS\PureEdgeAPI.ini -> [2006/01/25 13:06:53 | 000,000,061 | ---- | C] () MSQOLE.DLL -> C:\WINDOWS\System32\MSQOLE.DLL -> [2006/01/25 13:06:51 | 000,167,936 | ---- | C] () wklnhst.dat -> C:\Documents and Settings\Jamie Heinemann\Application Data\wklnhst.dat -> [2006/01/17 15:49:01 | 000,000,086 | ---- | C] () PhotoSnapViewer.INI -> C:\WINDOWS\PhotoSnapViewer.INI -> [2005/09/20 16:22:05 | 000,000,151 | ---- | C] () swupdate.INI -> C:\WINDOWS\swupdate.INI -> [2005/09/08 22:27:55 | 000,000,067 | ---- | C] () NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2005/08/30 17:27:23 | 000,000,229 | ---- | C] () DivXsm.exe -> C:\WINDOWS\System32\DivXsm.exe -> [2005/08/09 17:13:59 | 000,524,288 | ---- | C] () libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2005/08/09 17:13:31 | 000,831,488 | ---- | C] () ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2005/08/09 17:13:31 | 000,159,744 | ---- | C] () qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2005/08/09 17:12:28 | 003,596,288 | ---- | C] () kmw_show.exe -> C:\WINDOWS\System32\kmw_show.exe -> [2005/07/30 18:53:36 | 000,172,032 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Jamie Heinemann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2005/07/24 17:09:28 | 000,032,768 | ---- | C] () iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2005/07/23 20:58:51 | 000,000,000 | ---- | C] () msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2005/07/23 03:24:21 | 000,000,002 | ---- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2005/07/06 11:40:34 | 000,000,061 | ---- | C] () IVIresizeW7.dll -> C:\WINDOWS\System32\IVIresizeW7.dll -> [2005/07/06 11:30:15 | 000,204,800 | ---- | C] () IVIresizeA6.dll -> C:\WINDOWS\System32\IVIresizeA6.dll -> [2005/07/06 11:30:15 | 000,200,704 | ---- | C] () IVIresizeP6.dll -> C:\WINDOWS\System32\IVIresizeP6.dll -> [2005/07/06 11:30:15 | 000,192,512 | ---- | C] () IVIresizeM6.dll -> C:\WINDOWS\System32\IVIresizeM6.dll -> [2005/07/06 11:30:15 | 000,192,512 | ---- | C] () IVIresizePX.dll -> C:\WINDOWS\System32\IVIresizePX.dll -> [2005/07/06 11:30:15 | 000,188,416 | ---- | C] () IVIresize.dll -> C:\WINDOWS\System32\IVIresize.dll -> [2005/07/06 11:30:10 | 000,020,480 | ---- | C] () RTLCPAPI.dll -> C:\WINDOWS\System32\RTLCPAPI.dll -> [2005/07/06 11:26:31 | 000,156,672 | ---- | C] () ChCfg.exe -> C:\WINDOWS\System32\ChCfg.exe -> [2005/07/06 11:26:31 | 000,040,448 | ---- | C] () alcxinit.dat -> C:\WINDOWS\System32\drivers\alcxinit.dat -> [2005/07/06 11:26:28 | 000,001,232 | ---- | C] () alcxhweq.dat -> C:\WINDOWS\System32\drivers\alcxhweq.dat -> [2005/07/06 11:26:28 | 000,000,176 | ---- | C] () tosOBEX.INI -> C:\WINDOWS\tosOBEX.INI -> [2005/02/05 15:04:47 | 000,000,000 | ---- | C] () nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2005/01/08 16:50:56 | 000,000,335 | ---- | C] () wininit.ini -> C:\WINDOWS\wininit.ini -> [2005/01/08 16:42:01 | 000,000,138 | ---- | C] () NDSTray.INI -> C:\WINDOWS\NDSTray.INI -> [2005/01/08 15:42:20 | 000,000,000 | ---- | C] () csellang.ini -> C:\WINDOWS\System32\csellang.ini -> [2005/01/08 15:27:59 | 000,128,113 | ---- | C] () csellang.dll -> C:\WINDOWS\System32\csellang.dll -> [2005/01/08 15:27:59 | 000,045,056 | ---- | C] () tosmreg.ini -> C:\WINDOWS\System32\tosmreg.ini -> [2005/01/08 15:27:59 | 000,010,167 | ---- | C] () cseltbl.ini -> C:\WINDOWS\System32\cseltbl.ini -> [2005/01/08 15:27:59 | 000,007,671 | ---- | C] () InstDrvr.exe -> C:\WINDOWS\InstDrvr.exe -> [2005/01/08 15:25:34 | 000,090,112 | ---- | C] () tbiosdrv.sys -> C:\WINDOWS\System32\drivers\tbiosdrv.sys -> [2005/01/08 15:25:34 | 000,006,867 | ---- | C] () ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/01/08 03:04:14 | 000,000,376 | ---- | C] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2005/01/08 02:59:05 | 000,002,048 | --S- | C] () emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2005/01/08 02:52:44 | 000,021,640 | ---- | C] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/01/08 02:51:36 | 000,001,793 | ---- | C] () OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2005/01/08 01:30:05 | 000,000,380 | ---- | C] () secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2005/01/08 01:27:46 | 000,004,569 | ---- | C] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2005/01/08 01:27:43 | 000,385,164 | ---- | C] () perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2005/01/08 01:27:43 | 000,272,128 | ---- | C] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2005/01/08 