This topic is locked
OTL
OTL logfile created on: 11/12/2010 6:38:58 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2998 2998 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.41 Gb Total Space | 57.86 Gb Free Space | 77.75% Space Free | Partition Type: NTFS
Drive D: | 489.73 Mb Total Space | 336.42 Mb Free Space | 68.70% Space Free | Partition Type: FAT
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/09/11 17:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/04 15:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2008/09/04 15:19:46 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/07/31 22:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2008/07/31 22:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) [Auto] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/05/29 18:43:02 | 000,558,496 | ---- | M] (ScriptLogic Software Corporation) [Auto] -- C:\WINDOWS\system32\slClient.exe -- (SLClient)
SRV - [2008/05/22 18:32:08 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto] -- C:\Program Files\IDT\DellXPM09B_6017v022\WDM\stacsv.exe -- (STacSV)
SRV - [2005/11/09 10:34:54 | 000,159,744 | ---- | M] (DameWare Development LLC) [Auto] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
SRV - [2005/06/10 10:10:36 | 000,245,760 | ---- | M] (Novadigm) [Auto] -- C:\Program Files\Novadigm\radsched.exe -- (radsched)
SRV - [2005/05/11 16:01:40 | 000,225,280 | ---- | M] (Novadigm) [Auto] -- C:\Program Files\Novadigm\radexecd.exe -- (radexecd)
SRV - [2004/10/18 04:01:00 | 000,069,632 | ---- | M] (Hewlett-Packard) [Auto] -- C:\Program Files\Novadigm\AXF\Bin\XFSrvcNT.Exe -- (XFSrvcNT)
SRV - [2004/08/04 11:53:18 | 000,299,008 | ---- | M] (Novadigm) [Auto] -- C:\Program Files\Novadigm\Radstgms.exe -- (Radstgms)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/10/18 08:34:22 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101111.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 08:34:22 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/18 08:34:22 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/18 08:34:22 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101111.039\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/10 23:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/07/31 14:00:43 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/07/31 13:53:20 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/10/24 19:00:32 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/09/04 15:47:26 | 000,091,968 | ---- | M] (Symantec Corporation) [Kernel | Disabled] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/09/04 15:45:36 | 000,041,792 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/08/25 17:03:04 | 006,045,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/08/15 10:41:08 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/08/15 10:41:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/15 10:41:06 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/07/31 22:39:26 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/30 17:44:18 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/07/10 03:57:56 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/06/16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/05/22 18:32:50 | 001,381,914 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/05/20 17:21:26 | 000,108,160 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/05/08 14:07:20 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/05/08 14:05:06 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/05/08 14:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/04/14 02:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/04 14:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/01/07 21:57:44 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2007/10/17 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/12 08:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005/05/13 19:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2004/10/18 04:01:00 | 000,058,748 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\XFDrvrNT.Sys -- (XFDrvrNT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://scholar
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = scholar
