[code]
OTS logfile created on: 2009-08-01 9:42:37 PM - Run 1
OTS by OldTimer - Version 3.0.10.1     Folder = C:\Documents and Settings\George Zamora\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
 
639.00 Mb Total Physical Memory | 339.05 Mb Available Physical Memory | 53.06% Memory free
1.53 Gb Paging File | 1.23 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 959 1159 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 41.99 Gb Free Space | 75.20% Space Free | Partition Type: NTFS
Drive D: | 370.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: YOYI
Current User Name: George Zamora
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009-07-09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.)
cmdagent.exe -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -> [2009-02-28 13:50:56 | 00,700,152 | ---- | M] ()
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008-04-13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009-07-13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009-07-13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009-02-24 18:28:07 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006-11-03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> C:\WINDOWS\System32\nvsvc32.exe -> [2003-10-06 14:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
ots.exe -> C:\Documents and Settings\George Zamora\Desktop\OTS.exe -> [2009-08-01 21:41:32 | 00,514,560 | ---- | M] (OldTimer Tools)
qttask.exe -> C:\Program Files\QuickTime\QTTask.exe -> [2009-05-26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2008-04-13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009-07-09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004-07-15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(cmdAgent) COMODO Internet Security Helper Service [Win32_Own | Auto | Running] -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -> [2009-02-28 13:50:56 | 00,700,152 | ---- | M] ()
(Diskeeper) Diskeeper [Win32_Own | Disabled | Stopped] -> C:\Program Files\Executive Software\Diskeeper\DkService.exe -> [2003-08-22 02:24:08 | 00,426,098 | ---- | M] (Executive Software International, Inc.)
(DSBrokerService) DSBrokerService [Win32_Own | Disabled | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2007-03-07 15:47:46 | 00,076,848 | ---- | M] ()
(GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008-09-13 15:22:02 | 00,029,744 | ---- | M] (Google)
(gusvc) Google Software Updater [Win32_Own | Auto | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009-03-21 23:23:21 | 00,183,280 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008-04-13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009-07-13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009-02-24 18:28:07 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(NMSSvc) Intel(R) NMS [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\NMSSvc.exe -> [2002-10-10 04:18:36 | 01,118,208 | ---- | M] (Intel Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\nvsvc32.exe -> [2003-10-06 14:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
(WinDefend) Windows Defender [Win32_Own | Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006-10-18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\aeaudio.sys -> [2002-04-01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\aliide.sys -> [2001-08-17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\amdagp.sys -> [2008-04-13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\asc.sys -> [2001-08-17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\asc3550.sys -> [2001-08-17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\BCMSM.sys -> [2003-08-29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation)
(catchme) catchme [Kernel | On_Demand | Running] ->  -> File not found
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\cdr4_xp.sys -> [2006-10-04 21:42:42 | 00,002,432 | ---- | M] (Sonic Solutions)
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\cdralw2k.sys -> [2006-10-04 21:42:42 | 00,002,560 | ---- | M] (Sonic Solutions)
(cdudf_xp) cdudf_xp [File_System | System | Running] -> C:\WINDOWS\System32\drivers\cdudf_xp.sys -> [2002-12-17 12:27:32 | 00,241,152 | ---- | M] (Roxio)
(cmdGuard) COMODO Internet Security Sandbox Driver [File_System | System | Running] -> C:\WINDOWS\System32\DRIVERS\cmdguard.sys -> [2009-02-28 13:50:57 | 00,110,992 | ---- | M] (COMODO)
(cmdHlp) COMODO Internet Security Helper Driver [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -> [2009-02-28 13:50:57 | 00,024,336 | ---- | M] (COMODO)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\cmdide.sys -> [2001-08-17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -> [2001-08-17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006-10-05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -> [2007-02-25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\Dvd_2k.sys -> [2003-04-15 14:22:49 | 00,025,898 | ---- | M] (Roxio)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\e100b325.sys -> [2002-09-19 14:59:50 | 00,139,776 | ---- | M] (Intel Corporation)
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -> [2001-08-17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -> [2009-03-19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.)