01:27:43 | 000,054,682 | ---- | C] () perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2005/01/08 01:27:43 | 000,028,626 | ---- | C] () oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2005/01/08 01:27:41 | 000,004,631 | ---- | C] () oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2005/01/08 01:27:40 | 013,107,200 | ---- | C] () noise.dat -> C:\WINDOWS\System32\noise.dat -> [2005/01/08 01:27:38 | 000,000,741 | ---- | C] () mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2005/01/08 01:27:32 | 000,673,088 | ---- | C] () mib.bin -> C:\WINDOWS\System32\mib.bin -> [2005/01/08 01:27:32 | 000,046,258 | ---- | C] () dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2005/01/08 01:27:21 | 000,218,003 | ---- | C] () dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2005/01/08 01:27:14 | 000,001,804 | ---- | C] () ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2005/01/07 18:46:10 | 000,004,161 | ---- | C] () FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2005/01/07 18:45:02 | 000,285,312 | ---- | C] () TPeculiarity.dll -> C:\WINDOWS\System32\TPeculiarity.dll -> [2004/12/29 18:09:52 | 000,077,824 | ---- | C] () TDuPHook.exe -> C:\WINDOWS\System32\TDuPHook.exe -> [2004/12/25 22:11:52 | 000,020,480 | ---- | C] () TEDApi.dll -> C:\WINDOWS\System32\TEDApi.dll -> [2004/12/15 01:23:12 | 000,065,536 | ---- | C] () EKECioCtl.dll -> C:\WINDOWS\System32\EKECioCtl.dll -> [2004/12/14 10:40:16 | 000,057,344 | ---- | C] () iwca.dll -> C:\WINDOWS\System32\iwca.dll -> [2004/08/12 10:44:10 | 000,016,384 | ---- | C] () px.ini -> C:\WINDOWS\System32\px.ini -> [2004/08/04 11:58:54 | 000,000,000 | ---- | C] () TosBtHcrpAPI.dll -> C:\WINDOWS\System32\TosBtHcrpAPI.dll -> [2004/07/21 12:04:02 | 000,094,208 | ---- | C] () TosMousePage.dll -> C:\WINDOWS\System32\TosMousePage.dll -> [2004/06/18 05:54:18 | 001,527,808 | ---- | C] () TosKeyboardPage.dll -> C:\WINDOWS\System32\TosKeyboardPage.dll -> [2004/06/18 05:47:48 | 000,770,048 | ---- | C] () TosBtAcc.dll -> C:\WINDOWS\System32\TosBtAcc.dll -> [2004/06/18 05:11:44 | 000,114,688 | ---- | C] () TBTMonUI.dll -> C:\WINDOWS\System32\TBTMonUI.dll -> [2004/01/16 09:43:28 | 000,114,688 | ---- | C] () tifmicon.dll -> C:\WINDOWS\System32\tifmicon.dll -> [2004/01/13 21:46:00 | 000,172,032 | ---- | C] () TosHidAPI.dll -> C:\WINDOWS\System32\TosHidAPI.dll -> [2003/07/30 10:33:26 | 000,061,440 | ---- | C] () OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 17:05:08 | 000,002,695 | ---- | C] () TosCommAPI.dll -> C:\WINDOWS\System32\TosCommAPI.dll -> [2002/06/05 04:58:30 | 000,065,536 | ---- | C] () Iticheck.dll -> C:\WINDOWS\System32\Iticheck.dll -> [1998/10/11 00:07:38 | 000,088,576 | ---- | C] () [File - Lop Check] InterTrust -> C:\Documents and Settings\Administrator\Application Data\InterTrust -> [2005/01/08 15:44:32 | 000,000,000 | ---D | M] toshiba -> C:\Documents and Settings\Administrator\Application Data\toshiba -> [2005/02/05 15:03:41 | 000,000,000 | ---D | M] Avanquest Software -> C:\Documents and Settings\All Users\Application Data\Avanquest Software -> [2006/03/15 13:34:44 | 000,000,000 | ---D | M] BVRP Software -> C:\Documents and Settings\All Users\Application Data\BVRP Software -> [2007/01/18 14:38:38 | 000,000,000 | ---D | M] Napster -> C:\Documents and Settings\All Users\Application Data\Napster -> [2007/01/29 09:56:04 | 000,000,000 | ---D | M] PureEdge -> C:\Documents and Settings\All Users\Application Data\PureEdge -> [2006/01/25 13:07:00 | 000,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2005/01/08 16:52:36 | 000,000,000 | ---D | M] {A2A58654-12AA-408A-B411-58A76959BE7F} -> C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F} -> [2011/04/21 14:10:10 | 000,000,000 | ---D | M] InterTrust -> C:\Documents and Settings\Default User\Application Data\InterTrust -> [2005/01/08 15:44:32 | 000,000,000 | ---D | M] toshiba -> C:\Documents and Settings\Default User\Application Data\toshiba -> [2005/02/05 15:03:41 | 000,000,000 | ---D | M] Datalayer -> C:\Documents and Settings\Jamie Heinemann\Application Data\Datalayer -> [2006/01/01 16:51:36 | 000,000,000 | ---D | M] InterTrust -> C:\Documents and Settings\Jamie Heinemann\Application Data\InterTrust -> [2005/01/08 15:44:32 | 000,000,000 | ---D | M] InterVideo -> C:\Documents and Settings\Jamie Heinemann\Application Data\InterVideo -> [2005/07/23 15:53:27 | 000,000,000 | ---D | M] Kensington -> C:\Documents and Settings\Jamie Heinemann\Application Data\Kensington -> [2005/07/30 