[code] OTS logfile created on: 08/09/2009 23:32:30 - Run 1 OTS by OldTimer - Version 3.0.12.0 Folder = C:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 510.80 Mb Total Physical Memory | 152.79 Mb Available Physical Memory | 29.91% Memory free 1.22 Gb Paging File | 0.78 Gb Available in Paging File | 64.18% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 28.27 Gb Free Space | 75.86% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 22.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNERXP-B6DA981 Current User Name: main Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] 00thotkey.exe -> C:\WINDOWS\System32\00THotkey.exe -> [2002/01/30 16:57:34 | 00,249,856 | ---- | M] (TOSHIBA Corp.) belkinwcui.exe -> C:\Program Files\Belkin\F5D9010\Belkinwcui.exe -> [2006/03/14 17:52:24 | 01,585,152 | ---- | M] (Belkin) em_exec.exe -> C:\Program Files\MouseWare\system\EM_EXEC.EXE -> [2001/12/03 10:42:00 | 00,035,328 | ---- | M] (Logitech Inc. ) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) ots.exe -> C:\OTS.exe -> [2009/09/08 22:49:01 | 00,516,096 | ---- | M] (OldTimer Tools) pctsauxs.exe -> C:\Program Files\Spyware Doctor\pctsAuxs.exe -> [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) pctssvc.exe -> C:\Program Files\Spyware Doctor\pctsSvc.exe -> [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) pctstray.exe -> C:\Program Files\Spyware Doctor\pctsTray.exe -> [2009/07/22 22:44:50 | 01,181,064 | ---- | M] (PC Tools) regmech.exe -> C:\Program Files\Registry Mechanic\RegMech.exe -> [2009/06/30 11:00:02 | 02,836,376 | ---- | M] (PC Tools) s3hotkey.exe -> C:\WINDOWS\System32\s3hotkey.exe -> [2002/09/19 09:49:40 | 00,031,232 | ---- | M] (S3 Graphics, Inc.) soffice.bin -> C:\Program Files\OpenOffice.org 3\program\soffice.bin -> [2008/09/30 18:46:18 | 07,418,368 | ---- | M] (OpenOffice.org) soffice.exe -> C:\Program Files\OpenOffice.org 3\program\soffice.exe -> [2008/09/30 18:46:12 | 07,424,000 | ---- | M] (OpenOffice.org) sxgtkbar.exe -> C:\WINDOWS\System32\SxgTkBar.exe -> [2001/07/11 10:29:00 | 00,053,248 | ---- | M] (YAMAHA COROPRATION) tfncky.exe -> C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe -> [2002/01/08 18:00:32 | 00,135,168 | ---- | M] (TOSHIBA Corporation) tfnf5.exe -> C:\WINDOWS\System32\TFNF5.exe -> [2001/08/03 18:08:28 | 00,073,728 | ---- | M] (Toshiba Corp.) tmeejme.exe -> C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE -> [2002/02/05 10:30:10 | 00,065,536 | ---- | M] (TOSHIBA) tmerzctl.exe -> C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE -> [2002/02/04 17:54:48 | 00,077,824 | ---- | M] (TOSHIBA) tmesbs32.exe -> C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE -> [2002/02/21 21:54:32 | 00,073,728 | ---- | M] (TOSHIBA Corporation) tmesbs32.exe -> C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -> [2002/02/21 21:54:32 | 00,073,728 | ---- | M] (TOSHIBA Corporation) tmesrv31.exe -> C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -> [2002/02/21 15:56:20 | 00,118,784 | ---- | M] (TOSHIBA) tosa2dp.exe -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe -> [2006/04/07 18:36:46 | 00,290,816 | ---- | M] (TOSHIBA CORPORATION.) tosbtmng.exe -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> [2006/04/07 17:37:32 | 01,773,568 | ---- | M] (TOSHIBA CORPORATION.) tpwrtray.exe -> C:\WINDOWS\System32\TPWRTRAY.EXE -> [2002/01/31 11:00:22 | 00,196,608 | ---- | M] (TOSHIBA Corporation) uphclean.exe -> C:\Program Files\UPHClean\uphclean.exe -> [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) wcenter.exe -> C:\WINDOWS\System32\wcenter.exe -> [2009/09/08 23:15:52 | 00,385,024 | ---- | M] () wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 11:15:13 | 00,227,840 | ---- | M] (Microsoft Corporation) wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2008/04/14 05:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) (gusvc) Google Software Updater [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/07/22 09:08:24 | 00,190,448 | ---- | M] (Google) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> -> File not found (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) (Irmon) Infrared Monitor [Win32_Shared | Auto | Running] -> C:\WINDOWS\System32\irmon.dll -> [2008/04/14 06:41:56 | 00,028,160 | ---- | M] (Microsoft Corporation) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/07 10:29:50 | 01,029,456 | ---- | M] (Lavasoft) (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) (npggsvc) nProtect GameGuard Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\System32\GameMon.des -> [2009/03/16 20:37:00 | 02,849,844 | ---- | M] (INCA Internet Co., Ltd.) (sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> C:\Program Files\Spyware Doctor\pctsAuxs.exe -> [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) (sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> C:\Program Files\Spyware Doctor\pctsSvc.exe -> [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) (Tmesbs) Tmesbs32 [Win32_Own | Auto | Running] -> C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -> [2002/02/21 21:54:32 | 00,073,728 | ---- | M] (TOSHIBA Corporation) (Tmesrv) Tmesrv3 [Win32_Own | Auto | Running] -> C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -> [2002/02/21 15:56:20 | 00,118,784 | ---- | M] (TOSHIBA) (UPHClean) User Profile Hive Cleanup [Win32_Own | Auto | Running] -> C:\Program Files\UPHClean\uphclean.exe -> [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\ac97intc.sys -> [2001/08/17 13:20:04 | 00,096,256 | ---- | M] (Intel Corporation) (AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\AegisP.sys -> [2008/12/23 17:54:02 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) (BlueletAudio) Bluetooth Audio Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -> [2005/05/31 16:40:20 | 00,020,480 | ---- | M] (IVT Corporation) (BT) Bluetooth PAN Network Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -> [2005/04/30 15:48:58 | 00,010,804 | ---- | M] (IVT Corporation) (Btcsrusb) Bluetooth USB For Bluetooth Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\btcusb.sys -> [2005/05/31 10:42:28 | 00,023,000 | ---- | M] (IVT Corporation) (BTHidEnum) Bluetooth HID Enumerator [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\vbtenum.sys -> [2005/04/30 15:50:20 | 00,011,860 | ---- | M] () (BTHidMgr) Bluetooth HID Manager Service [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\Drivers\BTHidMgr.sys -> [2005/04/30 15:50:10 | 00,028,271 | ---- | M] (IVT Corporation) (catchme) catchme [Kernel | On_Demand | Running] -> -> File not found (E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\e100b325.sys -> [2007/11/16 10:55:00 | 00,165,496 | ---- | M] (Intel Corporation) (GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Belkin\F5D9010\GTNDIS5.sys -> [2003/09/25 23:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -> [2008/12/13 11:26:38 | 00,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) (hwusbfake) Huawei DataCard USB Fake [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ewusbfake.sys -> [2008/12/30 11:55:20 | 00,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) (l8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys -> [2001/11/30 10:42:00 | 00,050,990 | ---- | M] (Logitech) (Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2009/09/07 10:30:12 | 00,064,160 | ---- | M] (Lavasoft AB) (LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys -> [2001/11/30 10:42:00 | 00,022,206 | ---- | M] (Logitech) (LKbdFlt2) Logitech Keyboard Class Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys -> [2001/11/30 10:42:00 | 00,005,838 | ---- | M] (Logitech) (LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys -> [2001/11/30 10:42:00 | 00,067,694 | ---- | M] (Logitech) (mdvrmng) Mobile IP Route Manager [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\mdvrmng.sys -> [2007/05/28 17:00:22 | 00,010,240 | ---- | M] () (NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\npptNT2.sys -> [2005/01/01 01:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) (PCTCore) PCTools