(i81x) i81x [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -> [2004-08-04 00:29:36 | 00,161,020 | ---- | M] (Intel(R) Corporation)
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -> [2004-08-04 00:29:37 | 00,012,415 | ---- | M] (Intel(R) Corporation)
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -> [2004-08-04 00:29:37 | 00,012,127 | ---- | M] (Intel(R) Corporation)
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -> [2004-08-04 00:29:37 | 00,011,775 | ---- | M] (Intel(R) Corporation)
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -> [2004-08-04 00:29:47 | 00,012,063 | ---- | M] (Intel(R) Corporation)
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -> [2004-08-04 00:29:49 | 00,019,455 | ---- | M] (Intel(R) Corporation)
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -> [2004-08-04 00:29:41 | 00,029,311 | ---- | M] (Intel(R) Corporation)
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -> [2004-08-04 00:29:42 | 00,019,551 | ---- | M] (Intel(R) Corporation)
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -> [2004-08-04 00:29:43 | 00,033,599 | ---- | M] (Intel(R) Corporation)
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -> [2004-08-04 00:29:45 | 00,023,615 | ---- | M] (Intel(R) Corporation)
(Inspect) COMODO Internet Security Firewall Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\inspect.sys -> [2009-02-28 13:50:57 | 00,080,400 | ---- | M] (COMODO)
(is-I0263drv) is-I0263drv [File_System | System | Running] -> C:\WINDOWS\System32\DRIVERS\76349377.sys -> [2008-07-08 13:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab)
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\Mmc_2k.sys -> [2003-04-15 14:22:49 | 00,030,630 | ---- | M] (Roxio)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\MODEMCSA.sys -> [2001-08-17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\mraid35x.sys -> [2001-08-17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(NMSCFG) NIC Management Service Configuration Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\NMSCFG.SYS -> [2002-10-10 04:18:58 | 00,009,868 | ---- | M] (Intel Corporation)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2003-10-06 14:16:00 | 01,550,043 | ---- | M] (NVIDIA Corporation)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\omci.sys -> [2002-07-19 10:22:08 | 00,017,153 | ---- | M] (Dell Computer Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2002-08-29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(pwd_2k) pwd_2k [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\pwd_2K.sys -> [2003-04-15 14:22:49 | 00,143,834 | ---- | M] (Roxio)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2008-11-20 14:19:06 | 00,043,872 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql1080.sys -> [2001-08-17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql12160.sys -> [2001-08-17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql1280.sys -> [2001-08-17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\RimSerial.sys -> [2006-10-20 10:28:04 | 00,026,368 | R--- | M] (Research in Motion Ltd)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\RootMdm.sys -> [2002-08-29 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007-11-13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sisagp.sys -> [2008-04-13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(smwdm) smwdm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\smwdm.sys -> [2002-12-19 17:48:48 | 00,539,008 | ---- | M] (Analog Devices, Inc.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sparrow.sys -> [2001-08-17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\symc810.sys -> [2001-08-17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\symc8xx.sys -> [2001-08-17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sym_hi.sys -> [2001-08-17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sym_u3.sys -> [2001-08-17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> C:\WINDOWS\System32\drivers\udfreadr_xp.sys -> [2003-04-15 14:22:49 | 00,206,464 | ---- | M] (Roxio)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ultra.sys -> [2001-08-17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(vkquwexg) vkquwexg [Kernel | Unknown | Running] ->  -> File not found
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dellnet.com -> 
HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dellnet.com -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dellnet.com -> 
HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dellnet.com -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\] > -> -> 
HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\: Main\\"Page_Transitions" -> 1 -> 
HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\: Main\\"SearchMigratedDefaultName" -> Live Search -> 
HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\: Main\\"SearchMigratedDefaultURL" -> http://search.msn.com/results.asp?FORM=sCPN&RS=CHECKED&un=doc&v=1&q={searchTerms} -> 
HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009-02-24 18:28:09 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1       localhost
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\] > -> HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"COMODO Internet Security" -> C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ["C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h] -> [2009-02-28 13:50:56 | 01,851,128 | ---- | M] ()
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009-07-13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2003-10-06 14:16:00 | 05,058,560 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009-05-26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006-11-03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\is-I0263.lnk -> C:\Documents and Settings\George Zamora\Desktop\Virus Removal Tool\is-I0263\startup.exe -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Esteban Zamora Startup Folder > -> C:\Documents and Settings\Esteban Zamora\Start Menu\Programs\Startup -> 
< George Zamora Startup Folder > -> C:\Documents and Settings\George Zamora\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006] > -> HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"CDRAutoRun" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"CDRAutoRun" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006] > -> HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006] > -> HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2009-05-01 13:30:36 | 03,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2009-05-01 13:30:36 | 03,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\] > -> HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2009-05-01 13:30:36 | 03,366,912 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\System32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{F4430FE8-2638-42e5-B849-800749B94EED}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\System32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{F4430FE8-2638-42e5-B849-800749B94EED}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\] > -> HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\System32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{F4430FE8-2638-42e5-B849-800749B94EED}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4186 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4198 domain(s) found. -> 
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4198 domain(s) found. -> 
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1092 domain(s) found. -> 
70 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1092 domain(s) found. -> 
70 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\] > -> HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4191 domain(s) found. -> 
www_airliners.net [https] -> Trusted sites -> 
www_cubagenweb.org [https] -> Trusted sites -> 
www_miami-dadeclerk.com [https] -> Trusted sites -> 
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\] > -> HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-4263515935-304759908-2811894833-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{33564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab [Reg Error: Key error.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> https://secure.logmein.com/activex/ractrl.cab?lmi=100 [Performance Viewer Activex Control] -> 
DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab [Reg Error: Key error.] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4D8DEC66-2711-44E8-9364-B26318E017A3}\\DhcpNameServer -> 192.168.1.254 192.168.1.254   (Intel(R) PRO/100 VE Network Connection) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008-04-13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006-11-03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008-04-13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008-04-13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008-04-13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> [2007-01-01 16:22:02 | 03,739,648 | ---- | M] (Google)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009-07-13 14:02:56 | 14,074,656 | ---- | M] (Apple Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2002-09-03 08:59:58 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 2009-02-21 8:50:41 AM Computer Name = YOYI | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2009-02-21 3:06:04 PM Computer Name = YOYI | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2009-02-28 5:04:33 PM Computer Name = YOYI | Source = Application Hang | ID = 1002 -> Description = Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2009-02-28 5:08:35 PM Computer Name = YOYI | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2009-02-28 5:08:39 PM Computer Name = YOYI | Source = Application Hang | ID = 1001 -> Description = Fault bucket 1110235319.