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://scholar
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://scholar
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\e24036_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal-prd/
IE - HKU\e24036_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\e24036_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = scholar
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = scholar
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\q91718_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal-prd/
IE - HKU\q91718_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\q91718_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\q91718_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://GOBNTPISA1.co....Routing.Script
IE - HKU\SLuser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://scholar
IE - HKU\SLuser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\SLuser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [!AXF XFRunOne.Exe] C:\Program Files\Novadigm\AXF\Bin\XFRunOne.Exe (Hewlett-Packard)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [uegdfuww] C:\Documents and Settings\e24036\Local Settings\Application Data\tdgdipnvx\uggyqfktssd.exe File not found
O4 - HKU\e24036_ON_C..\Run: [uegdfuww] C:\Documents and Settings\e24036\Local Settings\Application Data\tdgdipnvx\uggyqfktssd.exe File not found
O4 - HKLM..\RunOnce: [!AXF XFRunOne.Exe] C:\Program Files\Novadigm\AXF\Bin\XFRunOne.Exe (Hewlett-Packard)
O4 - HKU\e24036_ON_C..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\off2k3.cmd ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\outprf.cmd ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\radcuxp.lnk = C:\Program Files\Novadigm\cu\radcuxp.cmd ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rum.cmd ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\e24036_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\e24036_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\e24036_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\e24036_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = $sys$drv.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = $sys$sonyTimer.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = $sys$sos$sys$.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = $sys$WeLoveMcCOL.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = $sys$xp.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = 80xFire.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = 9wGj3pu.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = aawsepersonal.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = acoustic.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = actalert.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = Antivirus2009.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = aolfix.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = auto_antiav.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = av2009.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = AV2009Install.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 16 = bargains.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 17 = ctxma.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 18 = cxma.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 19 = dp-him.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 20 = drg.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 21 = drusearch.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 22 = dwrcc.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 23 = Enternet.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 24 = googledesktop.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 25 = hczudz.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 26 = hotbar.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 27 = ieaksie.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 28 = iglzw32s.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 29 = istactivex.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 30 = janis.com