KDS [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\PCTCore.sys -> [2009/09/06 00:08:04 | 00,206,256 | ---- | M] (PC Tools) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2007/07/27 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2008/04/08 00:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) (ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\RootMdm.sys -> [2007/07/27 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) (RT61) Belkin Wireless G Plus MIMO [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\RT61.sys -> [2005/08/27 00:39:08 | 00,352,768 | ---- | M] (Ralink Technology Inc.) (S3SSavage) S3SSavage [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\s3ssavm.sys -> [2002/11/28 13:58:44 | 00,122,240 | ---- | M] (S3 Graphics, Inc.) (SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2009/09/04 14:50:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2009/09/04 14:50:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -> [2009/09/04 14:49:58 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (SMCIRDA) SMSC IrCC Miniport Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\smcirda.sys -> [2004/12/09 10:54:12 | 00,046,592 | ---- | M] (SMSC) (SOFTXG) YAMAHA XG WDM SoftSynthesizer [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\sxgxgwdm.sys -> [2001/07/09 16:20:38 | 00,967,040 | ---- | M] (YAMAHA CORPORATION) (TBiosDrv) TBiosDrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\Tbiosdrv.sys -> [2002/01/24 15:43:40 | 00,006,528 | ---- | M] () (TMEI3E) TMEI3E [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\TMEI3E.SYS -> [2002/01/08 15:44:48 | 00,005,802 | ---- | M] (Toshiba Corporation) (TOSHIBASoftModem) TOSHIBA Software Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\LTSM.sys -> [2001/09/26 21:34:32 | 00,799,816 | R--- | M] (LT) (toshidpt) TOSHIBA Bluetooth HID port driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\Toshidpt.sys -> [2005/07/11 19:58:56 | 00,003,712 | ---- | M] (TOSHIBA Corporation.) (tosporte) Bluetooth Port Driver from Toshiba [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\tosporte.sys -> [2006/02/10 12:17:46 | 00,047,488 | ---- | M] (TOSHIBA Corporation) (Tosrfbd) Bluetooth RFBUS from TOSHIBA [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\tosrfbd.sys -> [2006/04/13 21:00:28 | 00,108,928 | ---- | M] (TOSHIBA CORPORATION) (Tosrfbnp) Bluetooth RFBNEP from TOSHIBA [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\tosrfbnp.sys -> [2006/03/16 11:45:12 | 00,037,632 | ---- | M] (TOSHIBA Corporation) (Tosrfcom) Bluetooth RFCOMM from TOSHIBA [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\tosrfcom.sys -> [2005/08/01 17:45:08 | 00,064,896 | ---- | M] (TOSHIBA Corporation) (tosrfec) Bluetooth ACPI from TOSHIBA [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\tosrfec.sys -> [2005/09/09 15:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) (Tosrfhid) Bluetooth RFHID from TOSHIBA [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys -> [2006/02/08 18:33:34 | 00,062,848 | ---- | M] (TOSHIBA Corporation.) (tosrfnds) Bluetooth Personal Area Network from TOSHIBA [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\tosrfnds.sys -> [2005/01/06 14:42:42 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) (TosRfSnd) Bluetooth Audio Device (WDM) from TOSHIBA [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\TosRfSnd.sys -> [2006/03/15 11:52:40 | 00,052,864 | ---- | M] (TOSHIBA Corporation) (Tosrfusb) Bluetooth USB Controller [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\tosrfusb.sys -> [2006/02/24 02:37:00 | 00,040,192 | ---- | M] (TOSHIBA CORPORATION) (tsdhd) TOSHIBA SD Card Host Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\tsdhd.sys -> [2002/01/07 02:02:04 | 00,022,928 | ---- | M] (TOSHIBA Corporation) (TVALD) Toshiba ACPI-Based Value Added Logical Device Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\TVALD.SYS -> [2001/08/17 15:23:58 | 00,005,264 | ---- | M] (Toshiba Corporation) (TVALG) Toshiba Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\TVALG.SYS -> [2001/09/13 20:53:02 | 00,005,936 | ---- | M] (TOSHIBA Corporation) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\usbaudio.sys -> [2008/04/14 01:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) (VComm) Virtual Serial port driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\VComm.sys -> [2004/10/19 14:37:38 | 00,061,312 | ---- | M] (IVT Corporation) (VcommMgr) Bluetooth VComm Manager Service [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\VcommMgr.sys -> [2005/03/25 18:18:48 | 00,082,148 | ---- | M] (IVT Corporation) (vkquwexg) vkquwexg [Kernel | Unknown | Running] -> -> File not found (WDM_YAMAHAAC97) YAMAHA AC-XG Audio Device [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\yacxg.sys -> [2002/07/19 14:24:42 | 01,099,264 | ---- | M] (YAMAHA CORPORATION) (wlags48b) Agere Wireless PCCard Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wlags48b.sys -> [2006/08/15 17:03:14 | 00,171,520 | ---- | M] (Agere Systems) (ZDPSp50) ZDPSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\ZDPSp50.sys -> [2004/10/25 14:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: SearchURL\g\\"" -> http://www.google.com/search?q=%s -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: SearchURL\g\\"" -> http://www.google.com/search?q=%s -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.google.com/ -> HKEY_USERS\S-1-5-19\: SearchURL\g\\"" -> http://www.google.com/search?q=%s -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.google.com/ -> HKEY_USERS\S-1-5-20\: SearchURL\g\\"" -> http://www.google.com/search?q=%s -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\] > -> -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\: Main\\"Start Page" -> http://www.google.co.uk/ -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\: SearchURL\g\\"" -> http://www.google.com/search?q=%s -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\] > -> -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\: Main\\"Start Page" -> about:blank -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\: SearchURL\g\\"" -> http://www.google.com/search?q=%s -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\: URLSearchHooks\\"" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\: "ProxyEnable" -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{C3E52329-AA9D-4B41-B930-96EFF0B5E38E} -> C:\DOCUMENTS AND SETTINGS\MAIN\LOCAL SETTINGS\APPLICATION DATA\{C3E52329-AA9D-4B41-B930-96EFF0B5E38E} [C:\DOCUMENTS AND SETTINGS\MAIN\LOCAL SETTINGS\APPLICATION DATA\{C3E52329-AA9D-4B41-B930-96EFF0B5E38E}] -> [2009/05/26 16:51:47 | 00,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/09/04 15:16:31 | 00,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> < HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 22:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated) {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> [RealPlayer Download and Record Plugin for Internet Explorer] -> File not found {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> [Google Toolbar Helper] -> File not found {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/07/22 09:08:30 | 00,668,656 | ---- | M] (Google Inc.) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/09 05:18:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> [&Google] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "000StTHK" -> C:\WINDOWS\System32\000StTHK.exe [000StTHK.exe] -> [2001/06/23 21:28:06 | 00,024,576 | ---- | M] () "00THotkey" -> C:\WINDOWS\System32\00THotkey.exe [C:\WINDOWS\system32\00THotkey.exe] -> [2002/01/30 16:57:34 | 00,249,856 | ---- | M] (TOSHIBA Corp.) "Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2008/06/12 03:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) "Ad-Watch" -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] -> [2009/09/07 10:29:52 | 00,520,024 | ---- | M] (Lavasoft) "EM_EXEC" -> C:\Program Files\MouseWare\system\EM_EXEC.EXE [C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE] -> [2001/12/03 10:42:00 | 00,035,328 | ---- | M] (Logitech Inc. ) "F5D9010" -> C:\Program Files\Belkin\F5D9010\Belkinwcui.exe [C:\Program Files\Belkin\F5D9010\Belkinwcui.exe] -> [2006/03/14 17:52:24 | 01,585,152 | ---- | M] (Belkin) "ISTray" -> C:\Program Files\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> [2009/07/22 22:44:50 | 01,181,064 | ---- | M] (PC Tools) "S3Hotkey" -> C:\WINDOWS\System32\s3hotkey.exe [s3hotkey.exe] -> [2002/09/19 09:49:40 | 00,031,232 | ---- | M] (S3 Graphics, Inc.) "SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) "SxgTkBar" -> C:\WINDOWS\System32\Sxgtkbar.exe [SxgTkBar.exe] -> [2001/07/11 10:29:00 | 00,053,248 | ---- | M] (YAMAHA COROPRATION) "TFncKy" -> [TFncKy.exe /Type 02] -> File not found "TFNF5" -> C:\WINDOWS\System32\TFNF5.exe [TFNF5.exe] -> [2001/08/03 18:08:28 | 00,073,728 | ---- | M] (Toshiba Corp.) "TMEEJME.EXE" -> C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE [C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE] -> [2002/02/05 10:30:10 | 00,065,536 | ---- | M] (TOSHIBA) "TMERzCtl.EXE" -> C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service] -> [2002/02/04 17:54:48 | 00,077,824 | ---- | M] (TOSHIBA) "TMESBS.EXE" -> C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE [C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client] -> [2002/02/21 21:54:32 | 00,073,728 | ---- | M] (TOSHIBA Corporation) "TMESRV.EXE" -> C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon] -> [2002/02/21 15:56:20 | 00,118,784 | ---- | M] (TOSHIBA) "Tpwrtray" -> C:\WINDOWS\System32\TPWRTRAY.EXE [TPWRTRAY.EXE] -> [2002/01/31 11:00:22 | 00,196,608 | ---- | M] (TOSHIBA Corporation) < RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "nltide_2" -> [regsvr32 /s /n /i:U shell32] -> File not found "nltide_3" -> C:\WINDOWS\System32\advpack.dll [rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N] -> [2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "nltide_2" -> [regsvr32 /s /n /i:U shell32] -> File not found "nltide_3" -> C:\WINDOWS\System32\advpack.dll [rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N] -> [2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "RegistryMechanic" -> C:\Program Files\Registry Mechanic\RegMech.exe [C:\Program Files\Registry Mechanic\RegMech.exe /H] -> [2009/06/30 11:00:02 | 02,836,376 | ---- | M] (PC Tools) "swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/07/22 09:08:30 | 00,039,408 | ---- | M] (Google Inc.) < RunOnce [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "Shockwave Updater" -> C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 ( [C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.underdog.be/skybolter/sky640480_loader.html"] -> File not found < WinNT Load [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> *load* -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> C:\DOCUME~1\Owner\LOCALS~1\netdetect.exe -> C:\Documents and Settings\Owner\Local Settings\netdetect.exe -> [2009/01/11 10:38:44 | 00,014,336 | R-S- | M] () *MultiFile Done* -> -> < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> [2006/04/07 17:37:32 | 01,773,568 | ---- | M] (TOSHIBA CORPORATION.) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PC Health.lnk -> C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs -> [2001/12/06 15:10:12 | 00,002,126 | ---- | M] () < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> < main Startup Folder > -> C:\Documents and Settings\main\Start Menu\Programs\Startup -> C:\Documents and Settings\main\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2008/09/12 18:49:52 | 00,384,000 | ---- | M] () < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2008/09/12 18:49:52 | 00,384,000 | ---- | M] () C:\Documents and Settings\Owner\Start Menu\Programs\Startup\StarOffice 8.lnk -> C:\Program Files\Sun\StarOffice 8\program\quickstart.exe -> [2007/02/02 18:55:10 | 00,122,880 | ---- | M] () < Software Policy Settings [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HonorAutoRunSetting" -> [1] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"DisableRegistryTools" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"ForceClassicControlPanel" -> [1] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"ForceClassicControlPanel" -> [1] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"ForceClassicControlPanel" -> [1] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"ForceClassicControlPanel" -> [1] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"ForceClassicControlPanel" -> [1] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableTaskMgr" -> [1] -> File not found \\"DisableRegistryTools" -> [1] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2008/11/17 21:04:25 | 02,306,113 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2008/11/17 21:04:25 | 02,306,113 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> &ieSpell Options -> C:\Program Files\ieSpell\iespell.dll [res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM] -> File not found &Search -> [http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm491YYGB] -> File not found Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2008/11/17 21:04:25 | 02,306,113 | ---- | M] (Google Inc.) Check &Spelling -> C:\Program Files\ieSpell\iespell.dll [res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM] -> File not found Lookup on Merriam Webster -> C:\Program Files\ieSpell\Merriam Webster.HTM [file://C:\Program Files\ieSpell\Merriam Webster.HTM] -> File not found Lookup on Wikipedia -> C:\Program Files\ieSpell\wikipedia.HTM [file://C:\Program Files\ieSpell\wikipedia.HTM] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:Exec [HKLM] -> Reg Error: Value error. [Button: ieSpell] -> File not found {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:Reg Error: Value error. [HKLM] -> Reg Error: Value error. [Menu: ieSpell] -> File not found {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}:Reg Error: Value error. [HKLM] -> Reg Error: Value error. [Menu: ieSpell Options] -> File not found {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 06:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 06:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\] > -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1123561945-839522115-1957994488-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab [QuickTime Object] -> {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139406804265 [MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 15:21:42 | 00,548,352 | ---- | M] (SUPERAntiSpyware.com) < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{EC4C84BE-B817-47BD-9860-86933DDE59D0}" [HKLM] -> C:\Documents and Settings\All Users\Application Data\Microsoft\aspyphondu.dll [SecuritySystem] -> [2009/08/31 11:31:43 | 00,772,096 | ---- | M] () < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com) "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/14 06:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> [2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2000/01/02 17:04:16 | 00,000,000 | ---- | M] () E:\AutoRun.exe [MZ | ] -> E:\AutoRun.exe [ CDFS ] -> [2009/04/22 17:01:06 | 00,132,576 | R--- | M] (Huawei Technologies Co., Ltd.) E:\Autorun.ico [] -> E:\Autorun.ico [ CDFS ] -> [2008/12/08 10:24:46 | 00,027,750 | R--- | M] () E:\AUTORUN.INF [[AutoRun] | open=AutoRun.exe | icon=Autorun.ico | ] -> E:\AUTORUN.INF [ CDFS ] -> [2007/10/29 13:25:38 | 00,000,047 | R--- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{96ef0d03-9582-11de-b2e8-00173f10d130} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ef0d03-9582-11de-b2e8-00173f10d130}\Shell \{96ef0d03-9582-11de-b2e8-00173f10d130}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ef0d03-9582-11de-b2e8-00173f10d130}\Shell\AutoRun \{96ef0d03-9582-11de-b2e8-00173f10d130}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ef0d03-9582-11de-b2e8-00173f10d130}\Shell\AutoRun\command \{96ef0d03-9582-11de-b2e8-00173f10d130}\Shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> [2009/04/22 