Application [ Error ] 2009-03-29 9:43:07 AM Computer Name = YOYI | Source = ESENT | ID = 490 -> Description = svchost (1152) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
Application [ Error ] 2009-04-20 5:15:39 PM Computer Name = YOYI | Source = Application Error | ID = 1000 -> Description = Faulting application totalvirusprotection.exe, version 1.0.12.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Application [ Error ] 2009-06-08 10:37:35 PM Computer Name = YOYI | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting module acropdf.dll, version 8.1.0.0, fault address 0x00003cc9.
Application [ Error ] 2009-07-18 6:40:32 PM Computer Name = YOYI | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting module mshtml.dll, version 7.0.6000.16850, fault address 0x000d794b.
Application [ Error ] 2009-07-18 6:43:22 PM Computer Name = YOYI | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting module mshtml.dll, version 7.0.6000.16850, fault address 0x000d794b.
System [ Error ] 2009-06-20 10:33:16 PM Computer Name = YOYI | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service gusvc with arguments ""  in order to run the server:  {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
System [ Error ] 2009-06-26 8:49:30 PM Computer Name = YOYI | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service Diskeeper with arguments ""  in order to run the server:  {F12FCA3B-35CB-45F1-845D-8C824C505003}
System [ Error ] 2009-07-12 7:41:34 PM Computer Name = YOYI | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service Diskeeper with arguments ""  in order to run the server:  {F12FCA3B-35CB-45F1-845D-8C824C505003}
System [ Error ] 2009-07-12 7:41:52 PM Computer Name = YOYI | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service Diskeeper with arguments ""  in order to run the server:  {F12FCA3B-35CB-45F1-845D-8C824C505003}
System [ Error ] 2009-08-01 6:02:46 PM Computer Name = YOYI | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
System [ Error ] 2009-08-01 6:07:57 PM Computer Name = YOYI | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
System [ Error ] 2009-08-01 6:11:19 PM Computer Name = YOYI | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
System [ Error ] 2009-08-01 6:33:11 PM Computer Name = YOYI | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
 
[Files/Folders - Created Within 30 Days]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
OTS.exe -> C:\Documents and Settings\George Zamora\Desktop\OTS.exe -> [2009-08-01 21:41:26 | 00,514,560 | ---- | C] (OldTimer Tools)
sfcfiles.dll -> C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll -> [2009-08-01 17:36:19 | 01,614,848 | ---- | C] (Microsoft Corporation)
ntmssvc.dll -> C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll -> [2009-08-01 17:36:19 | 00,435,200 | ---- | C] (Microsoft Corporation)
netlogon.dll -> C:\WINDOWS\System32\dllcache\cache\netlogon.dll -> [2009-08-01 17:36:19 | 00,407,040 | ---- | C] (Microsoft Corporation)
srsvc.dll -> C:\WINDOWS\System32\dllcache\cache\srsvc.dll -> [2009-08-01 17:36:19 | 00,171,008 | ---- | C] (Microsoft Corporation)
rasauto.dll -> C:\WINDOWS\System32\dllcache\cache\rasauto.dll -> [2009-08-01 17:36:19 | 00,088,576 | ---- | C] (Microsoft Corporation)
mshtml.dll -> C:\WINDOWS\System32\dllcache\cache\mshtml.dll -> [2009-08-01 17:36:18 | 03,597,824 | ---- | C] (Microsoft Corporation)
kernel32.dll -> C:\WINDOWS\System32\dllcache\cache\kernel32.dll -> [2009-08-01 17:36:18 | 00,989,696 | ---- | C] (Microsoft Corporation)
mfc40u.dll -> C:\WINDOWS\System32\dllcache\cache\mfc40u.dll -> [2009-08-01 17:36:18 | 00,927,504 | ---- | C] (Microsoft Corporation)
comres.dll -> C:\WINDOWS\System32\dllcache\cache\comres.dll -> [2009-08-01 17:36:18 | 00,792,064 | ---- | C] (Microsoft Corporation)