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 31 = knlwrap.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 32 = MicrosoftAntiSpywareInstall.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 33 = msblast.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 34 = mshss.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 35 = msits.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 36 = msmgt.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 37 = musirc4.71.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 38 = myserver.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 39 = ocxdll.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 40 = optimize.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 41 = penis32.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 42 = root.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 43 = root32.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 44 = secctr.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 45 = sfbar.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 46 = sServer.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 47 = statemgr.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 48 = stmtdlr.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 49 = sup.reg
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 50 = teekids.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 51 = tvm.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 52 = tvtmd.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 53 = updata.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 54 = upssrv.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 55 = view_sex_now.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 56 = whatever.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 57 = wrauclt.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 58 = wstcl.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 59 = wtoolsa.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 60 = wuanclt.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 61 = wuaucrlt.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 62 = wucxt.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 63 = wupdt.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 64 = wuytc.exe
O7 - HKU\e24036_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 65 = zksosx.exe
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\q91718_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\q91718_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\q91718_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\q91718_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = $sys$drv.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = $sys$sonyTimer.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = $sys$sos$sys$.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = $sys$WeLoveMcCOL.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = $sys$xp.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = 80xFire.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = 9wGj3pu.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = aawsepersonal.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = acoustic.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = actalert.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = aolfix.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = bargains.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = ctxma.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = cxma.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = dp-him.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 16 = drg.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 17 = drusearch.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 18 = Enternet.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 19 = googledesktop.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 20 = hczudz.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 21 = hotbar.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 22 = ieaksie.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 23 = iglzw32s.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 24 = istactivex.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 25 = janis.com
