[code] OTS logfile created on: 6/24/2011 2:31:42 PM - Run 1 OTS by OldTimer - Version 3.1.44.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 503.00 Mb Total Physical Memory | 156.00 Mb Available Physical Memory | 31.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.53 Gb Total Space | 103.53 Gb Free Space | 72.14% Space Free | Partition Type: NTFS Drive D: | 5.50 Gb Total Space | 1.15 Gb Free Space | 20.92% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-FSYLY0JTWN Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/06/24 14:23:10 | 000,645,120 | ---- | M] (OldTimer Tools) firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2011/06/21 23:45:55 | 000,924,632 | ---- | M] (Mozilla Corporation) avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) afwserv.exe -> C:\Program Files\Alwil Software\Avast5\afwServ.exe -> [2011/05/10 05:10:56 | 000,121,000 | ---- | M] (AVAST Software) soffice.bin -> C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20101015-2340\program\soffice.bin -> [2010/11/05 23:09:48 | 011,296,768 | ---- | M] (IBM) ssscheduler.exe -> C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe -> [2010/09/02 23:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) backupnowezsvr.exe -> C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -> [2010/02/22 11:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) em_exec.exe -> C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE -> [2004/01/08 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) ltmsg.exe -> C:\WINDOWS\ltmsg.exe -> [2003/07/14 11:52:44 | 000,040,960 | ---- | M] (Agere Systems) hphmon05.exe -> C:\WINDOWS\system32\hphmon05.exe -> [2003/05/23 02:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) hpqcmon.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe -> [2002/10/07 07:23:20 | 000,090,112 | ---- | M] () [Modules - Safe List] ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/06/24 14:23:10 | 000,645,120 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) lgmsghk.dll -> C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL -> [2004/01/08 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) lgwndhk.dll -> C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll -> [2004/01/08 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) [Win32 Services - Safe List] (LMIRescue_0b512d60-9fcc-464d-af31-62612f0040f0) LogMeIn Rescue (0b512d60-9fcc-464d-af31-62612f0040f0) [Auto | Stopped] -> -> File not found (HidServ) Human Interface Device Access [Disabled | Stopped] -> -> File not found (AppMgmt) Application Management [On_Demand | Stopped] -> -> File not found (AOLService) AOL Spyware Protection Service [Disabled | Stopped] -> -> File not found (avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) (avast! Firewall) avast! Firewall [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\afwServ.exe -> [2011/05/10 05:10:56 | 000,121,000 | ---- | M] (AVAST Software) (McComponentHostService) McAfee Security Scan Component Host Service [On_Demand | Stopped] -> C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -> [2010/09/02 23:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) (NTI BackupNowEZSvr) NTI BackupNowEZSvr [Auto | Running] -> C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -> [2010/02/22 11:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) (sdCoreService) PC Tools Security Service [Disabled | Stopped] -> C:\Program Files\Spyware Doctor\pctsSvc.exe -> [2010/01/15 12:14:36 | 001,079,176 | ---- | M] (PC Tools) (sdAuxService) PC Tools Auxiliary Service [Disabled | Stopped] -> C:\Program Files\Spyware Doctor\pctsAuxs.exe -> [2008/06/13 16:29:14 | 000,356,920 | ---- | M] (PC Tools) [Driver Services - Safe List] (aswFW) avast! TDI Firewall driver [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswFW.sys -> [2011/05/10 05:04:46 | 000,102,232 | ---- | M] (AVAST Software) (aswSnx) aswSnx [File_System | System | Running] -> C:\WINDOWS\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) (aswSP) aswSP [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) (aswNdis2) avast! Firewall Core Firewall Service [Kernel | Boot | Running] -> C:\WINDOWS\System32\drivers\aswNdis2.sys -> [2011/05/10 05:03:31 | 000,192,984 | ---- | M] (AVAST Software) (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) (aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) (aswRdr) aswRdr [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) (aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) (aswNdis) avast! Firewall NDIS Filter Service [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\aswNdis.sys -> [2010/09/07 08:24:46 | 000,012,112 | ---- | M] (ALWIL Software) (BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -> [2010/06/06 20:12:22 | 000,049,904 | R--- | M] (Avanquest Software) (IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\iksyssec.sys -> [2008/08/25 12:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) (IKSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\iksysflt.sys -> [2008/08/25 12:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) (IKFileSec) File Security Driver [File_System | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ikfilesec.sys -> [2008/08/25 12:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) (RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtnicxp.sys -> [2008/02/25 13:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) (MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\MxlW2k.sys -> [2006/08/16 07:49:59 | 000,028,256 | ---- | M] (MusicMatch, Inc.) (Ps2) Ps2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\PS2.sys -> [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) (AFS2K) AFS2K [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\AFS2K.SYS -> [2005/03/04 16:37:36 | 000,043,672 | ---- | M] (Oak Technology Inc.) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) (S3Psddr) S3Psddr [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s3gnbm.sys -> [2004/08/03 22:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) (SunkFilt) Alcor Micro Corp - 9360 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Sunkfilt.sys -> [2004/03/22 12:05:22 | 000,039,904 | ---- | M] (Alcor Micro Corp.) (ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ALCXSENS.SYS -> [2004/02/17 06:49:14 | 000,391,424 | ---- | M] (Sensaura Ltd) (LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LMouFlt2.Sys -> [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) (L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\L8042pr2.Sys -> [2003/12/17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) (ltmodem5) Agere Modem Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ltmdmnt.sys -> [2003/12/12 20:03:10 | 000,652,689 | ---- | M] (Agere Systems) (pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pfc.sys -> [2003/09/03 11:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) (nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\DRIVERS\nv_agp.sys -> [2003/09/02 23:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) (SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> C:\Program Files\Symantec\SYMEVENT.SYS -> [2003/08/15 17:22:12 | 000,082,136 | ---- | M] (Symantec Corporation) (nvcap) nVidia WDM Video Capture (universal) [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\nvcap.sys -> [2003/07/30 02:15:00 | 000,126,348 | ---- | M] () (NVXBAR) nVidia WDM A/V Crossbar [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\nvxbar.sys -> [2003/07/30 02:15:00 | 000,013,006 | ---- | M] (NVIDIA Corporation) (viaagp1) VIA AGP Filter [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\DRIVERS\viaagp1.sys -> [2003/07/02 11:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) (fasttx2k) fasttx2k [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -> [2003/06/19 01:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) (SiS315) SiS315 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\sisgrp.sys -> [2003/05/06 15:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) (SiSkp) SiSkp [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\srvkp.sys -> [2003/04/11 08:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) (SISAGP) SiS AGP Filter [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -> [2003/02/20 16:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) (rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\R8139n51.sys -> [2002/10/04 17:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) (Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\ftdisk.sys -> [2002/08/29 05:00:00 | 000,161,920 | ---- | M] () (PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\PalmUSBD.sys -> [2002/08/20 13:00:00 | 000,016,509 | ---- | M] (Palm, Inc.) (NMUSB) NMUSB [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Nmusb.sys -> [2001/08/16 02:04:00 | 000,025,056 | ---- | M] (Creative Technology Ltd.) (PfModNT) PfModNT [Kernel | Auto | Running] -> C:\WINDOWS\system32\PfModNT.sys -> [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\__aswSnx private storage\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\] > -> -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\: Main\\"Start Page" -> http://search.babylon.com/home?AF=17710 -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\: SearchURL\\"" -> http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\9ux2ub59.default\prefs.js -> browser.search.selectedEngine -> "Google" -> browser.startup.homepage -> "http://msn.com" -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2] -> [2009/11/25 18:28:38 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com -> C:\Program Files\Alwil Software\Avast5\WebRep\FF [C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF] -> [2011/05/17 17:20:47 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 5.0\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/06/21 23:45:57 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/06/23 12:04:32 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions -> [2008/06/21 22:58:52 