comctl32.dll -> C:\WINDOWS\System32\dllcache\cache\comctl32.dll -> [2009-08-01 17:36:18 | 00,617,472 | ---- | C] (Microsoft Corporation)
rpcss.dll -> C:\WINDOWS\System32\dllcache\cache\rpcss.dll -> [2009-08-01 17:36:18 | 00,401,408 | ---- | C] (Microsoft Corporation)
termsrv.dll -> C:\WINDOWS\System32\dllcache\cache\termsrv.dll -> [2009-08-01 17:36:18 | 00,295,424 | ---- | C] (Microsoft Corporation)
aec.sys -> C:\WINDOWS\System32\dllcache\cache\aec.sys -> [2009-08-01 17:36:18 | 00,142,592 | ---- | C] (Microsoft Corporation)
imm32.dll -> C:\WINDOWS\System32\dllcache\cache\imm32.dll -> [2009-08-01 17:36:18 | 00,110,080 | ---- | C] (Microsoft Corporation)
spoolsv.exe -> C:\WINDOWS\System32\dllcache\cache\spoolsv.exe -> [2009-08-01 17:36:18 | 00,057,856 | ---- | C] (Microsoft Corporation)
wuauclt.exe -> C:\WINDOWS\System32\dllcache\cache\wuauclt.exe -> [2009-08-01 17:36:18 | 00,051,224 | ---- | C] (Microsoft Corporation)
msgsvc.dll -> C:\WINDOWS\System32\dllcache\cache\msgsvc.dll -> [2009-08-01 17:36:18 | 00,033,792 | ---- | C] (Microsoft Corporation)
userinit.exe -> C:\WINDOWS\System32\dllcache\cache\userinit.exe -> [2009-08-01 17:36:18 | 00,026,112 | ---- | C] (Microsoft Corporation)
kbdclass.sys -> C:\WINDOWS\System32\dllcache\cache\kbdclass.sys -> [2009-08-01 17:36:18 | 00,024,576 | ---- | C] (Microsoft Corporation)
lpk.dll -> C:\WINDOWS\System32\dllcache\cache\lpk.dll -> [2009-08-01 17:36:18 | 00,022,016 | ---- | C] (Microsoft Corporation)
powrprof.dll -> C:\WINDOWS\System32\dllcache\cache\powrprof.dll -> [2009-08-01 17:36:18 | 00,017,408 | ---- | C] (Microsoft Corporation)
ctfmon.exe -> C:\WINDOWS\System32\dllcache\cache\ctfmon.exe -> [2009-08-01 17:36:18 | 00,015,360 | ---- | C] (Microsoft Corporation)
lsass.exe -> C:\WINDOWS\System32\dllcache\cache\lsass.exe -> [2009-08-01 17:36:18 | 00,013,312 | ---- | C] (Microsoft Corporation)
ACPIEC.SYS -> C:\WINDOWS\System32\dllcache\cache\ACPIEC.SYS -> [2009-08-01 17:36:18 | 00,011,648 | ---- | C] (Microsoft Corporation)
sfc.dll -> C:\WINDOWS\System32\dllcache\cache\sfc.dll -> [2009-08-01 17:36:18 | 00,005,120 | ---- | C] (Microsoft Corporation)
BEEP.SYS -> C:\WINDOWS\System32\dllcache\cache\BEEP.SYS -> [2009-08-01 17:36:18 | 00,004,224 | ---- | C] (Microsoft Corporation)
NULL.SYS -> C:\WINDOWS\System32\dllcache\cache\NULL.SYS -> [2009-08-01 17:36:18 | 00,002,944 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe -> [2009-08-01 17:36:17 | 02,189,056 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe -> [2009-08-01 17:36:17 | 02,066,048 | ---- | C] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\System32\dllcache\cache\explorer.exe -> [2009-08-01 17:36:17 | 01,033,728 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\WINDOWS\System32\dllcache\cache\wininet.dll -> [2009-08-01 17:36:17 | 00,827,392 | ---- | C] (Microsoft Corporation)
user32.dll -> C:\WINDOWS\System32\dllcache\cache\user32.dll -> [2009-08-01 17:36:17 | 00,578,560 | ---- | C] (Microsoft Corporation)
winlogon.exe -> C:\WINDOWS\System32\dllcache\cache\winlogon.exe -> [2009-08-01 17:36:17 | 00,507,904 | ---- | C] (Microsoft Corporation)
tcpip.sys -> C:\WINDOWS\System32\dllcache\cache\tcpip.sys -> [2009-08-01 17:36:17 | 00,361,600 | ---- | C] (Microsoft Corporation)
ndis.sys -> C:\WINDOWS\System32\dllcache\cache\ndis.sys -> [2009-08-01 17:36:17 | 00,182,656 | ---- | C] (Microsoft Corporation)
services.exe -> C:\WINDOWS\System32\dllcache\cache\services.exe -> [2009-08-01 17:36:17 | 00,110,592 | ---- | C] (Microsoft Corporation)
ws2_32.dll -> C:\WINDOWS\System32\dllcache\cache\ws2_32.dll -> [2009-08-01 17:36:17 | 00,082,432 | ---- | C] (Microsoft Corporation)
ip6fw.sys -> C:\WINDOWS\System32\dllcache\cache\ip6fw.sys -> [2009-08-01 17:36:17 | 00,036,608 | ---- | C] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\System32\dllcache\cache\svchost.exe -> [2009-08-01 17:36:17 | 00,014,336 | ---- | C] (Microsoft Corporation)