18:55:37 | 000,000,000 | ---D | M] Leadertech -> C:\Documents and Settings\Jamie Heinemann\Application Data\Leadertech -> [2009/07/25 21:52:01 | 000,000,000 | ---D | M] MSNInstaller -> C:\Documents and Settings\Jamie Heinemann\Application Data\MSNInstaller -> [2007/06/09 17:35:22 | 000,000,000 | ---D | M] Nokia -> C:\Documents and Settings\Jamie Heinemann\Application Data\Nokia -> [2006/01/01 16:51:39 | 000,000,000 | ---D | M] PureEdge -> C:\Documents and Settings\Jamie Heinemann\Application Data\PureEdge -> [2006/01/25 13:07:00 | 000,000,000 | ---D | M] SecondLife -> C:\Documents and Settings\Jamie Heinemann\Application Data\SecondLife -> [2007/10/25 22:07:34 | 000,000,000 | ---D | M] Template -> C:\Documents and Settings\Jamie Heinemann\Application Data\Template -> [2006/01/17 15:49:02 | 000,000,000 | ---D | M] toshiba -> C:\Documents and Settings\Jamie Heinemann\Application Data\toshiba -> [2005/11/30 05:50:16 | 000,000,000 | ---D | M] MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2011/04/30 15:59:02 | 000,000,330 | -H-- | M] () [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > < MD5 Scans Start> < %systemdrive%\EXPLORER.EXE /md5 /s > explorer.exe : MD5=12896823FB95BFB3DC9B46BCAEDC9923 -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=12896823FB95BFB3DC9B46BCAEDC9923 -> C:\WINDOWS\ServicePackFiles\i386\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -> C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe -> [2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=97BD6515465659FF8F3B7BE375B2EA87 -> C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=A0732187050030AE399B241436565E64 -> C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -> [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=A0732187050030AE399B241436565E64 -> C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\explorer.exe -> [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) < %systemdrive%\SVCHOST.EXE /md5 /s > svchost.exe : MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -> C:\WINDOWS\ServicePackFiles\i386\svchost.exe -> [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) svchost.exe : MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -> C:\WINDOWS\system32\svchost.exe -> [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) svchost.exe : MD5=8F078AE4ED187AAABC0A305146DE6716 -> C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -> [2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) svchost.exe : MD5=8F078AE4ED187AAABC0A305146DE6716 -> C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\svchost.exe -> [2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) < %systemdrive%\USERINIT.EXE /md5 /s > userinit.exe : MD5=39B1FFB03C2296323832ACBAE50D2AFF -> C:\WINDOWS\$NtServicePackUninstall$\userinit.exe -> [2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) userinit.exe : MD5=39B1FFB03C2296323832ACBAE50D2AFF -> C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\userinit.exe -> [2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) userinit.exe : MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -> C:\WINDOWS\ServicePackFiles\i386\userinit.exe -> [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) userinit.exe : MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) < %systemdrive%\WINLOGON.EXE /md5 /s > winlogon.exe : MD5=01C3346C241652F43AED8E2149881BFE -> C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -> [2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) winlogon.exe : MD5=01C3346C241652F43AED8E2149881BFE -> C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\winlogon.exe -> [2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) winlogon.exe : MD5=ED0EF0A136DEC83DF69F04118870003E -> C:\WINDOWS\ServicePackFiles\i386\winlogon.exe -> [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) winlogon.exe : MD5=ED0EF0A136DEC83DF69F04118870003E -> C:\WINDOWS\system32\winlogon.exe -> [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> FIREFOX.EXE -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> FIREFOX.EXE -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> IEXPLORE.EXE -> < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> FIREFOX.EXE -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> FIREFOX.EXE -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2009/04/28 04:05:56 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> IEXPLORE.EXE -> Restore point Set: OTS Restore Point (0) < End of report > [/code]