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2915uf42.profile #1\extensions -> [2011/05/07 21:48:36 | 000,000,000 | ---D | M] Microsoft .NET Framework Assistant -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2915uf42.profile #1\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2011/03/03 08:25:37 | 000,000,000 | ---D | M] Flashblock -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2915uf42.profile #1\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/12/11 22:49:48 | 000,000,000 | ---D | M] Tabbrowser Preferences -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2915uf42.profile #1\extensions\{9b9d2aaa-ae26-4447-a7a1-633a32b19ddd} -> [2011/03/03 08:25:38 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2915uf42.profile #1\extensions\info@priceblink.com -> [2010/12/11 22:49:45 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ux2ub59.default\extensions -> [2005/05/10 15:36:55 | 000,000,000 | ---D | M] Adblock -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ux2ub59.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f} -> [2005/01/02 14:00:04 | 000,000,000 | ---D | M] googlebar -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ux2ub59.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6} -> [2005/05/10 16:19:47 | 000,000,000 | ---D | M] Firefox (default) -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ux2ub59.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2005/01/02 01:43:57 | 000,000,000 | ---D | M] No name found -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ux2ub59.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9} -> [2005/01/02 14:01:35 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ux2ub59.default\extensions\temp -> [2005/05/10 16:19:47 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2011/04/22 00:30:41 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/09/16 06:28:09 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/11/15 23:44:50 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2010/12/20 13:35:10 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} -> [2011/03/16 11:54:04 | 000,000,000 | ---D | M] -> C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com -> [2011/04/22 00:23:47 | 000,000,000 | ---D | M] < HOSTS File > ([2002/01/01 02:44:22 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/05/15 12:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.) {52706EF7-D7A2-49AD-A615-E903858CF284} [HKLM] -> [X1IEHook Class] -> File not found {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 15:25:44 | 001,562,960 | RHS- | M] (Safer Networking Limited) {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:33:54 | 000,198,136 | ---- | M] (Yahoo! Inc.) {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/03/23 10:16:33 | 000,668,656 | ---- | M] (Google Inc.) {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKLM] -> C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> [2005/02/03 18:07:08 | 000,124,032 | ---- | M] (Yahoo! Inc.) {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "" [HKLM] -> Reg Error: Key error. [] -> File not found "{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software) "{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP View] -> [2003/11/21 05:26:28 | 000,098,304 | ---- | M] (Hewlett-Packard Company) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/05/15 12:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.) "{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" [HKLM] -> [ZeroBar] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\] > -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP View] -> [2003/11/21 05:26:28 | 000,098,304 | ---- | M] (Hewlett-Packard Company) WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found WebBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP View] -> [2003/11/21 05:26:28 | 000,098,304 | ---- | M] (Hewlett-Packard Company) WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/05/15 12:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.) WebBrowser\\"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" [HKLM] -> [ZeroBar] -> File not found WebBrowser\\"{F5735C15-1FB2-41FE-BA12-242757E69DDE}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "CamMonitor" -> c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe [c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe] -> [2002/10/07 07:23:20 | 000,090,112 | ---- | M] () "HPDJ Taskbar Utility" -> C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe] -> [2004/06/21 03:40:38 | 000,172,032 | ---- | M] (HP) "HPHmon05" -> C:\WINDOWS\system32\hphmon05.exe [C:\WINDOWS\System32\hphmon05.exe] -> [2003/05/23 02:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) "Logitech Utility" -> C:\WINDOWS\LOGI_MWX.EXE [Logi_MwX.Exe] -> [2003/12/17 10:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) "LTMSG" -> C:\WINDOWS\ltmsg.exe [LTMSG.exe 7] -> [2003/07/14 11:52:44 | 000,040,960 | ---- | M] (Agere Systems) < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ALUAlert" -> C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE [C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe] -> [2004/07/19 18:26:26 | 000,263,320 | ---- | M] (Symantec Corporation) < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ALUAlert" -> C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE [C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe] -> [2004/07/19 18:26:26 | 000,263,320 | ---- | M] (Symantec Corporation) < Run [HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\] > -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "SymphonyPreLoad" -> ["C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.0.20101015-2340\IBM Lotus Symphony" -nogui -nosplash] -> File not found < RunServicesOnce [HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\] > -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce -> "washindex" -> C:\Program Files\Washer\washidx.exe [C:\Program Files\Washer\washidx.exe] -> [2002/08/15 04:07:02 | 000,033,792 | ---- | M] () < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe -> [2010/09/02 23:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions \Infodelivery\Restrictions\\"NoSplash" -> [0] -> File not found < Software Policy Settings [HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003] > -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HonorAutoRunSetting" -> [1] -> File not found \\"NoCDBurning" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003] > -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"" -> [] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003] > -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> [res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> [res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\common\yiesrvc.dll [Button: AT&T Yahoo! Services] -> [2006/10/31 16:33:54 | 000,198,136 | ---- | M] (Yahoo! Inc.) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 15:25:44 | 001,562,960 | RHS- | M] (Safer Networking Limited) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\] > -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:33:54 | 000,198,136 | ---- | M] (Yahoo! Inc.) CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.] -> File not found < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5576 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\__aswSnx private storage\] > -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\__aswSnx private storage\] > -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5576 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\] > -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 15137 domain(s) found. -> .[msn] -> My Computer -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> taxact2008 .[https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\] > -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {2B323CD9-50E3-11D3-9466-00A0C9700498} [HKLM] -> http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab [Yahoo! Audio Conferencing] -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [Symantec AntiVirus scanner] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll [Installation Support] -> {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} [HKLM] -> http://aolcc.aol.com/computercheckup/qdiagcc.cab [QDiagAOLCCUpdateObj Class] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Symantec RuFSI Utility Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154042618004 [MUWebControl Class] -> {7D1E9C49-BD6A-11D3-87A8-009027A35D73} [HKLM] -> http://chat.yahoo.com/cab/yacsui.cab [Yahoo! Audio UI1] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] -> {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} [HKLM] -> http://www.microsoft.com/security/controls/SassCln.CAB [SassCln Object] -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Reg Error: Key error.] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Reg Error: Key error.] -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} [HKLM] -> http://chat.msn.com/bin/msnchat45.cab [MSN Chat Control 4.5] -> Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 10.0.0.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3BB506FC-DC08-455D-A5DB-753132FEDBEF}\\DhcpNameServer -> 10.0.0.1 (Realtek RTL8139/810x Family Fast Ethernet NIC) -> IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles "MaxScriptStatements" -> Reg Error: Invalid data type. "Use My Stylesheet" -> Reg Error: Invalid data type. "User Stylesheet" -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2004/11/02 09:59:20 | 000,348,160 | ---- | M] (Intel Corporation) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" [HKLM] -> C:\Program Files\Microsoft AntiSpyware\shellextension.dll [Microsoft AntiSpyware Service Hook] -> [2005/02/10 23:32:20 | 000,093,408 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2008/10/16 21:12:28 | 000,283,992 | ---- | M] (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2008/10/16 21:12:28 | 000,053,248 | ---- | M] (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/10/25 10:27:42 | 000,107,864 | ---- | M] (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2008/10/16 21:12:30 | 000,562,520 | ---- | M] (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2004/03/12 01:45:16 | 000,368,640 | ---- | M] () "C:\Program Files\MSN Messenger\msnmsgr.exe" -> [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2] -> File not found < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\2nd Story Software\TaxACT 2007\TaxACT07.exe" -> C:\Program Files\2nd Story Software\TaxACT 2007\TaxACT07.exe [C:\Program Files\2nd Story Software\TaxACT 2007\TaxACT07.exe:*:Enabled:TaxACT 2007] -> [2008/01/07 10:06:20 | 005,279,744 | ---- | M] (2nd Story Software) "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" -> C:\Program Files\Google\Google Earth\plugin\geplugin.exe [C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth] -> [2011/05/17 02:40:44 | 000,072,704 | ---- | M] (Google) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2008/10/16 21:12:28 | 000,283,992 | ---- | M] (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2008/10/16 21:12:28 | 000,053,248 | ---- | M] (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/10/25 10:27:42 | 000,107,864 | ---- | M] (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2008/10/16 21:12:30 | 000,562,520 | ---- | M] (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2004/03/12 01:45:16 | 000,368,640 | ---- | M] () "C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client] -> [2008/06/10 19:04:58 | 000,689,456 | ---- | M] (Hewlett-Packard) "C:\Program Files\Microsoft Games\Microsoft Golf 1999 Edition\msGolf99.exe" -> C:\Program Files\Microsoft Games\Microsoft Golf 1999 Edition\msGolf99.exe [C:\Program Files\Microsoft Games\Microsoft Golf 1999 Edition\msGolf99.exe:*:Enabled:Microsoft Golf '98] -> [2004/03/01 12:34:31 | 003,538,432 | ---- | M] (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2011/06/21 23:45:55 | 000,924,632 | ---- | M] (Mozilla Corporation) "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2006/10/26 22:21:50 | 000,091,640 | ---- | M] (Yahoo! Inc.) "C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\System32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/13 17:12:18 | 000,083,456 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAK [] -> C:\AUTOEXEC.BAK [ NTFS ] -> [2004/03/01 12:51:56 | 000,000,000 | ---- | M] () C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/03/01 12:51:56 | 000,000,000 | ---- | M] () D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-3423375189-4244327808-2501610088-1003\SOFTWARE\Classes\\ -> .com [@ = ComFile] -> Reg Error: Key error. -> File not found .exe [@ = exefile] -> Reg Error: Key error. -> File not found [Registry - Additional Scans - Safe List] < Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> "AOLService" -> -> "Apple Mobile Device" -> -> "Browser" -> -> "CiSvc" -> -> "FastUserSwitchingCompatibility" -> -> "gupdate1c985b54077524a" -> -> "gusvc" -> -> "iPod Service" -> -> "mnmsrvc" -> -> "Netlogon" -> -> "RasMan" -> -> "RDSessMgr" -> -> "SBAMSvc" -> -> "SCardSvr" -> -> "sdAuxService" -> -> "sdCoreService" -> -> "TapiSrv" -> -> "TermService" -> -> "UPS" -> -> "WinDefend" -> -> "WMPNetworkSvc" -> -> "WZCSVC" -> -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk -> C:\QUICKENW\BILLMIND.EXE -> [1998/08/24 21:17:56 | 000,030,208 | ---- | M] (Intuit) C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> [2008/10/16 20:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -> [2004/05/29 00:06:36 | 000,053,248 | ---- | M] (Hewlett-Packard Co.) C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk -> -> File not found C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> [2006/11/21 19:16:02 | 000,724,992 | ---- | M] (Intuit, Inc.) C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk -> C:\QUICKENW\QWDLLS.EXE -> [1998/08/24 21:18:12 | 000,027,136 | ---- | M] (Intuit) C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register.lnk -> C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe -> [2002/02/16 01:38:38 | 000,113,664 | ---- | M] (AzureBay) C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk -> C:\Program Files\SBC Self Support Tool\bin\matcli.exe -> [2003/10/10 10:06:10 | 000,217,088 | ---- | M] (Motive Communications, Inc.) C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk -> C:\Program Files\Greetings Workshop\GWREMIND.EXE -> [1996/06/25 01:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk -> -> File not found C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2009/08/18 15:49:56 | 000,384,000 | ---- | M] () C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Organize.lnk -> -> File not found < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> Acme.PCHButton hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP Instant Support\Pavilion\XPHNABP4EN\plugin\bin\PCHButton.exe -> [2003/10/10 22:29:48 | 000,159,744 | ---- | M] (Motive Communications, Inc.) Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2011/03/29 21:59:06 | 000,937,920 | R--- | M] (Adobe Systems Incorporated) Adobe Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> [2007/03/09 12:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe -> [2011/06/07 21:02:26 | 000,037,296 | ---- | M] (Adobe Systems Incorporated) AlcxMonitor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\ALCXMNTR.EXE -> [2004/09/07 14:47:52 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) BackupNotify hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe -> [2003/06/22 21:25:28 | 000,024,576 | ---- | M] ( ) BackupNowEZtray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe -> [2010/02/22 11:44:20 | 000,577,792 | ---- | M] (NewTech Infosystems, Inc.) gcasServ hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft AntiSpyware\gcasServ.exe -> [2005/02/10 23:32:22 | 000,473,920 | ---- | M] (Microsoft Corporation) HP Software Update hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 17:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) ISTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Spyware Doctor\pctsTray.exe -> [2008/08/25 12:36:36 | 001,168,264 | ---- | M] (PC Tools) iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2008/10/01 19:57:12 | 000,289,576 | ---- | M] (Apple Inc.) KBD hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\hp\KBD\kbd.exe -> [2005/02/02 16:44:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) LTMSG hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\ltmsg.exe -> [2003/07/14 11:52:44 | 000,040,960 | ---- | M] (Agere Systems) MoneyAgent hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft Money\System\Money Express.exe -> [1999/08/04 00:00:00 | 000,122,940 | ---- | M] (Microsoft Corporation) Motive SmartBridge hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe -> [2003/12/10 05:52:40 | 000,380,928 | ---- | M] (Motive Communications, Inc.) NVIEW hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\QTTask.exe -> [2008/09/06 16:09:14 | 000,413,696 | ---- | M] (Apple Inc.) Recguard hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\SMINST\Recguard.exe -> [2002/09/13 21:42:26 | 000,212,992 | ---- | M] () SpybotSD TeaTimer hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2006/01/21 23:52:42 | 000,180,269 | ---- | M] (RealNetworks, Inc.) Washer hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Washer\washer.exe -> [2002/08/15 04:07:02 | 000,428,544 | ---- | M] (Webroot Software, Inc.) Yahoo! Pager hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> [2006/10/26 22:21:48 | 004,662,776 | ---- | M] (Yahoo! Inc.) YBrowser hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Yahoo!\browser\ybrwicon.exe -> [2006/07/21 17:19:46 | 000,129,536 | ---- | M] (Yahoo! Inc.) < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> "bootini" -> 0 -> "services" -> 2 -> "startup" -> 2 -> "system.ini" -> 0 -> "win.ini" -> 0 -> < Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "MSACM.CEGSM" -> C:\WINDOWS\System32\mobileV.acm [mobilev.acm] -> [2005/01/04 12:37:36 | 000,057,422 | ---- | M] () "msacm.ctmp3" -> C:\WINDOWS\system32\ctmp3.acm [C:\WINDOWS\System32\ctmp3.acm] -> [2001/01/09 05:00:00 | 000,364,544 | ---- | M] (Microsoft Corporation) "msacm.dvacm" -> C:\Program Files\Common Files\Ulead Systems\Vio\DVACM.acm [C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm] -> [2001/12/05 13:59:38 | 000,057,344 | ---- | M] (Ulead Systems, Inc.) "msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\System32\iac25_32.ax] -> [2008/04/13 17:12:42 | 000,199,680 | ---- | M] (Intel Corporation) "msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\System32\l3codeca.acm] -> [2010/01/29 07:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 17:10:50 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.) "msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2002/08/29 05:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.) "MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 17:12:08 | 000,053,760 | ---- | M] (Microsoft Corporation) "vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2010/06/17 07:03:00 | 000,080,384 | ---- | M] (Radius Inc.) "vidc.iv31" -> C:\WINDOWS\system32\ir32_32.dll [C:\WINDOWS\system32\ir32_32.dll] -> [1995/11/07 12:46:00 | 000,199,168 | ---- | M] () "vidc.iv32" -> C:\WINDOWS\system32\ir32_32.dll [C:\WINDOWS\system32\ir32_32.dll] -> [1995/11/07 12:46:00 | 000,199,168 | ---- | M] () "vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 17:12:42 | 000,848,384 | ---- | M] (Intel Corporation) "vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 17:11:55 | 000,755,200 | ---- | M] (Intel Corporation) "vidc.LEAD" -> C:\WINDOWS\System32\LCodcCMP.dll [LCODCCMP.DLL] -> [2002/04/24 19:42:18 | 000,364,544 | ---- | M] (LEAD Technologies, Inc.) "VIDC.YVU9" -> C:\WINDOWS\System32\iyvu9_32.dll [iyvu9_32.dll] -> [1997/06/13 12:56:08 | 000,056,832 | ---- | M] () < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> 6to4 -> -> File not found AppMgmt -> -> File not found HidServ -> -> File not found Ias -> -> File not found Iprip -> -> File not