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 26 = MicrosoftAntiSpywareInstall.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 27 = msblast.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 28 = mshss.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 29 = msits.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 30 = msmgt.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 31 = myserver.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 32 = ocxdll.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 33 = optimize.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 34 = penis32.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 35 = root.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 36 = root32.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 37 = secctr.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 38 = sfbar.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 39 = sServer.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 40 = statemgr.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 41 = stmtdlr.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 42 = teekids.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 43 = tvm.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 44 = tvtmd.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 45 = updata.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 46 = upssrv.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 47 = view_sex_now.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 48 = whatever.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 49 = wrauclt.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 50 = wstcl.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 51 = wtoolsa.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 52 = wuanclt.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 53 = wuaucrlt.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 54 = wucxt.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 55 = wupdt.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 56 = wuytc.exe
O7 - HKU\q91718_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 57 = zksosx.exe
O7 - HKU\SLuser_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\SLuser_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\SLuser_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\SLuser_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\SLuser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O12 - Plugin for: .NPSSView - C:\Program Files\Seagate Software\Viewers\ActiveXViewer\npssview.dll (Seagate Software)
O15 - HKU\.DEFAULT\..Trusted Domains: ameren.com ([*.dir] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ameren.com ([corp.dir] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ameren.com ([dir] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ameren.com ([scholar] http in Local intranet)
O15 - HKU\e24036_ON_C\..Trusted Domains: ameren.com ([*.dir] * in Trusted sites)
O15 - HKU\e24036_ON_C\..Trusted Domains: ameren.com ([corp.dir] * in Trusted sites)
O15 - HKU\e24036_ON_C\..Trusted Domains: ameren.com ([dir] * in Trusted sites)
O15 - HKU\e24036_ON_C\..Trusted Domains: ameren.com ([scholar] http in Local intranet)
O15 - HKU\q91718_ON_C\..Trusted Domains: ameren.com ([*.dir] * in Trusted sites)
O15 - HKU\q91718_ON_C\..Trusted Domains: ameren.com ([corp.dir] * in Trusted sites)
O15 - HKU\q91718_ON_C\..Trusted Domains: ameren.com ([dir] * in Trusted sites)
O15 - HKU\q91718_ON_C\..Trusted Domains: ameren.com ([scholar] http in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://calnetdev1/Tr...yer/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1047 (SonyOnlineInstallerX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} http://gobcalffd1/fo...iator/jinit.exe (JInitiator 1.3.1.22)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} http://portal-prd/menu/ikcntrls.cab (Ikonic Menu Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.179.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.dir.ameren.com