17:01:06 | 00,132,576 | R--- | M] (Huawei Technologies Co., Ltd.) [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> File not found cmdfile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> File not found exefile [open] -> "%1" %* -> File not found htmlfile [edit] -> Reg Error: Key error. htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) https [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> File not found regfile [merge] -> Reg Error: Key error. scrfile [config] -> "%1" -> File not found scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/14 05:42:42 | 00,135,168 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> File not found txtfile [edit] -> Reg Error: Key error. Directory [AddToPlaylistVLC] -> C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" -> [2008/12/06 15:57:20 | 00,114,840 | ---- | M] () Directory [Browse with XnView] -> Reg Error: Key error. Directory [cmd] -> cmd.exe /k cd "%L" -> [2008/04/14 05:42:16 | 00,389,120 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) Directory [PlayWithVLC] -> C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" -> [2008/12/06 15:57:20 | 00,114,840 | ---- | M] () Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 06/09/2009 19:12:50 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted. Application [ Error ] 06/09/2009 19:14:34 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted. Application [ Error ] 06/09/2009 19:48:52 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted. Application [ Error ] 06/09/2009 19:51:14 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted. Application [ Error ] 07/09/2009 03:43:15 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted. Application [ Error ] 07/09/2009 03:44:32 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted. Application [ Error ] 07/09/2009 05:22:54 Computer Name = OWNERXP-B6DA981 | Source = Lavasoft Ad-Aware Service | ID = 0 -> Description = Application [ Error ] 07/09/2009 12:40:21 Computer Name = OWNERXP-B6DA981 | Source = Application Hang | ID = 1002 -> Description = Hanging application _iu14D2N.tmp, version 51.49.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 08/09/2009 12:56:43 Computer Name = OWNERXP-B6DA981 | Source = MsiInstaller | ID = 1013 -> Description = Product: EA Download Manager -- 1: The InstallScript engine is missing from this machine. If available, please run ISScript.msi, or contact your support personnel for further assistance. Application [ Error ] 08/09/2009 12:56:45 Computer Name = OWNERXP-B6DA981 | Source = MsiInstaller | ID = 1013 -> Description = Product: EA Download Manager -- 1: The InstallScript engine is missing from this machine. If available, please run ISScript.msi, or contact your support personnel for further assistance. System [ Error ] 08/09/2009 12:22:23 Computer Name = OWNERXP-B6DA981 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL TMEI3E Tosrfcom System [ Error ] 08/09/2009 12:32:18 Computer Name = OWNERXP-B6DA981 | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} System [ Error ] 08/09/2009 17:14:21 Computer Name = OWNERXP-B6DA981 | Source = Service Control Manager | ID = 7034 -> Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). System [ Error ] 08/09/2009 17:15:14 Computer Name = OWNERXP-B6DA981 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. System [ Error ] 08/09/2009 18:02:13 Computer Name = OWNERXP-B6DA981 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. System [ Error ] 08/09/2009 18:08:04 Computer Name = OWNERXP-B6DA981 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. System [ Error ] 08/09/2009 18:12:45 Computer Name = OWNERXP-B6DA981 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. System [ Error ] 08/09/2009 18:13:05 Computer Name = OWNERXP-B6DA981 | Source = PlugPlayManager | ID = 11 -> Description = The device Root\LEGACY_EAMSFIMZ\0000 disappeared from the system without first being prepared for removal. System [ Error ] 08/09/2009 18:13:05 Computer Name = OWNERXP-B6DA981 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. System [ Error ] 08/09/2009 18:16:13 Computer Name = OWNERXP-B6DA981 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. Windows PowerShel [ Error ] 06/09/2009 19:12:50 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = Windows PowerShel [ Error ] 06/09/2009 19:14:34 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = Windows PowerShel [ Error ] 06/09/2009 19:48:52 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = Windows PowerShel [ Error ] 06/09/2009 19:51:14 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = Windows PowerShel [ Error ] 07/09/2009 03:43:15 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = Windows PowerShel [ Error ] 07/09/2009 03:44:32 Computer Name = OWNERXP-B6DA981 | Source = Winlogon | ID = 1015 -> Description = Windows PowerShel [ Error ] 07/09/2009 05:22:54 Computer Name = OWNERXP-B6DA981 | Source = Lavasoft Ad-Aware Service | ID = 0 -> Description = Windows PowerShel [ Error ] 07/09/2009 12:40:21 Computer Name = OWNERXP-B6DA981 | Source = Application Hang | ID = 1002 -> Description = Windows PowerShel [ Error ] 08/09/2009 12:56:43 Computer Name = OWNERXP-B6DA981 | Source = MsiInstaller | ID = 1013 -> Description = Windows PowerShel [ Error ] 08/09/2009 12:56:45 Computer Name = OWNERXP-B6DA981 | Source = MsiInstaller | ID = 1013 -> Description = [Files/Folders - Created Within 30 Days] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 1 C:\Documents and Settings\main\*.tmp files -> C:\Documents and Settings\main\*.tmp -> wcenter.exe -> C:\WINDOWS\System32\wcenter.exe -> [2009/09/08 23:15:52 | 00,385,024 | ---- | C] () temp -> C:\WINDOWS\temp -> [2009/09/08 23:12:15 | 00,000,000 | ---D | C] NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009/09/08 23:01:25 | 00,031,232 | ---- | C] (NirSoft) Combo-Fix.exe -> C:\Combo-Fix.exe -> [2009/09/08 22:54:49 | 03,200,988 | R--- | C] () gmer.zip -> C:\gmer.zip -> [2009/09/08 22:49:17 | 00,280,282 | ---- | C] () OTS.exe -> C:\OTS.exe -> [2009/09/08 22:48:57 | 00,516,096 | ---- | C] (OldTimer Tools) Boot.bak -> C:\Boot.bak -> [2009/09/08 22:22:20 | 00,000,211 | ---- | C] () cmldr -> C:\cmldr -> [2009/09/08 22:22:16 | 00,260,272 | ---- | C] () cmdcons -> C:\cmdcons -> [2009/09/08 22:22:13 | 00,000,000 | RHSD | C] PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/09/08 22:12:58 | 00,230,912 | ---- | C] () SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2009/09/08 22:12:58 | 00,212,480 | ---- | C] (SteelWerX) SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2009/09/08 22:12:58 | 00,161,792 | ---- | C] (SteelWerX) SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2009/09/08 22:12:58 | 00,136,704 | ---- | C] (SteelWerX) sed.exe -> C:\WINDOWS\sed.exe -> [2009/09/08 22:12:58 | 00,098,816 | ---- | C] () grep.exe -> C:\WINDOWS\grep.exe -> [2009/09/08 22:12:58 | 00,080,412 | ---- | C] () zip.exe -> C:\WINDOWS\zip.exe -> [2009/09/08 22:12:58 | 00,068,096 | ---- | C] () ERDNT -> C:\WINDOWS\ERDNT -> [2009/09/08 22:12:42 | 00,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2009/09/08 22:12:08 | 00,000,000 | ---D | C] HijackThis.exe -> C:\HijackThis.exe -> [2009/09/08 17:55:00 | 00,401,720 | ---- | C] (Trend Micro Inc.) hiberfil.sys -> C:\hiberfil.sys -> [2009/09/08 17:33:15 | 53,567,8976 | -HS- | C] () AlbumArt_{8FBDB5AB-E80D-4F83-9E30-AB24313533EB}_Large.jpg -> C:\AlbumArt_{8FBDB5AB-E80D-4F83-9E30-AB24313533EB}_Large.jpg -> [2009/09/08 00:44:06 | 00,007,869 | -HS- | C] () AlbumArt_{8FBDB5AB-E80D-4F83-9E30-AB24313533EB}_Small.jpg -> C:\AlbumArt_{8FBDB5AB-E80D-4F83-9E30-AB24313533EB}_Small.jpg -> [2009/09/08 00:44:06 | 00,002,123 | -HS- | C] () Finish Downloading Spyware Doctor.lnk -> C:\Documents and Settings\All Users\Desktop\Finish Downloading Spyware Doctor.lnk -> [2009/09/07 22:22:19 | 00,001,549 | ---- | C] () Spyware Doctor.lnk -> C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk -> [2009/09/07 19:15:14 | 00,001,637 | ---- | C] () ExterminateItSetup.exe -> C:\ExterminateItSetup.exe -> [2009/09/07 16:27:29 | 04,304,531 | ---- | C] (Curio Lab) lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2009/09/07 13:39:08 | 00,015,688 | ---- | C] () Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/09/07 10:31:39 | 00,000,472 | ---- | C] () Lbd.sys -> C:\WINDOWS\System32\drivers\Lbd.sys -> [2009/09/07 10:31:24 | 00,064,160 | ---- | C] (Lavasoft AB) DRVSTORE -> C:\WINDOWS\System32\DRVSTORE -> [2009/09/07 10:31:23 | 00,000,000 | ---D | C] Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2009/09/07 10:22:39 | 00,000,867 | ---- | C] () Lavasoft -> C:\Program Files\Lavasoft -> [2009/09/07 10:22:25 | 00,000,000 | ---D | C] Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2009/09/07 10:22:25 | 00,000,000 | ---D | C] How do I remove Smart Protector from my computer - Yahoo! Answers.mht -> C:\Documents and Settings\main\My Documents\How do I remove Smart Protector from my computer - Yahoo! Answers.mht -> [2009/09/07 08:50:58 | 00,767,983 | ---- | C] () {83C91755-2546-441D-AC40-9A6B4B860800} -> C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} -> [2009/09/06 23:35:39 | 00,000,000 | -H-D | C] Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/09/06 23:34:24 | 00,000,696 | ---- | C] () mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/09/06 23:34:21 | 00,038,160 | ---- | C] (Malwarebytes Corporation) mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/09/06 23:34:19 | 00,019,096 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/09/06 23:34:19 | 00,000,000 | ---D | C] Download_6.1.0.447f-sdregnow-setup.exe -> C:\Download_6.1.0.447f-sdregnow-setup.exe -> [2009/09/06 23:29:16 | 00,366,120 | ---- | C] (Digital River, Inc.) Ad-AwareAE.exe -> C:\Ad-AwareAE.exe -> [2009/09/06 23:10:21 | 34,543,112 | ---- | C] (Lavasoft ) SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2009/09/06 18:31:34 | 00,000,000 | ---D | C] SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\main\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2009/09/06 18:31:26 | 00,000,780 | ---- | C] () SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2009/09/06 18:31:16 | 00,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\Documents and Settings\main\Application Data\SUPERAntiSpyware.com -> [2009/09/06 18:31:15 | 00,000,000 | ---D | C] Wise Installation Wizard -> C:\Program Files\Common Files\Wise Installation Wizard -> [2009/09/06 18:28:40 | 00,000,000 | ---D | C] SUPERAntiSpyware.exe -> C:\SUPERAntiSpyware.exe -> [2009/09/06 18:04:35 | 07,163,936 | ---- | C] () Malwarebytes -> C:\Documents and Settings\main\Application Data\Malwarebytes -> [2009/09/06 02:12:47 | 00,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/09/06 02:12:34 | 00,000,000 | ---D | C] mbam-setup.exe -> C:\mbam-setup.exe -> [2009/09/06 02:11:40 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) sdsetup.exe -> C:\sdsetup.exe -> [2009/09/06 01:54:54 | 26,709,272 | ---- | C] (PC Tools ) pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/09/06 00:07:56 | 00,007,396 | ---- | C] () pctgntdi.sys -> C:\WINDOWS\System32\drivers\pctgntdi.sys -> [2009/09/05 23:38:26 | 00,159,600 | ---- | C] (PC Tools) PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/09/05 23:38:14 | 00,206,256 | ---- | C] (PC Tools) PCTAppEvent.sys -> C:\WINDOWS\System32\drivers\PCTAppEvent.sys -> [2009/09/05 23:38:14 | 00,073,840 | ---- | C] (PC Tools) PC Tools -> C:\Program Files\Common Files\PC Tools -> [2009/09/05 23:37:59 | 00,000,000 | ---D | C] pctplsg.sys -> C:\WINDOWS\System32\drivers\pctplsg.sys -> [2009/09/05 23:37:58 | 00,064,392 | ---- | C] (PC Tools) Spyware Doctor -> C:\Program Files\Spyware Doctor -> [2009/09/05 23:37:50 | 00,000,000 | ---D | C] PC Tools -> C:\Documents and Settings\main\Application Data\PC Tools -> [2009/09/05 23:37:50 | 00,000,000 | ---D | C] PC Tools -> C:\Documents and Settings\All Users\Application Data\PC Tools -> [2009/09/05 23:37:50 | 00,000,000 | ---D | C] 6.1.0.447d-sd-setup.exe -> C:\6.1.0.447d-sd-setup.exe -> [2009/09/05 23:36:40 | 18,051,464 | ---- | C] (PC Tools ) Revo Uninstaller.lnk -> C:\Documents and Settings\main\Desktop\Revo Uninstaller.lnk -> [2009/09/05 22:06:32 | 00,000,917 | ---- | C] () VS Revo Group -> C:\Program Files\VS Revo Group -> [2009/09/05 22:06:32 | 00,000,000 | ---D | C] AlbumArt_{B4B07E43-FE58-4929-ADB7-92F2E215FBCD}_Large.jpg -> C:\AlbumArt_{B4B07E43-FE58-4929-ADB7-92F2E215FBCD}_Large.jpg -> [2009/09/05 21:35:41 | 00,005,066 | -HS- | C] () AlbumArt_{B4B07E43-FE58-4929-ADB7-92F2E215FBCD}_Small.jpg -> C:\AlbumArt_{B4B07E43-FE58-4929-ADB7-92F2E215FBCD}_Small.jpg -> [2009/09/05 21:35:41 | 00,001,742 | -HS- | C] () AlbumArt_{B7F12422-F81B-45BC-9C22-9A04B0B4D5D3}_Large.jpg -> C:\AlbumArt_{B7F12422-F81B-45BC-9C22-9A04B0B4D5D3}_Large.jpg -> [2009/09/05 21:35:29 | 00,013,015 | -HS- | C] () AlbumArt_{B7F12422-F81B-45BC-9C22-9A04B0B4D5D3}_Small.jpg -> C:\AlbumArt_{B7F12422-F81B-45BC-9C22-9A04B0B4D5D3}_Small.jpg -> [2009/09/05 21:35:29 | 00,002,988 | -HS- | C] () RadioSure.lnk -> C:\Documents and Settings\main\Desktop\RadioSure.lnk -> [2009/09/05 21:35:28 | 00,001,042 | ---- | C] () RadioSure -> C:\Documents and Settings\main\Local Settings\Application Data\RadioSure -> [2009/09/05 21:35:22 | 00,000,000 | ---D | C] RadioSure-2.0.872-setup.exe -> C:\RadioSure-2.0.872-setup.exe -> [2009/09/05 21:22:14 | 02,219,225 | ---- | C] (TheBestWare Studio) Ashampoo -> C:\Documents and Settings\main\Application Data\Ashampoo -> [2009/09/05 21:12:46 | 00,000,000 | ---D | C] ashampoo -> C:\Documents and Settings\main\Local Settings\Application Data\ashampoo -> [2009/09/05 21:12:30 | 00,000,000 | ---D | C] ashampoo -> C:\Documents and Settings\All Users\Application Data\ashampoo -> [2009/09/05 21:12:30 | 00,000,000 | ---D | C] Go to WWW.THE-PAGE.COM.lnk -> C:\Documents and Settings\All Users\Desktop\Go to WWW.THE-PAGE.COM.lnk -> [2009/09/05 21:12:29 | 00,001,718 | ---- | C] () page -> C:\Documents and Settings\All Users\Application Data\page -> [2009/09/05 21:12:23 | 00,000,000 | ---D | C] ashampoo_burning_studio_6_free_676_4311.exe -> C:\ashampoo_burning_studio_6_free_676_4311.exe -> [2009/09/05 21:05:48 | 06,054,784 | ---- | C] (ashampoo GmbH & Co. KG ) mpk.exe -> C:\mpk.exe -> [2009/09/05 20:55:58 | 00,056,832 | ---- | C] (NirSoft) mpk.chm -> C:\mpk.chm -> [2009/09/05 20:55:58 | 00,027,318 | ---- | C] () mpk.zip -> C:\mpk.zip -> [2009/09/05 20:55:27 | 00,051,029 | ---- | C] () makefile -> C:\makefile -> [2009/09/05 20:30:57 | 00,013,967 | ---- | C] () src -> C:\src -> [2009/09/05 20:30:54 | 00,000,000 | ---D | C] docs -> C:\docs -> [2009/09/05 20:30:54 | 00,000,000 | ---D | C] mame0133s.exe -> C:\mame0133s.exe -> [2009/09/05 20:30:03 | 10,633,767 | ---- | C] () dvdcss -> C:\Documents and Settings\main\Application Data\dvdcss -> [2009/09/05 13:12:54 | 00,000,000 | ---D | C] Folder.jpg -> C:\Folder.jpg -> [2009/09/05 12:36:21 | 00,007,869 | -HS- | C] () AlbumArtSmall.jpg -> C:\AlbumArtSmall.jpg -> [2009/09/05 12:36:21 | 00,002,123 | -HS- | C] () My Music -> C:\Documents and Settings\main\My Documents\My Music -> [2009/09/05 12:22:21 | 00,000,000 | R--D | C] elton john - i guess thats why they call it the blues(2)(2).mp3 -> C:\elton john - i guess thats why they call it the blues(2)(2).mp3 -> [2009/09/05 11:17:37 | 04,525,244 | ---- | C] () GoodbyeYellowBrickRoad.mp3 -> C:\GoodbyeYellowBrickRoad.mp3 -> [2009/09/05 11:13:10 | 04,767,721 | ---- | C] () Bonnie Tyler - Total Eclipse Of The Heart.mp3 -> C:\Bonnie Tyler - Total Eclipse Of The Heart.mp3 -> [2009/09/05 11:07:51 | 06,690,944 | ---- | C] () Meatloaf - Two Out Of Three Aint Bad.mp3 -> C:\Meatloaf - Two Out Of Three Aint Bad.mp3 -> [2009/09/05 11:03:38 | 05,227,553 | ---- | C] () The Beatles - Rocky Racoon.mp3 -> C:\The Beatles - Rocky Racoon.mp3 -> [2009/09/05 11:01:02 | 03,540,916 | ---- | C] () THE BEATLES - FOR NO ONE.mp3 -> C:\THE BEATLES - FOR NO ONE.mp3 -> [2009/09/05 10:58:30 | 00,851,935 | ---- | C] () The Beatles - Michelle.mp3 -> C:\The Beatles - Michelle.mp3 -> [2009/09/05 10:56:25 | 02,597,225 | ---- | C] () Stylus_Color_680_Setup_Guide.pdf -> C:\Stylus_Color_680_Setup_Guide.pdf -> [2009/09/05 10:36:05 | 00,706,339 | ---- | C] () Help -> C:\Documents and Settings\main\Local Settings\Application Data\Help -> [2009/09/05 00:42:37 | 00,000,000 | ---D | C] Help -> C:\Documents and Settings\main\Application Data\Help -> [2009/09/05 00:42:37 | 00,000,000 | ---D | C] Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2009/09/05 00:40:29 | 00,001,729 | ---- | C] () Downloads -> C:\Documents and Settings\main\Desktop\Downloads -> [2009/09/05 00:35:14 | 00,000,000 | ---D | C] EBPMON2.DLL -> C:\WINDOWS\System32\EBPMON2.DLL -> [2009/09/05 00:33:22 | 00,061,598 | ---- | C] (SEIKO EPSON CORPORATION) ECBTEG.DLL -> C:\WINDOWS\System32\ECBTEG.DLL -> [2009/09/05 00:33:22 | 00,057,344 | ---- | C] (SEIKO EPSON CORPORATION) EBPPORT.DAT -> C:\WINDOWS\System32\EBPPORT.DAT -> [2009/09/05 00:33:22 | 00,000,145 | ---- | C] () EBPCHP.DLL -> C:\WINDOWS\System32\EBPCHP.DLL -> [2009/09/05 00:33:21 | 00,034,304 | ---- | C] (SEIKO EPSON CORPORATION) EPSON -> C:\Program Files\EPSON -> [2009/09/05 00:33:21 | 00,000,000 | ---D | C] EPSTPLOG.BAK -> C:\WINDOWS\EPSTPLOG.BAK -> [2009/09/05 00:33:16 | 00,017,387 | ---- | C] () EPSON -> C:\EPSON -> [2009/09/05 00:33:10 | 00,000,000 | ---D | C] sc680_winxp_full.exe -> C:\sc680_winxp_full.exe -> [2009/09/04 21:40:09 | 04,108,299 | ---- | C] () Apple Computer -> C:\Documents and Settings\main\Application Data\Apple Computer -> [2009/09/04 19:37:27 | 00,000,000 | ---D | C] Apple Computer -> C:\Documents and Settings\main\Local Settings\Application Data\Apple Computer -> [2009/09/04 19:35:56 | 00,000,000 | ---D | C] QuickTime Player.lnk -> C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk -> [2009/09/04 19:35:52 | 00,001,604 | ---- | C] () QuickTime -> C:\Program Files\QuickTime -> [2009/09/04 19:35:37 | 00,000,000 | ---D | C] Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2009/09/04 15:36:48 | 00,000,738 | ---- | C] () STKIT432.DLL -> C:\WINDOWS\System32\STKIT432.DLL -> [2009/09/04 15:36:47 | 00,024,576 | ---- | C] (Microsoft Corporation) Registry Mechanic -> C:\Program Files\Registry Mechanic -> [2009/09/04 15:36:43 | 00,000,000 | ---D | C] ie8updates -> C:\WINDOWS\ie8updates -> [2009/09/04 15:13:50 | 00,000,000 | ---D | C] 21c5d0ad9cda8f6deb01 -> C:\21c5d0ad9cda8f6deb01 -> [2009/09/04 15:08:35 | 00,000,000 | ---D | C] imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/09/04 15:08:00 | 00,001,355 | ---- | C] () RegMagik.INI -> C:\WINDOWS\RegMagik.INI -> [2009/09/04 10:13:55 | 00,000,693 | ---- | C] () RegMagik -> C:\Program Files\RegMagik -> [2009/09/04 09:49:37 | 00,000,000 | ---D | C] RegCleaner -> C:\Program Files\RegCleaner -> [2009/09/04 09:48:57 | 00,000,000 | ---D | C] GetRightToGo -> C:\Documents and Settings\main\Application Data\GetRightToGo -> [2009/09/04 09:47:49 | 00,000,000 | ---D | C] ce38de16813a580967f16afff0df5d -> C:\ce38de16813a580967f16afff0df5d -> [2009/09/04 09:45:58 | 00,000,000 | ---D | C] ACW -> C:\Program Files\ACW -> [2009/09/04 09:45:33 | 00,000,000 | ---D | C] LocalSystem32 -> C:\WINDOWS\System32\LocalSystem32 -> [2009/09/04 08:35:34 | 00,000,000 | -HSD | C] ieproxy.dll -> C:\WINDOWS\System32\dllcache\ieproxy.dll -> [2009/09/03 20:33:53 | 00,246,272 | ---- | C] (Microsoft Corporation) xpshims.dll -> C:\WINDOWS\System32\dllcache\xpshims.dll -> [2009/09/03 20:33:53 | 00,012,800 | ---- | C] (Microsoft Corporation) {DD4E68DA-DBCD-4C1F-B85E-FF8A7BEBE383} -> C:\Documents and Settings\main\Local Settings\Application Data\{DD4E68DA-DBCD-4C1F-B85E-FF8A7BEBE383} -> [2009/09/03 20:30:43 | 00,000,000 | ---D | C] usbprint.sys -> C:\WINDOWS\System32\drivers\usbprint.sys -> [2009/09/01 20:09:42 | 00,025,856 | ---- | C] (Microsoft Corporation) usbprint.sys -> C:\WINDOWS\System32\dllcache\usbprint.sys -> [2009/09/01 20:09:42 | 00,025,856 | ---- | C] (Microsoft Corporation) appmgmt -> C:\WINDOWS\System32\appmgmt -> [2009/09/01 07:06:39 | 00,000,000 | ---D | C] IECompatCache -> C:\Documents and Settings\main\IECompatCache -> [2009/09/01 06:34:24 | 00,000,000 | -HSD | C] vlc -> C:\Documents and Settings\main\Application Data\vlc -> [2009/08/31 22:40:51 | 00,000,000 | ---D | C] VLC media player.lnk -> C:\Documents and Settings\All Users\Desktop\VLC media player.lnk -> [2009/08/31 22:39:57 | 00,000,719 | ---- | C] () VideoLAN -> C:\Program Files\VideoLAN -> [2009/08/31 22:38:29 | 00,000,000 | ---D | C] vlc-1.0.1-win32.exe -> C:\vlc-1.0.1-win32.exe -> [2009/08/31 20:03:49 | 02,993,200 | ---- | C] () My Music -> C:\Documents and Settings\All Users\Documents\My Music -> [2009/08/31 13:58:28 | 00,000,000 | R--D | C] PrivacIE -> C:\Documents and Settings\main\PrivacIE -> [2009/08/31 11:19:12 | 00,000,000 | -HSD | C] IETldCache -> C:\Documents and Settings\main\IETldCache -> [2009/08/31 09:23:15 | 00,000,000 | -HSD | C] ie8 -> C:\WINDOWS\ie8 -> [2009/08/31 09:16:09 | 00,000,000 | -H-D | C] Birdstep Technology -> C:\Documents and Settings\main\Application Data\Birdstep Technology -> [2009/08/30 17:39:40 | 00,000,000 | ---D | C] Birdstep Technology -> C:\Documents and Settings\All Users\Application Data\Birdstep Technology -> [2009/08/30 17:39:27 | 00,000,000 | ---D | C] 3Connect.lnk -> C:\Documents and Settings\All Users\Desktop\3Connect.lnk -> [2009/08/30 17:39:26 | 00,001,740 | ---- | C] () mod7700.sys -> C:\WINDOWS\System32\drivers\mod7700.sys -> [2009/08/30 17:36:37 | 00,621,056 | ---- | C] (DiBcom SA) ewusbnet.sys -> C:\WINDOWS\System32\drivers\ewusbnet.sys -> [2009/08/30 17:36:37 | 00,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) ewusbfake.sys -> C:\WINDOWS\System32\drivers\ewusbfake.sys -> [2009/08/30 17:36:37 | 00,102,656 | ---- | C] (Huawei Technologies Co., Ltd.) ewusbmdm.sys -> C:\WINDOWS\System32\drivers\ewusbmdm.sys -> [2009/08/30 17:36:37 | 00,102,400 | ---- | C] (Huawei Technologies Co., Ltd.) ewdcsc.sys -> C:\WINDOWS\System32\drivers\ewdcsc.sys -> [2009/08/30 17:36:37 | 00,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) Huawei ModemsUninstall.exe -> C:\WINDOWS\Huawei ModemsUninstall.exe -> [2009/08/30 17:36:33 | 00,070,667 | ---- | C] () Huawei Modems -> C:\Program Files\Huawei Modems -> [2009/08/30 17:36:33 | 00,000,000 | ---D | C] mdvrmng.sys -> C:\WINDOWS\System32\drivers\mdvrmng.sys -> [2009/08/30 17:36:30 | 00,010,240 | ---- | C] () Bluetooth -> C:\Documents and Settings\main\My Documents\Bluetooth -> [2009/08/30 17:35:52 | 00,000,000 | ---D | C] InstallShield Installation Information -> C:\Program Files\InstallShield Installation Information -> [2009/08/30 17:35:23 | 00,000,000 | -H-D | C] 3 Mobile Broadband -> C:\Program Files\3 Mobile Broadband -> [2009/08/30 17:35:23 | 00,000,000 | ---D | C] InstallShield -> C:\Program Files\Common Files\InstallShield -> [2009/08/30 17:34:55 | 00,000,000 | ---D | C] ptpusb.dll -> C:\WINDOWS\System32\ptpusb.dll -> [2009/08/28 16:04:04 | 00,005,632 | ---- | C] (Microsoft Corporation) ptpusd.dll -> C:\WINDOWS\System32\ptpusd.dll -> [2009/08/28 16:04:02 | 00,159,232 | ---- | C] (Microsoft Corporation) usbscan.sys -> C:\WINDOWS\System32\drivers\usbscan.sys -> [2009/08/28 16:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) usbscan.sys -> C:\WINDOWS\System32\dllcache\usbscan.sys -> [2009/08/28 16:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) WirelessFTP.INI -> C:\WINDOWS\WirelessFTP.INI -> [2009/06/07 15:02:15 | 00,000,097 | ---- | C] () iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2009/02/27 20:32:23 | 00,000,000 | ---- | C] () MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2009/01/15 20:10:40 | 00,000,285 | ---- | C] () BTNetFilter.sys -> C:\WINDOWS\System32\drivers\BTNetFilter.sys -> [2009/01/13 18:32:17 | 00,013,304 | ---- | C] () VBTEnum.sys -> C:\WINDOWS\System32\drivers\VBTEnum.sys -> [2009/01/13 18:32:16 | 00,011,860 | ---- | C] () F5D9010.dll -> C:\WINDOWS\System32\F5D9010.dll -> [2008/12/23 17:53:56 | 00,040,960 | ---- | C] () tosOBEX.INI -> C:\WINDOWS\tosOBEX.INI -> [2008/12/23 15:19:18 | 00,000,000 | ---- | C] () InsDrvZD.dll -> C:\WINDOWS\System32\InsDrvZD.dll -> [2008/12/23 14:14:20 | 00,028,672 | ---- | C] () InsDrvZD64.dll -> C:\WINDOWS\System32\InsDrvZD64.dll -> [2008/12/23 14:14:20 | 00,015,872 | ---- | C] () Oiduts.dll -> C:\WINDOWS\Oiduts.dll -> [2008/12/23 13:34:51 | 00,028,672 | R--- | C] () getnode.dll -> C:\WINDOWS\System32\getnode.dll -> [2008/12/23 13:07:35 | 00,024,576 | ---- | C] () TOSMgmt.dll -> C:\WINDOWS\System32\TOSMgmt.dll -> [2008/12/23 13:07:02 | 00,045,056 | ---- | C] () readmem.sys -> C:\WINDOWS\System32\drivers\readmem.sys -> [2008/12/23 13:07:02 | 00,002,496 | ---- | C] () LGUICOM.DLL -> C:\WINDOWS\System32\LGUICOM.DLL -> [2008/12/23 13:03:30 | 00,109,056 | ---- | C] () Cmousecc.ini -> C:\WINDOWS\Cmousecc.ini -> [2008/12/23 13:03:30 | 00,000,443 | ---- | C] () Tbiosdrv.sys -> C:\WINDOWS\System32\drivers\Tbiosdrv.sys -> [2008/12/23 13:00:08 | 00,006,528 | ---- | C] () csellang.ini -> C:\WINDOWS\System32\csellang.ini -> [2008/12/23 12:51:52 | 00,121,905 | ---- | C] () csellang.dll -> C:\WINDOWS\System32\csellang.dll -> [2008/12/23 12:51:52 | 00,045,056 | ---- | C] () tosmreg.ini -> C:\WINDOWS\System32\tosmreg.ini -> [2008/12/23 12:51:52 | 00,008,831 | ---- | C] () cseltbl.ini -> C:\WINDOWS\System32\cseltbl.ini -> [2008/12/23 12:51:52 | 00,006,793 | ---- | C] () win.ini -> C:\WINDOWS\win.ini -> [2007/07/27 13:00:00 | 00,000,617 | ---- | C] () system.ini -> C:\WINDOWS\system.ini -> [2007/07/27 13:00:00 | 00,000,227 | ---- | C] () TosBtAcc.dll -> C:\WINDOWS\System32\TosBtAcc.dll -> [2005/09/02 15:44:08 | 00,110,592 | ---- | C] () TosCommAPI.dll -> C:\WINDOWS\System32\TosCommAPI.dll -> [2005/07/22 22:30:20 | 00,065,536 | ---- | C] () TosBtHcrpAPI.dll -> C:\WINDOWS\System32\TosBtHcrpAPI.dll -> [2004/07/20 18:04:02 | 00,094,208 | ---- | C] () TBTMonUI.dll -> C:\WINDOWS\System32\TBTMonUI.dll -> [2004/01/15 15:43:28 | 00,114,688 | ---- | C] () [Files/Folders - Modified Within 30 Days] system.ini -> C:\WINDOWS\system.ini -> [2009/09/08 23:16:36 | 00,000,227 | ---- | M] () wcenter.exe -> C:\WINDOWS\System32\wcenter.exe -> [2009/09/08 23:15:52 | 00,385,024 | ---- | M] () Perflib_Perfdata_81c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_81c.dat -> [2009/09/08 23:15:52 | 00,016,384 | ---- | M] () hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/09/08 23:15:21 | 00,000,027 | ---- | M] () Perflib_Perfdata_59c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat -> [2009/09/08 23:15:06 | 00,016,384 | ---- | M] () SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/09/08 23:15:02 | 00,000,006 | -H-- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/09/08 23:14:49 | 00,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2009/09/08 23:14:47 | 53,567,8976 | -HS- | M] () ntuser.dat -> C:\Documents and Settings\main\ntuser.dat -> [2009/09/08 23:13:44 | 05,242,880 | ---- | M] () ntuser.ini -> C:\Documents and Settings\main\ntuser.ini -> [2009/09/08 23:13:44 | 00,000,178 | -HS- | M] () Combo-Fix.exe -> C:\Combo-Fix.exe -> [2009/09/08 22:54:49 | 03,200,988 | R--- | M] () gmer.zip -> C:\gmer.zip -> [2009/09/08 22:49:19 | 00,280,282 | ---- | M] () OTS.exe -> C:\OTS.exe -> [2009/09/08 22:49:01 | 00,516,096 | ---- | M] (OldTimer Tools) boot.ini -> C:\boot.ini -> [2009/09/08 22:22:20 | 00,000,281 | RHS- | M] () IconCache.db -> C:\Documents and Settings\main\Local Settings\Application Data\IconCache.db -> [2009/09/08 20:41:03 | 04,302,798 | -H-- | M] () HijackThis.exe -> C:\HijackThis.exe -> [2009/09/08 17:55:00 | 00,401,720 | ---- | M] (Trend Micro Inc.) Bonnie Tyler - Total Eclipse Of The Heart.mp3 -> C:\Bonnie Tyler - Total Eclipse Of The Heart.mp3 -> [2009/09/08 00:44:42 | 06,690,944 | ---- | M] () GoodbyeYellowBrickRoad.mp3 -> C:\GoodbyeYellowBrickRoad.mp3 -> [2009/09/08 00:44:08 | 04,767,721 | ---- | M] () THE BEATLES - FOR NO ONE.mp3 -> C:\THE BEATLES - FOR NO ONE.mp3 -> [2009/09/08 00:44:04 | 00,851,935 | ---- | M] () Folder.jpg -> C:\Folder.jpg -> [2009/09/08 00:44:02 | 00,007,869 | -HS- | M] () AlbumArt_{8FBDB5AB-E80D-4F83-9E30-AB24313533EB}_Large.jpg -> C:\AlbumArt_{8FBDB5AB-E80D-4F83-9E30-AB24313533EB}_Large.jpg -> [2009/09/08 00:44:02 | 00,007,869 | -HS- | M] () The Beatles - Michelle.mp3 -> C:\The Beatles - Michelle.mp3 -> [2009/09/08 00:44:00 | 02,597,225 | ---- | M] () AlbumArtSmall.jpg -> C:\AlbumArtSmall.jpg -> [2009/09/08 00:43:58 | 00,002,123 | -HS- | M] () AlbumArt_{8FBDB5AB-E80D-4F83-9E30-AB24313533EB}_Small.jpg -> C:\AlbumArt_{8FBDB5AB-E80D-4F83-9E30-AB24313533EB}_Small.jpg -> [2009/09/08 00:43:58 | 00,002,123 | -HS- | M] () Meatloaf - Two Out Of Three Aint Bad.mp3 -> C:\Meatloaf - Two Out Of Three Aint Bad.mp3 -> [2009/09/08 00:43:53 | 05,227,553 | ---- | M] () Finish Downloading Spyware Doctor.lnk -> C:\Documents and Settings\All Users\Desktop\Finish Downloading Spyware Doctor.lnk -> [2009/09/07 22:22:19 | 00,001,549 | ---- | M] () Spyware Doctor.lnk -> C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk -> [2009/09/07 19:15:14 | 00,001,637 | ---- | M] () sdsetup.exe -> C:\sdsetup.exe -> [2009/09/07 19:13:24 | 26,709,272 | ---- | M] (PC Tools ) ExterminateItSetup.exe -> C:\ExterminateItSetup.exe -> [2009/09/07 16:27:29 | 04,304,531 | ---- | M] (Curio Lab) Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/09/07 10:31:40 | 00,000,472 | ---- | M] () lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2009/09/07 10:30:50 | 00,015,688 | ---- | M] () Lbd.sys -> C:\WINDOWS\System32\drivers\Lbd.sys -> [2009/09/07 10:30:12 | 00,064,160 | ---- | M] (Lavasoft AB) Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2009/09/07 10:22:39 | 00,000,867 | ---- | M] () How do I remove Smart Protector from my computer - Yahoo! Answers.mht -> C:\Documents and Settings\main\My Documents\How do I remove Smart Protector from my computer - Yahoo! Answers.mht -> [2009/09/07 08:50:58 | 00,767,983 | ---- | M] () Nqisuvubov.bin -> C:\WINDOWS\Nqisuvubov.bin -> [2009/09/07 00:45:17 | 00,000,000 | ---- | M] () qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/09/07 00:21:19 | 00,013,498 | ---- | M] () qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/09/07 00:21:18 | 00,013,912 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/09/06 23:34:24 | 00,000,696 | ---- | M] () Download_6.1.0.447f-sdregnow-setup.exe -> C:\Download_6.1.0.447f-sdregnow-setup.exe -> [2009/09/06 23:29:20 | 00,366,120 | ---- | M] (Digital River, Inc.) mbam-setup.exe -> C:\mbam-setup.exe -> [2009/09/06 23:20:24 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) Ad-AwareAE.exe -> C:\Ad-AwareAE.exe -> [2009/09/06 23:10:23 | 34,543,112 | ---- | M] (Lavasoft ) SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\main\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2009/09/06 18:31:26 | 00,000,780 | ---- | M] () SUPERAntiSpyware.exe -> C:\SUPERAntiSpyware.exe -> [2009/09/06 18:04:35 | 07,163,936 | ---- | M] () ntuser.dat.rmbak -> C:\Documents and Settings\main\ntuser.dat.rmbak -> [2009/09/06 02:53:53 | 05,242,880 | ---- | M] () PCTCore.sys -> C:\WINDOWS\System32\drivers\PCTCore.sys -> [2009/09/06 00:08:04 | 00,206,256 | ---- | M] (PC Tools) pctcore.cat -> C:\WINDOWS\System32\drivers\pctcore.cat -> [2009/09/06 00:07:56 | 00,007,396 | ---- | M] () 6.1.0.447d-sd-setup.exe -> C:\6.1.0.447d-sd-setup.exe -> [2009/09/05 23:36:41 | 18,051,464 | ---- | M] (PC Tools ) Revo Uninstaller.lnk -> C:\Documents and Settings\main\Desktop\Revo Uninstaller.lnk -> [2009/09/05 22:09:04 | 00,000,917 | ---- | M] () AlbumArt_{B4B07E43-FE58-4929-ADB7-92F2E215FBCD}_Large.jpg -> C:\AlbumArt_{B4B07E43-FE58-4929-ADB7-92F2E215FBCD}_Large.jpg -> [2009/09/05 21:35:41 | 00,005,066 | -HS- | M] () AlbumArt_{B4B07E43-FE58-4929-ADB7-92F2E215FBCD}_Small.jpg -> C:\AlbumArt_{B4B07E43-FE58-4929-ADB7-92F2E215FBCD}_Small.jpg -> [2009/09/05 21:35:41 | 00,001,742 | -HS- | M] () RadioSure.lnk -> C:\Documents and Settings\main\Desktop\RadioSure.lnk -> [2009/09/05 21:35:28 | 00,001,042 | ---- | M] () AlbumArt_{B7F12422-F81B-45BC-9C22-9A04B0B4D5D3}_Large.jpg -> C:\AlbumArt_{B7F12422-F81B-45BC-9C22-9A04B0B4D5D3}_Large.jpg -> [2009/09/05 21:34:50 | 00,013,015 | -HS- | M] () AlbumArt_{B7F12422-F81B-45BC-9C22-9A04B0B4D5D3}_Small.jpg -> C:\AlbumArt_{B7F12422-F81B-45BC-9C22-9A04B0B4D5D3}_Small.jpg -> [2009/09/05 21:34:30 | 00,002,988 | -HS- | M] () RadioSure-2.0.872-setup.exe -> C:\RadioSure-2.0.872-setup.exe -> [2009/09/05 21:22:14 | 02,219,225 | ---- | M] (TheBestWare Studio) Go to WWW.THE-PAGE.COM.lnk -> C:\Documents and Settings\All Users\Desktop\Go to WWW.THE-PAGE.COM.lnk -> [2009/09/05 21:14:25 | 00,001,718 | ---- | M] () ashampoo_burning_studio_6_free_676_4311.exe -> C:\ashampoo_burning_studio_6_free_676_4311.exe -> [2009/09/05 21:05:48 | 06,054,784 | ---- | M] (ashampoo GmbH & Co. KG ) mpk.zip -> C:\mpk.zip -> [2009/09/05 20:55:27 | 00,051,029 | ---- | M] () mame0133s.exe -> C:\mame0133s.exe -> [2009/09/05 20:30:03 | 10,633,767 | ---- | M] () EPSTPLOG.BAK -> C:\WINDOWS\EPSTPLOG.BAK -> [2009/09/05 12:43:44 | 00,017,387 | ---- | M] () PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/09/05 11:50:11 | 00,501,938 | ---- | M] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/09/05 11:50:11 | 00,441,458 | ---- | M] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/09/05 11:50:11 | 00,071,394 | ---- | M] () elton john - i guess thats why they call it the blues(2)(2).mp3 -> C:\elton john - i guess thats why they call it the blues(2)(2).mp3 -> [2009/09/05 11:17:38 | 04,525,244 | ---- | M] () The Beatles - Rocky Racoon.mp3 -> C:\The Beatles - Rocky Racoon.mp3 -> [2009/09/05 11:01:02 | 03,540,916 | ---- | M] () Stylus_Color_680_Setup_Guide.pdf -> C:\Stylus_Color_680_Setup_Guide.pdf -> [2009/09/05 10:36:05 | 00,706,339 | ---- | M] () Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2009/09/05 00:40:29 | 00,001,729 | ---- | M] () sc680_winxp_full.exe -> C:\sc680_winxp_full.exe -> [2009/09/04 21:40:09 | 04,108,299 | ---- | M] () QuickTime Player.lnk -> C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk -> [2009/09/04 19:35:52 | 00,001,604 | ---- | M] () RegMagik.INI -> C:\WINDOWS\RegMagik.INI -> [2009/09/04 15:45:40 | 00,000,693 | ---- | M] () Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2009/09/04 15:36:48 | 00,000,738 | ---- | M] () imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/09/04 15:17:41 | 00,001,355 | ---- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/09/04 10:32:27 | 00,002,422 | ---- | M] () PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/09/03 22:25:22 | 00,230,912 | ---- | M] () VLC media player.lnk -> C:\Documents and Settings\All Users\Desktop\VLC media player.lnk -> [2009/08/31 22:39:57 | 00,000,719 | ---- | M] () vlc-1.0.1-win32.exe -> C:\vlc-1.0.1-win32.exe -> [2009/08/31 20:03:49 | 02,993,200 | ---- | M] () 3Connect.lnk -> C:\Documents and Settings\All Users\Desktop\3Connect.lnk -> [2009/08/30 17:39:26 | 00,001,740 | ---- | M] () Huawei ModemsUninstall.exe -> C:\WINDOWS\Huawei ModemsUninstall.exe -> [2009/08/30 17:36:33 | 00,070,667 | ---- | M] () Bluetooth Manager.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk -> [2009/08/30 17:34:56 | 00,000,715 | ---- | M] () [File - Lop Check] Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2009/09/07 09:57:02 | 00,000,000 | RH-D | M] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009/09/07 10:22:25 | 00,000,000 | RH-D | M] {4B7788ED-BF55-41B7-98E0-92442036B28E} -> C:\Documents and Settings\All Users\Application Data\{4B7788ED-BF55-41B7-98E0-92442036B28E} -> [2009/02/02 19:25:37 | 00,000,000 | ---D | M] {83C91755-2546-441D-AC40-9A6B4B860800} -> C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} -> [2009/09/07 10:22:44 | 00,000,000 | -H-D | M] {F94ED97F-1871-47C6-87A8-69513EF3C279} -> C:\Documents and Settings\All Users\Application Data\{F94ED97F-1871-47C6-87A8-69513EF3C279} -> [2009/07/01 17:38:58 | 00,000,000 | ---D | M] ashampoo -> C:\Documents and Settings\All Users\Application Data\ashampoo -> [2009/09/05 21:12:30 | 00,000,000 | ---D | M] Birdstep Technology -> C:\Documents and Settings\All Users\Application Data\Birdstep Technology -> [2009/08/30 17:39:47 | 00,000,000 | ---D | M] Blizzard -> C:\Documents and Settings\All Users\Application Data\Blizzard -> [2009/02/17 14:25:22 | 00,000,000 | ---D | M] GrimmsHatchery -> C:\Documents and Settings\All Users\Application Data\GrimmsHatchery -> [2009/01/10 21:19:19 | 00,000,000 | ---D | M] Norton -> C:\Documents and Settings\All Users\Application Data\Norton -> [2009/01/01 14:37:58 | 00,000,000 | ---D | M] NortonInstaller -> C:\Documents and Settings\All Users\Application Data\NortonInstaller -> [2008/12/23 15:10:07 | 00,000,000 | ---D | M] page -> C:\Documents and Settings\All Users\Application Data\page -> [2009/09/05 21:14:19 | 00,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/09/08 23:26:07 | 00,000,000 | ---D | M] Winferno -> C:\Documents and Settings\All Users\Application Data\Winferno -> [2009/01/26 20:44:22 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Default User\Application Data -> [2000/01/02 16:45:21 | 00,000,000 | RH-D | M] Application Data -> C:\Documents and Settings\Guest\Application Data -> [2009/09/08 23:11:30 | 00,000,000 | RH-D | M] Smart-Shopper -> C:\Documents and Settings\Guest\Application Data\Smart-Shopper -> [2009/02/05 18:41:52 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2009/09/08 18:29:13 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\main\Application Data -> [2009/09/08 23:11:34 | 00,000,000 | RH-D | M] Ashampoo -> C:\Documents and Settings\main\Application Data\Ashampoo -> [2009/09/05 21:12:46 | 00,000,000 | ---D | M] Birdstep Technology -> C:\Documents and Settings\main\Application Data\Birdstep Technology -> [2009/08/30 17:39:40 | 00,000,000 | ---D | M] dvdcss -> C:\Documents and Settings\main\Application Data\dvdcss -> [2009/09/05 13:13:58 | 00,000,000 | ---D | M] GetRightToGo -> C:\Documents and Settings\main\Application Data\GetRightToGo -> [2009/09/07 22:22:18 | 00,000,000 | ---D | M] LimeWire -> C:\Documents and Settings\main\Application Data\LimeWire -> [2009/09/04 20:00:54 | 00,000,000 | ---D | M] live-player -> C:\Documents and Settings\main\Application Data\live-player -> [2009/06/19 18:50:29 | 00,000,000 | ---D | M] OpenOffice.org -> C:\Documents and Settings\main\Application Data\OpenOffice.org -> [2009/05/25 08:43:35 | 00,000,000 | ---D | M] Orbit -> C:\Documents and Settings\main\Application Data\Orbit -> [2009/09/03 22:50:53 | 00,000,000 | ---D | M] PirateGalaxy -> C:\Documents and Settings\main\Application Data\PirateGalaxy -> [2009/06/22 17:33:10 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2000/01/02 17:09:32 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Owner\Application Data -> [2009/09/08 23:11:37 | 00,000,000 | -H-D | M] LimeWire -> C:\Documents and Settings\Owner\Application Data\LimeWire -> [2009/02/27 20:20:44 | 00,000,000 | ---D | M] OpenOffice.org -> C:\Documents and Settings\Owner\Application Data\OpenOffice.org -> [2009/02/27 20:20:38 | 00,000,000 | ---D | M] SecuROM -> C:\Documents and Settings\Owner\Application Data\SecuROM -> [2009/02/27 20:20:38 | 00,000,000 | RH-D | M] StarOffice8 -> C:\Documents and Settings\Owner\Application Data\StarOffice8 -> [2009/02/27 20:20:37 | 00,000,000 | ---D | M] XnView -> C:\Documents and Settings\Owner\Application Data\XnView -> [2009/02/27 20:20:30 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\owner.OWNERXP-B6DA981\Application Data -> [2009/09/07 09:30:23 | 00,000,000 | ---D | M] Smart-Shopper -> C:\Documents and Settings\owner.OWNERXP-B6DA981\Application Data\Smart-Shopper -> [2009/02/26 20:16:03 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009/09/07 18:32:33 | 00,000,000 | --SD | M] Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2009/09/07 10:31:40 | 00,000,472 | ---- | M] () desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2007/07/27 13:00:00 | 00,000,065 | RH-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/09/08 23:15:02 | 00,000,006 | -H-- | M] () [File - Purity Scan] [Alternate Data Streams] @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A6FD9B4 @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 < End of report > [/code]