cache -> C:\WINDOWS\System32\dllcache\cache -> [2009-08-01 17:36:17 | 00,000,000 | ---D | C]
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009-08-01 17:00:55 | 00,219,648 | ---- | C] ()
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009-08-01 17:00:55 | 00,031,232 | ---- | C] (NirSoft)
Combo-Fix.exe -> C:\Documents and Settings\George Zamora\Desktop\Combo-Fix.exe -> [2009-08-01 16:56:06 | 03,152,071 | R--- | C] ()
Combo-Fix.exe -> C:\Documents and Settings\George Zamora\My Documents\Combo-Fix.exe -> [2009-08-01 16:52:19 | 03,152,071 | ---- | C] ()
Recent -> C:\Documents and Settings\George Zamora\Recent -> [2009-08-01 10:30:42 | 00,000,000 | RH-D | C]
CCleaner -> C:\Program Files\CCleaner -> [2009-08-01 10:25:30 | 00,000,000 | ---D | C]
Case_Log_7_31_09.xls -> C:\Documents and Settings\George Zamora\Desktop\Case_Log_7_31_09.xls -> [2009-08-01 09:54:53 | 00,797,184 | ---- | C] ()
iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2009-07-29 22:39:48 | 00,002,137 | ---- | C] ()
iPod -> C:\Program Files\iPod -> [2009-07-29 22:37:46 | 00,000,000 | ---D | C]
iTunes -> C:\Program Files\iTunes -> [2009-07-29 22:37:32 | 00,000,000 | ---D | C]
{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009-07-29 22:37:32 | 00,000,000 | ---D | C]
Bonjour -> C:\Program Files\Bonjour -> [2009-07-29 22:36:47 | 00,000,000 | ---D | C]
QuickTime Player.lnk -> C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk -> [2009-07-29 22:35:40 | 00,001,604 | ---- | C] ()
QuickTime -> C:\Program Files\QuickTime -> [2009-07-29 22:34:56 | 00,000,000 | ---D | C]
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009-07-29 22:33:47 | 00,000,284 | ---- | C] ()
Apple -> C:\Documents and Settings\George Zamora\Local Settings\Application Data\Apple -> [2009-07-29 22:33:45 | 00,000,000 | ---D | C]
Apple Software Update -> C:\Program Files\Apple Software Update -> [2009-07-29 22:33:37 | 00,000,000 | ---D | C]
DRVSTORE -> C:\WINDOWS\System32\DRVSTORE -> [2009-07-29 22:33:15 | 00,000,000 | ---D | C]
Apple -> C:\Program Files\Common Files\Apple -> [2009-07-29 22:32:35 | 00,000,000 | ---D | C]
Apple -> C:\Documents and Settings\All Users\Application Data\Apple -> [2009-07-29 22:32:35 | 00,000,000 | ---D | C]
ujst.sys -> C:\WINDOWS\System32\drivers\ujst.sys -> [2009-07-25 10:24:05 | 00,000,000 | ---- | C] ()
claudia.doc -> C:\Documents and Settings\George Zamora\Desktop\claudia.doc -> [2009-07-23 17:54:47 | 00,019,456 | ---- | C] ()
default.motion.judge.mhs.doc -> C:\Documents and Settings\George Zamora\My Documents\default.motion.judge.mhs.doc -> [2009-07-21 17:18:03 | 00,021,504 | ---- | C] ()
guard32.dll -> C:\WINDOWS\System32\guard32.dll -> [2009-02-28 13:51:03 | 00,155,384 | ---- | C] ()
gmer.ini -> C:\WINDOWS\gmer.ini -> [2009-02-01 09:07:45 | 00,000,250 | ---- | C] ()
gmer.dll -> C:\WINDOWS\gmer.dll -> [2009-02-01 09:06:32 | 00,884,736 | ---- | C] ()
DELS3L3.DLL -> C:\WINDOWS\System32\DELS3L3.DLL -> [2008-11-09 18:17:50 | 00,020,594 | ---- | C] ()
ractrlkeyhook.dll -> C:\WINDOWS\System32\ractrlkeyhook.dll -> [2006-11-02 13:28:20 | 00,008,784 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2005-05-21 17:45:26 | 00,000,257 | ---- | C] ()
wsiShared.dll -> C:\WINDOWS\System32\wsiShared.dll -> [2004-07-10 18:55:38 | 00,252,416 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2004-01-08 22:41:32 | 00,000,376 | ---- | C] ()
mcini.ini -> C:\WINDOWS\System32\mcini.ini -> [2004-01-08 20:40:32 | 00,000,174 | ---- | C] ()
nvcod.dll -> C:\WINDOWS\System32\nvcod.dll -> [2003-10-06 14:16:00 | 00,027,136 | ---- | C] ()
MPLAYER.INI -> C:\WINDOWS\MPLAYER.INI -> [2003-08-09 12:42:05 | 00,000,082 | ---- | C] ()