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 13:08:29 | 000,000,033 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/31 13:08:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.NVD -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2a4b7da7-f3c0-11dd-9793-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4b7da7-f3c0-11dd-9793-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4b7da7-f3c0-11dd-9793-806d6172696f}\Shell\AutoRun\command - "" = D:\Programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{30af7927-ed72-11dd-bd95-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{30af7927-ed72-11dd-bd95-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{30af7927-ed72-11dd-bd95-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/11 21:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2
[2010/11/11 19:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/11 19:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/06 20:18:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\e24036\Desktop\OTL.exe
[2010/11/06 19:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\e24036\Desktop\gmer
[2010/10/24 12:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\e24036\Application Data\KodakCredentialStore
[2009/08/19 13:06:10 | 000,185,936 | ---- | C] (WebEx) -- C:\Documents and Settings\e24036\Application Data\OI31Upd.exe
[2009/08/19 13:06:10 | 000,049,152 | ---- | C] (WebEx) -- C:\Documents and Settings\e24036\Application Data\olkupres.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/11 22:40:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 22:40:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/11 22:40:01 | 000,012,477 | ---- | M] () -- C:\WINDOWS\System32\234.js
[2010/11/11 22:35:51 | 429,379,640 | ---- | M] () -- C:\Documents and Settings\e24036\My Documents\clip0007.avi
[2010/11/11 22:30:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 22:18:44 | 010,371,974 | ---- | M] () -- C:\Documents and Settings\e24036\My Documents\clip0006.avi
[2010/11/11 22:15:02 | 234,504,458 | ---- | M] () -- C:\Documents and Settings\e24036\My Documents\clip0005.avi
[2010/11/11 22:05:25 | 031,822,860 | ---- | M] () -- C:\Documents and Settings\e24036\My Documents\clip0004.avi
[2010/11/11 21:59:14 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/11 21:59:14 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/11 21:54:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/11 21:45:08 | 002,263,086 | ---- | M] () -- C:\Documents and Settings\e24036\My Documents\clip0003.avi
[2010/11/11 21:43:52 | 003,258,134 | ---- | M] () -- C:\Documents and Settings\e24036\My Documents\clip0002.avi
[2010/11/11 21:42:36 | 001,473,984 | ---- | M] () -- C:\Documents and Settings\e24036\My Documents\clip0001.avi
[2010/11/11 21:40:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/11 21:35:38 | 000,751,904 | ---- | M] () -- C:\Documents and Settings\e24036\Desktop\HC2Setup.exe
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/11 20:40:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/11 19:40:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/06 20:18:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\e24036\Desktop\OTL.exe
[2010/11/06 19:32:06 | 000,287,041 | ---- | M] () -- C:\Documents and Settings\e24036\Desktop\gmer.zip
[2010/11/06 17:44:28 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\e24036\Application Data\completescan
[2010/11/06 17:31:08 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\e24036\Application Data\install
[2010/10/21 18:41:45 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\e24036\My Documents\Grace Olson is 11 years old and in the fifth grade.doc
[2010/10/17 15:52:38 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\e24036\My Documents\They made bow and arrow1rev1.doc
[2010/10/17 15:36:07 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\e24036\My Documents\They made bow and arrows.doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/11 22:20:47 | 429,379,640 | ---- | C] () -- C:\Documents and Settings\e24036\My Documents\clip0007.avi
[2010/11/11 22:18:40 | 010,371,974 | ---- | C] () -- C:\Documents and Settings\e24036\My Documents\clip0006.avi
[2010/11/11 22:06:58 | 234,504,458 | ---- | C] () -- C:\Documents and Settings\e24036\My Documents\clip0005.avi
[2010/11/11 22:04:21 | 031,822,860 | ---- | C] () -- C:\Documents and Settings\e24036\My Documents\clip0004.avi
[2010/11/11 21:45:04 | 002,263,086 | ---- | C] () -- C:\Documents and Settings\e24036\My Documents\clip0003.avi