lffpx7.dll -> C:\WINDOWS\System32\lffpx7.dll -> [2003-08-09 12:39:30 | 00,338,944 | ---- | C] ()
LFKODAK.DLL -> C:\WINDOWS\System32\LFKODAK.DLL -> [2003-08-09 12:39:30 | 00,122,880 | ---- | C] ()
ltimg10N.dll -> C:\WINDOWS\System32\ltimg10N.dll -> [2003-08-09 12:39:30 | 00,114,176 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2003-06-22 07:35:03 | 00,000,093 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2003-06-22 07:34:45 | 00,000,002 | ---- | C] ()
SOLANTIC.INI -> C:\WINDOWS\SOLANTIC.INI -> [2003-06-08 15:55:48 | 00,000,094 | ---- | C] ()
CARDLIB.DLL -> C:\WINDOWS\CARDLIB.DLL -> [2003-06-08 15:41:53 | 00,095,152 | R--- | C] ()
MMLIB.DLL -> C:\WINDOWS\MMLIB.DLL -> [2003-06-08 15:41:53 | 00,005,440 | R--- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2003-04-15 14:24:50 | 00,000,061 | ---- | C] ()
QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2003-04-15 14:11:57 | 00,000,599 | ---- | C] ()
intuprof.ini -> C:\WINDOWS\intuprof.ini -> [2003-04-15 14:11:57 | 00,000,052 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2003-04-15 14:06:36 | 00,000,831 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2003-04-15 13:47:18 | 00,000,549 | ---- | C] ()
WIN.INI -> C:\WINDOWS\WIN.INI -> [2002-09-03 08:59:58 | 00,000,759 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2002-09-03 08:50:58 | 00,000,261 | ---- | C] ()
jjtzuap.dll -> C:\WINDOWS\System32\jjtzuap.dll -> [2002-08-29 05:00:00 | 00,105,984 | ---- | C] ()
NMSInst.dll -> C:\WINDOWS\System32\NMSInst.dll -> [2002-02-06 09:04:14 | 00,065,536 | ---- | C] ()
PROInst.dll -> C:\WINDOWS\System32\PROInst.dll -> [2002-01-21 14:17:18 | 00,065,536 | ---- | C] ()
MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999-01-22 13:46:58 | 00,065,536 | ---- | C] ()
REGOBJ.DLL -> C:\WINDOWS\System32\REGOBJ.DLL -> [1998-01-12 03:00:00 | 00,040,448 | ---- | C] ()
vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [1997-11-10 15:18:48 | 00,010,240 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
1 C:\*.tmp files -> C:\*.tmp -> 
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
fidbox.dat -> C:\WINDOWS\System32\drivers\fidbox.dat -> [2009-08-01 21:41:37 | 46,220,7008 | -HS- | M] ()
OTS.exe -> C:\Documents and Settings\George Zamora\Desktop\OTS.exe -> [2009-08-01 21:41:32 | 00,514,560 | ---- | M] (OldTimer Tools)
Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2009-08-01 20:20:21 | 00,000,868 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009-08-01 17:33:27 | 00,000,261 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\ETC\hosts -> [2009-08-01 17:33:00 | 00,000,027 | ---- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2009-08-01 17:15:54 | 00,000,330 | -H-- | M] ()
Perflib_Perfdata_780.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_780.dat -> [2009-08-01 17:13:03 | 00,016,384 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009-08-01 17:12:51 | 00,000,006 | -H-- | M] ()
BOOTSTAT.DAT -> C:\WINDOWS\BOOTSTAT.DAT -> [2009-08-01 17:12:47 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009-08-01 17:12:45 | 67,011,3792 | -HS- | M] ()
fidbox.idx -> C:\WINDOWS\System32\drivers\fidbox.idx -> [2009-08-01 17:11:59 | 05,409,020 | -HS- | M] ()
NTUSER.DAT -> C:\Documents and Settings\George Zamora\NTUSER.DAT -> [2009-08-01 17:11:48 | 07,864,320 | -H-- | M] ()
NTUSER.INI -> C:\Documents and Settings\George Zamora\NTUSER.INI -> [2009-08-01 17:11:48 | 00,000,278 | -HS- | M] ()
Combo-Fix.exe -> C:\Documents and Settings\George Zamora\Desktop\Combo-Fix.exe -> [2009-08-01 16:56:07 | 03,152,071 | R--- | M] ()
Combo-Fix.exe -> C:\Documents and Settings\George Zamora\My Documents\Combo-Fix.exe -> [2009-08-01 16:52:20 | 03,152,071 | ---- | M] ()
Case_Log_7_31_09.xls -> C:\Documents and Settings\George Zamora\Desktop\Case_Log_7_31_09.xls -> [2009-08-01 13:53:17 | 00,797,184 | ---- | M] ()
Microsoft Word.lnk -> C:\Documents and Settings\George Zamora\Desktop\Microsoft Word.lnk -> [2009-08-01 13:17:20 | 00,002,473 | ---- | M] ()
WPA.DBL -> C:\WINDOWS\System32\WPA.DBL -> [2009-07-31 18:19:10 | 00,001,170 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009-07-30 21:20:34 | 00,005,483 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009-07-30 21:20:34 | 00,004,232 | ---- | M] ()
iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2009-07-29 22:46:17 | 00,002,137 | ---- | M] ()
QuickTime Player.lnk -> C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk -> [2009-07-29 22:35:40 | 00,001,604 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009-07-29 22:33:47 | 00,000,284 | ---- | M] ()
mhs.bill.xls -> C:\Documents and Settings\George Zamora\Desktop\mhs.bill.xls -> [2009-07-29 18:48:53 | 00,794,112 | ---- | M] ()
kass.bills.xls -> C:\Documents and Settings\George Zamora\Desktop\kass.bills.xls -> [2009-07-27 19:01:54 | 00,839,680 | ---- | M] ()
ujst.sys -> C:\WINDOWS\System32\drivers\ujst.sys -> [2009-07-25 10:24:05 | 00,000,000 | ---- | M] ()
claudia.doc -> C:\Documents and Settings\George Zamora\Desktop\claudia.doc -> [2009-07-23 17:54:48 | 00,019,456 | ---- | M] ()
default.motion.judge.mhs.doc -> C:\Documents and Settings\George Zamora\My Documents\default.motion.judge.mhs.doc -> [2009-07-21 17:39:27 | 00,021,504 | ---- | M] ()
judgment.doc -> C:\Documents and Settings\George Zamora\My Documents\judgment.doc -> [2009-07-21 17:10:41 | 00,027,648 | ---- | M] ()
mshtml.dll -> C:\WINDOWS\System32\mshtml.dll -> [2009-07-19 08:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation)
mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2009-07-19 08:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation)
mshtml.dll -> C:\WINDOWS\System32\dllcache\cache\mshtml.dll -> [2009-07-19 08:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation)
ieframe.dll -> C:\WINDOWS\System32\ieframe.dll -> [2009-07-19 08:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation)
ieframe.dll -> C:\WINDOWS\System32\dllcache\ieframe.dll -> [2009-07-19 08:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation)
default.motion.judge.mw.doc -> C:\Documents and Settings\George Zamora\My Documents\default.motion.judge.mw.doc -> [2009-07-16 19:56:10 | 00,023,040 | ---- | M] ()
Original Documents Log.doc -> C:\Documents and Settings\George Zamora\Desktop\Original Documents Log.doc -> [2009-07-14 18:57:49 | 00,019,456 | ---- | M] ()
reyes.chk.list.xls -> C:\Documents and Settings\George Zamora\Desktop\reyes.chk.list.xls -> [2009-07-13 20:37:21 | 00,790,528 | ---- | M] ()
default.motion.judge.be.doc -> C:\Documents and Settings\George Zamora\My Documents\default.motion.judge.be.doc -> [2009-07-13 20:33:56 | 00,021,504 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009-07-13 05:48:54 | 00,219,648 | ---- | M] ()
MRT.exe -> C:\WINDOWS\System32\MRT.exe -> [2009-07-07 10:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation)
 
[File - Lop Check]
Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2008-08-01 23:58:01 | 00,000,000 | RH-D | M]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009-07-29 22:37:32 | 00,000,000 | RH-D | M]
_comodo_ -> C:\Documents and Settings\All Users\Application Data\_comodo_ -> [2009-02-16 12:29:36 | 00,000,000 | ---D | M]
{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009-07-29 22:38:26 | 00,000,000 | ---D | M]
Dell -> C:\Documents and Settings\All Users\Application Data\Dell -> [2005-05-22 04:25:19 | 00,000,000 | ---D | M]
MSN6 -> C:\Documents and Settings\All Users\Application Data\MSN6 -> [2003-06-01 11:40:49 | 00,000,000 | ---D | M]
MumboJumbo -> C:\Documents and Settings\All Users\Application Data\MumboJumbo -> [2005-12-08 23:38:34 | 00,000,000 | ---D | M]