[2010/11/11 21:43:39 | 003,258,134 | ---- | C] () -- C:\Documents and Settings\e24036\My Documents\clip0002.avi
[2010/11/11 21:42:30 | 001,473,984 | ---- | C] () -- C:\Documents and Settings\e24036\My Documents\clip0001.avi
[2010/11/11 21:35:35 | 000,751,904 | ---- | C] () -- C:\Documents and Settings\e24036\Desktop\HC2Setup.exe
[2010/11/11 19:54:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 19:40:01 | 000,012,477 | ---- | C] () -- C:\WINDOWS\System32\234.js
[2010/11/06 19:31:53 | 000,287,041 | ---- | C] () -- C:\Documents and Settings\e24036\Desktop\gmer.zip
[2010/11/06 17:37:49 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\e24036\Application Data\completescan
[2010/11/06 17:31:08 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\e24036\Application Data\install
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/06 17:29:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/06 17:29:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/06 17:29:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/06 17:29:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/06 17:29:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/06 17:29:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/06 17:29:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/21 18:31:26 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\e24036\My Documents\Grace Olson is 11 years old and in the fifth grade.doc
[2010/10/17 15:52:38 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\e24036\My Documents\They made bow and arrow1rev1.doc
[2010/10/17 15:36:06 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\e24036\My Documents\They made bow and arrows.doc
[2010/08/22 13:26:21 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\e24036\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 19:27:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EBMNGR.INI
[2009/08/19 12:57:40 | 000,146,164 | RHS- | C] () -- C:\Documents and Settings\e24036\ntuser.pol
[2009/08/17 13:15:59 | 000,144,600 | RHS- | C] () -- C:\Documents and Settings\q91718\ntuser.pol
[2009/07/31 13:32:02 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2009/07/31 13:16:00 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/31 13:12:08 | 000,000,076 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009/07/31 12:56:57 | 000,002,767 | ---- | C] () -- C:\WINDOWS\System32\DWRCS.ini
[2008/11/24 12:21:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/19 11:34:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\imageinfo.ini
[2008/11/12 12:53:59 | 000,157,008 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2008/11/12 12:53:53 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/11/12 12:20:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4980.dll
[2008/11/05 08:58:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/05 08:53:49 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/09/22 14:47:35 | 000,000,686 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/30 13:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 13:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2005/04/05 04:38:18 | 000,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2004/09/08 11:33:34 | 000,000,150 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2004/07/31 15:15:47 | 000,000,160 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2004/07/31 15:15:24 | 000,118,834 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2004/07/31 15:15:23 | 000,046,700 | ---- | C] () -- C:\WINDOWS\System32\pdfmon.dll
[2004/07/13 04:18:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\ORAODBC.INI
[2004/01/23 02:52:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2002/08/20 09:49:18 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\componentselection.ini
[2002/03/19 08:27:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\gigen.INI
[1999/10/21 11:56:56 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[1999/09/08 18:50:00 | 000,080,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsdlcd.sys
[1999/09/08 18:50:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\dftibm.sys
[1998/01/12 02:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
========== LOP Check ==========