Napster -> C:\Documents and Settings\All Users\Application Data\Napster -> [2004-07-05 16:16:16 | 00,000,000 | ---D | M]
PopCap -> C:\Documents and Settings\All Users\Application Data\PopCap -> [2008-08-30 19:06:57 | 00,000,000 | ---D | M]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2003-04-15 14:07:45 | 00,000,000 | ---D | M]
SBT -> C:\Documents and Settings\All Users\Application Data\SBT -> [2004-01-08 22:46:02 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2007-11-24 10:58:08 | 00,000,000 | ---D | M]
Trymedia -> C:\Documents and Settings\All Users\Application Data\Trymedia -> [2008-01-17 19:37:53 | 00,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2009-02-24 18:32:37 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Default User\Application Data -> [2008-08-01 23:58:01 | 00,000,000 | RH-D | M]
Application Data -> C:\Documents and Settings\Esteban Zamora\Application Data -> [2005-06-26 15:07:54 | 00,000,000 | RH-D | M]
Application Data -> C:\Documents and Settings\George Zamora\Application Data -> [2009-06-17 19:37:53 | 00,000,000 | RH-D | M]
Blackberry Desktop -> C:\Documents and Settings\George Zamora\Application Data\Blackberry Desktop -> [2008-01-21 20:11:25 | 00,000,000 | ---D | M]
Corel -> C:\Documents and Settings\George Zamora\Application Data\Corel -> [2003-06-10 00:02:55 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\George Zamora\Application Data\CyberLink -> [2004-12-06 21:39:17 | 00,000,000 | ---D | M]
diag -> C:\Documents and Settings\George Zamora\Application Data\diag -> [2009-06-17 19:37:55 | 00,000,000 | ---D | M]
FUJIFILM -> C:\Documents and Settings\George Zamora\Application Data\FUJIFILM -> [2007-09-13 19:01:49 | 00,000,000 | ---D | M]
Leadertech -> C:\Documents and Settings\George Zamora\Application Data\Leadertech -> [2004-02-25 13:58:41 | 00,000,000 | ---D | M]
Move Networks -> C:\Documents and Settings\George Zamora\Application Data\Move Networks -> [2008-08-14 18:46:50 | 00,000,000 | ---D | M]
MSN6 -> C:\Documents and Settings\George Zamora\Application Data\MSN6 -> [2004-01-05 20:12:30 | 00,000,000 | ---D | M]
Research In Motion -> C:\Documents and Settings\George Zamora\Application Data\Research In Motion -> [2008-01-21 20:12:53 | 00,000,000 | ---D | M]
Roxio -> C:\Documents and Settings\George Zamora\Application Data\Roxio -> [2004-07-05 16:14:48 | 00,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\George Zamora\Application Data\Viewpoint -> [2007-12-19 19:57:31 | 00,000,000 | ---D | M]
wsInspector -> C:\Documents and Settings\George Zamora\Application Data\wsInspector -> [2009-07-12 21:59:35 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2005-11-20 13:02:43 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2008-11-14 21:36:42 | 00,000,000 | ---D | M]
jskncaso -> C:\Documents and Settings\NetworkService\Application Data\jskncaso -> [2008-11-14 21:36:42 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009-08-01 20:20:20 | 00,000,000 | --SD | M]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2009-07-29 22:33:47 | 00,000,284 | ---- | M] ()
DESKTOP.INI -> C:\WINDOWS\Tasks\DESKTOP.INI -> [2002-08-29 05:00:00 | 00,000,065 | RH-- | M] ()
Google Software Updater.job -> C:\WINDOWS\Tasks\Google Software Updater.job -> [2009-08-01 20:20:21 | 00,000,868 | ---- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2009-08-01 17:15:54 | 00,000,330 | -H-- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009-08-01 17:12:51 | 00,000,006 | -H-- | M] ()
 
[File - Purity Scan]
 
 
[Alternate Data Streams]
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F0D660C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918DBCA9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B34A7CD6
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
< End of report >
[/code]