[2009/10/20 19:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e24036\Application Data\ICAClient
[2010/08/22 13:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e24036\Application Data\Skinux
[2010/08/28 13:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\e24036\Application Data\Sony Online Entertainment
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/11 19:40:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/11 21:40:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/11 20:40:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/11 22:40:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/11 21:23:55 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
========== Purity Check ==========
< End of report >
Enum log
23.5M Nov 12 2010 /mnt/sda2/WINDOWS/system32/config/software
4.8M Nov 12 03:40 /mnt/sda2/WINDOWS/system32/config/system
23.4M Oct 21 20:02 /sda2/~/RP424/~SOFTWARE
23.4M Oct 22 20:27 /sda2/~/RP425/~SOFTWARE
23.4M Oct 23 21:00 /sda2/~/RP426/~SOFTWARE
23.4M Oct 24 21:02 /sda2/~/RP427/~SOFTWARE
23.4M Oct 25 21:24 /sda2/~/RP428/~SOFTWARE
23.4M Oct 26 22:25 /sda2/~/RP429/~SOFTWARE
23.4M Oct 27 23:31 /sda2/~/RP430/~SOFTWARE
23.4M Oct 28 23:46 /sda2/~/RP431/~SOFTWARE
23.4M Oct 30 00:57 /sda2/~/RP432/~SOFTWARE
23.4M Oct 31 04:02 /sda2/~/RP433/~SOFTWARE
23.4M Nov 1 04:05 /sda2/~/RP434/~SOFTWARE
23.4M Nov 2 04:06 /sda2/~/RP435/~SOFTWARE
23.4M Nov 3 04:59 /sda2/~/RP436/~SOFTWARE
23.4M Nov 4 05:58 /sda2/~/RP437/~SOFTWARE
23.4M Nov 5 06:57 /sda2/~/RP438/~SOFTWARE
23.4M Nov 6 06:58 /sda2/~/RP439/~SOFTWARE
23.4M Nov 7 00:25 /sda2/~/RP440/~SOFTWARE
23.4M Nov 8 00:50 /sda2/~/RP441/~SOFTWARE
23.4M Nov 9 01:13 /sda2/~/RP442/~SOFTWARE
23.4M Nov 10 03:38 /sda2/~/RP443/~SOFTWARE
23.4M Nov 11 04:26 /sda2/~/RP444/~SOFTWARE
22.1M Aug 14 20:11 /sda2/~/RP355/~SOFTWARE
22.1M Aug 15 20:39 /sda2/~/RP356/~SOFTWARE
22.1M Aug 16 21:28 /sda2/~/RP357/~SOFTWARE
22.1M Aug 17 22:32 /sda2/~/RP358/~SOFTWARE
22.1M Aug 19 00:01 /sda2/~/RP359/~SOFTWARE
22.1M Aug 21 03:53 /sda2/~/RP361/~SOFTWARE
22.1M Aug 22 04:39 /sda2/~/RP362/~SOFTWARE
22.3M Aug 22 18:15 /sda2/~/RP363/~SOFTWARE
22.5M Aug 22 18:15 /sda2/~/RP364/~SOFTWARE
23.4M Aug 22 18:17 /sda2/~/RP365/~SOFTWARE
23.4M Aug 22 18:19 /sda2/~/RP366/~SOFTWARE
23.4M Aug 23 18:24 /sda2/~/RP367/~SOFTWARE
23.4M Aug 24 19:25 /sda2/~/RP368/~SOFTWARE
23.4M Aug 25 20:24 /sda2/~/RP369/~SOFTWARE
23.4M Aug 26 21:09 /sda2/~/RP370/~SOFTWARE
23.4M Aug 27 22:28 /sda2/~/RP371/~SOFTWARE
23.4M Aug 29 01:44 /sda2/~/RP372/~SOFTWARE
23.4M Aug 30 02:03 /sda2/~/RP373/~SOFTWARE
23.4M Aug 31 03:03 /sda2/~/RP374/~SOFTWARE
23.4M Sep 1 03:55 /sda2/~/RP375/~SOFTWARE
23.4M Sep 2 04:55 /sda2/~/RP376/~SOFTWARE
23.4M Sep 3 05:55 /sda2/~/RP377/~SOFTWARE
23.4M Sep 4 05:56 /sda2/~/RP378/~SOFTWARE
23.4M Sep 5 06:55 /sda2/~/RP379/~SOFTWARE
23.4M Sep 6 07:55 /sda2/~/RP380/~SOFTWARE
23.4M Sep 8 09:55 /sda2/~/RP382/~SOFTWARE
23.4M Sep 9 10:54 /sda2/~/RP383/~SOFTWARE
23.4M Sep 10 11:54 /sda2/~/RP384/~SOFTWARE
23.4M Sep 11 12:54 /sda2/~/RP385/~SOFTWARE
23.4M Sep 12 14:21 /sda2/~/RP386/~SOFTWARE
23.4M Sep 13 14:54 /sda2/~/RP387/~SOFTWARE
23.4M Sep 14 15:54 /sda2/~/RP388/~SOFTWARE
23.4M Sep 15 17:26 /sda2/~/RP389/~SOFTWARE
23.4M Sep 16 17:54 /sda2/~/RP390/~SOFTWARE
23.4M Sep 17 18:54 /sda2/~/RP391/~SOFTWARE
23.4M Sep 18 20:11 /sda2/~/RP392/~SOFTWARE
23.4M Sep 19 20:59 /sda2/~/RP393/~SOFTWARE
23.4M Sep 20 21:45 /sda2/~/RP394/~SOFTWARE
23.4M Sep 21 21:54 /sda2/~/RP395/~SOFTWARE
23.4M Sep 22 18:26 /sda2/~/RP396/~SOFTWARE
23.4M Sep 23 18:46 /sda2/~/RP397/~SOFTWARE
23.4M Sep 24 18:52 /sda2/~/RP398/~SOFTWARE
23.4M Sep 25 19:52 /sda2/~/RP399/~SOFTWARE
23.4M Sep 26 21:10 /sda2/~/RP400/~SOFTWARE
23.4M Sep 27 23:20 /sda2/~/RP401/~SOFTWARE
22.1M Aug 20 02:49 /sda2/~/RP360/~SOFTWARE
23.4M Sep 7 08:55 /sda2/~/RP381/~SOFTWARE
23.4M Sep 29 00:38 /sda2/~/RP402/~SOFTWARE
23.4M Oct 20 19:30 /sda2/~/RP423/~SOFTWARE
23.4M Sep 30 00:52 /sda2/~/RP403/~SOFTWARE
23.4M Oct 1 01:51 /sda2/~/RP404/~SOFTWARE
23.4M Oct 2 02:00 /sda2/~/RP405/~SOFTWARE
23.4M Oct 3 03:30 /sda2/~/RP406/~SOFTWARE
23.4M Oct 4 03:51 /sda2/~/RP407/~SOFTWARE
23.4M Oct 5 04:51 /sda2/~/RP408/~SOFTWARE
23.4M Oct 6 05:51 /sda2/~/RP409/~SOFTWARE
23.4M Oct 7 06:51 /sda2/~/RP410/~SOFTWARE
23.4M Oct 8 07:51 /sda2/~/RP411/~SOFTWARE
23.4M Oct 9 08:51 /sda2/~/RP412/~SOFTWARE
23.4M Oct 10 09:51 /sda2/~/RP413/~SOFTWARE
23.4M Oct 11 10:51 /sda2/~/RP414/~SOFTWARE
23.4M Oct 12 11:51 /sda2/~/RP415/~SOFTWARE
23.4M Oct 13 12:51 /sda2/~/RP416/~SOFTWARE
23.4M Oct 14 13:02 /sda2/~/RP417/~SOFTWARE
23.4M Oct 15 14:01 /sda2/~/RP418/~SOFTWARE
23.4M Oct 16 14:50 /sda2/~/RP419/~SOFTWARE
23.4M Oct 17 15:50 /sda2/~/RP420/~SOFTWARE
23.4M Oct 18 17:17 /sda2/~/RP421/~SOFTWARE
23.4M Oct 19 17:50 /sda2/~/RP422/~SOFTWARE
4.7M Oct 21 20:02 /sda2/~/RP424/~SYSTEM
4.7M Oct 22 20:27 /sda2/~/RP425/~SYSTEM
4.7M Oct 23 21:00 /sda2/~/RP426/~SYSTEM
4.7M Oct 24 21:02 /sda2/~/RP427/~SYSTEM
4.7M Oct 25 21:24 /sda2/~/RP428/~SYSTEM
4.7M Oct 26 22:25 /sda2/~/RP429/~SYSTEM
4.7M Oct 27 23:31 /sda2/~/RP430/~SYSTEM
4.7M Oct 28 23:46 /sda2/~/RP431/~SYSTEM
4.7M Oct 30 00:57 /sda2/~/RP432/~SYSTEM
4.7M Oct 31 04:02 /sda2/~/RP433/~SYSTEM
4.7M Nov 1 04:05 /sda2/~/RP434/~SYSTEM
4.7M Nov 2 04:06 /sda2/~/RP435/~SYSTEM
4.7M Nov 3 04:59 /sda2/~/RP436/~SYSTEM
4.7M Nov 4 05:58 /sda2/~/RP437/~SYSTEM
4.7M Nov 5 06:57 /sda2/~/RP438/~SYSTEM
4.7M Nov 6 06:58 /sda2/~/RP439/~SYSTEM
4.7M Nov 7 00:25 /sda2/~/RP440/~SYSTEM
4.7M Nov 8 00:50 /sda2/~/RP441/~SYSTEM
4.7M Nov 9 01:13 /sda2/~/RP442/~SYSTEM
4.7M Nov 10 03:38 /sda2/~/RP443/~SYSTEM
4.7M Nov 11 04:26 /sda2/~/RP444/~SYSTEM
4.6M Aug 14 20:11 /sda2/~/RP355/~SYSTEM
4.6M Aug 15 20:39 /sda2/~/RP356/~SYSTEM
4.6M Aug 16 21:28 /sda2/~/RP357/~SYSTEM
4.6M Aug 17 22:32 /sda2/~/RP358/~SYSTEM
4.6M Aug 19 00:01 /sda2/~/RP359/~SYSTEM
4.6M Aug 21 03:53 /sda2/~/RP361/~SYSTEM
4.6M Aug 22 04:39 /sda2/~/RP362/~SYSTEM
4.6M Aug 22 18:15 /sda2/~/RP363/~SYSTEM
4.6M Aug 22 18:15 /sda2/~/RP364/~SYSTEM
4.6M Aug 22 18:17 /sda2/~/RP365/~SYSTEM
4.6M Aug 22 18:19 /sda2/~/RP366/~SYSTEM
4.6M Aug 23 18:24 /sda2/~/RP367/~SYSTEM
4.6M Aug 24 19:25 /sda2/~/RP368/~SYSTEM
4.6M Aug 25 20:24 /sda2/~/RP369/~SYSTEM
4.7M Aug 26 21:09 /sda2/~/RP370/~SYSTEM
4.7M Aug 27 22:28 /sda2/~/RP371/~SYSTEM
4.7M Aug 29 01:44 /sda2/~/RP372/~SYSTEM
4.7M Aug 30 02:03 /sda2/~/RP373/~SYSTEM
4.7M Aug 31 03:03 /sda2/~/RP374/~SYSTEM
4.7M Sep 1 03:55 /sda2/~/RP375/~SYSTEM
4.7M Sep 2 04:55 /sda2/~/RP376/~SYSTEM
4.7M Sep 3 05:55 /sda2/~/RP377/~SYSTEM
4.7M Sep 4 05:56 /sda2/~/RP378/~SYSTEM
4.7M Sep 5 06:55 /sda2/~/RP379/~SYSTEM
4.7M Sep 6 07:55 /sda2/~/RP380/~SYSTEM
4.7M Sep 8 09:55 /sda2/~/RP382/~SYSTEM
4.7M Sep 9 10:54 /sda2/~/RP383/~SYSTEM
4.7M Sep 10 11:54 /sda2/~/RP384/~SYSTEM
4.7M Sep 11 12:54 /sda2/~/RP385/~SYSTEM
4.7M Sep 12 14:21 /sda2/~/RP386/~SYSTEM
4.7M Sep 13 14:54 /sda2/~/RP387/~SYSTEM
4.7M Sep 14 15:54 /sda2/~/RP388/~SYSTEM
4.7M Sep 15 17:26 /sda2/~/RP389/~SYSTEM
4.7M Sep 16 17:54 /sda2/~/RP390/~SYSTEM
4.7M Sep 17 18:54 /sda2/~/RP391/~SYSTEM
4.7M Sep 18 20:11 /sda2/~/RP392/~SYSTEM
4.7M Sep 19 20:59 /sda2/~/RP393/~SYSTEM
4.7M Sep 20 21:45 /sda2/~/RP394/~SYSTEM
4.7M Sep 21 21:54 /sda2/~/RP395/~SYSTEM
4.7M Sep 22 18:26 /sda2/~/RP396/~SYSTEM
4.7M Sep 23 18:46 /sda2/~/RP397/~SYSTEM
4.7M Sep 24 18:52 /sda2/~/RP398/~SYSTEM
4.7M Sep 25 19:52 /sda2/~/RP399/~SYSTEM
4.7M Sep 26 21:10 /sda2/~/RP400/~SYSTEM
4.7M Sep 27 23:20 /sda2/~/RP401/~SYSTEM
4.6M Aug 20 02:49 /sda2/~/RP360/~SYSTEM
4.7M Sep 7 08:55 /sda2/~/RP381/~SYSTEM
4.7M Sep 29 00:38 /sda2/~/RP402/~SYSTEM
4.7M Oct 20 19:30 /sda2/~/RP423/~SYSTEM
4.7M Sep 30 00:52 /sda2/~/RP403/~SYSTEM
4.7M Oct 1 01:51 /sda2/~/RP404/~SYSTEM
4.7M Oct 2 02:00 /sda2/~/RP405/~SYSTEM
4.7M Oct 3 03:30 /sda2/~/RP406/~SYSTEM
4.7M Oct 4 03:51 /sda2/~/RP407/~SYSTEM
4.7M Oct 5 04:51 /sda2/~/RP408/~SYSTEM
4.7M Oct 6 05:51 /sda2/~/RP409/~SYSTEM
4.7M Oct 7 06:51 /sda2/~/RP410/~SYSTEM
4.7M Oct 8 07:51 /sda2/~/RP411/~SYSTEM
4.7M Oct 9 08:51 /sda2/~/RP412/~SYSTEM
4.7M Oct 10 09:51 /sda2/~/RP413/~SYSTEM
4.7M Oct 11 10:51 /sda2/~/RP414/~SYSTEM
4.7M Oct 12 11:51 /sda2/~/RP415/~SYSTEM
4.7M Oct 13 12:51 /sda2/~/RP416/~SYSTEM
4.7M Oct 14 13:02 /sda2/~/RP417/~SYSTEM
4.7M Oct 15 14:01 /sda2/~/RP418/~SYSTEM
4.7M Oct 16 14:50 /sda2/~/RP419/~SYSTEM
4.7M Oct 17 15:50 /sda2/~/RP420/~SYSTEM
4.7M Oct 18 17:17 /sda2/~/RP421/~SYSTEM
4.7M Oct 19 17:50 /sda2/~/RP422/~SYSTEM
Restore Log
SOFTWARE hive restored from RP441
SYSTEM hive restored from RP441
SECURITY hive restored from RP441
SAM hive restored from RP441
Thanks
Sign In
Create Account