found Irmon -> -> File not found NWCWorkstation -> -> File not found Nwsapagent -> -> File not found WmdmPmSp -> -> File not found *MultiFile Done* -> -> < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices AppMgmt -> -> File not found Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group PCI Configuration -> Driver Group PNP Filter -> Driver Group Primary disk -> Driver Group SCSI Class -> Driver Group sdauxservice -> C:\Program Files\Spyware Doctor\pctsAuxs.exe -> [2008/06/13 16:29:14 | 000,356,920 | ---- | M] (PC Tools) sdcoreservice -> C:\Program Files\Spyware Doctor\pctsSvc.exe -> [2010/01/15 12:14:36 | 001,079,176 | ---- | M] (PC Tools) sermouse.sys -> Driver System Bus Extender -> Driver Group vds -> Service vga.sys -> Driver < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> exefile [open] -> "%1" %* -> InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Antivirus [ Error ] 2/4/2010 3:06:43 PM Computer Name = YOUR-FSYLY0JTWN | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 2/25/2010 10:48:11 PM Computer Name = YOUR-FSYLY0JTWN | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 4/7/2010 2:07:15 PM Computer Name = YOUR-FSYLY0JTWN | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 5/24/2010 2:24:05 AM Computer Name = YOUR-FSYLY0JTWN | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 6/23/2010 9:30:13 PM Computer Name = YOUR-FSYLY0JTWN | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 7/20/2010 9:28:52 PM Computer Name = YOUR-FSYLY0JTWN | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 7/22/2010 10:39:17 AM Computer Name = YOUR-FSYLY0JTWN | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 7/24/2010 12:58:04 AM Computer Name = YOUR-FSYLY0JTWN | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 8/16/2010 1:42:23 PM Computer Name = YOUR-FSYLY0JTWN | Source = avast! | ID = 33554522 -> Description = Antivirus [ Error ] 8/16/2010 1:58:58 PM Computer Name = YOUR-FSYLY0JTWN | Source = avast! | ID = 33554522 -> Description = Application [ Error ] 6/8/2011 3:20:33 PM Computer Name = YOUR-FSYLY0JTWN | Source = Application Hang | ID = 1002 -> Description = Hanging application helpctr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 6/23/2011 2:46:21 PM Computer Name = YOUR-FSYLY0JTWN | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System [ Error ] 6/22/2011 2:35:53 AM Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000 -> Description = The nVidia WDM Video Capture (universal) service failed to start due to the following error: %%1058 System [ Error ] 6/22/2011 2:35:53 AM Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000 -> Description = The nVidia WDM A/V Crossbar service failed to start due to the following error: %%1058 System [ Error ] 6/23/2011 3:08:20 PM Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000 -> Description = The LogMeIn Rescue (0b512d60-9fcc-464d-af31-62612f0040f0) service failed to start due to the following error: %%3 System [ Error ] 6/23/2011 3:08:20 PM Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000 -> Description = The nVidia WDM Video Capture (universal) service failed to start due to the following error: %%1058 System [ Error ] 6/23/2011 3:08:20 PM Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000 -> Description = The nVidia WDM A/V Crossbar service failed to start due to the following error: %%1058 System [ Error ] 6/24/2011 12:34:56 AM Computer Name = YOUR-FSYLY0JTWN | Source = sr | ID = 1 -> Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. System [ Error ] 6/24/2011 12:35:16 AM Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000 -> Description = The LogMeIn Rescue (0b512d60-9fcc-464d-af31-62612f0040f0) service failed to start due to the following error: %%3 System [ Error ] 6/24/2011 12:35:16 AM Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000 -> Description = The nVidia WDM Video Capture (universal) service failed to start due to the following error: %%1058 System [ Error ] 6/24/2011 12:35:16 AM Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000 -> Description = The nVidia WDM A/V Crossbar service failed to start due to the following error: %%1058 System [ Error ] 6/24/2011 12:35:17 AM Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: agp440 fasttx2k nv_agp SISAGP viaagp1 [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/06/24 14:22:59 | 000,645,120 | ---- | C] (OldTimer Tools) Malwarebytes -> C:\Documents and Settings\Owner\Application Data\Malwarebytes -> [2011/06/23 17:54:11 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2011/06/23 17:53:45 | 000,039,984 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/06/23 17:53:45 | 000,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2011/06/23 17:53:44 | 000,000,000 | ---D | C] mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/06/23 17:53:37 | 000,022,712 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/06/23 17:53:37 | 000,000,000 | ---D | C] RECYCLER -> C:\RECYCLER -> [2011/06/16 17:34:04 | 000,000,000 | -HSD | C] mup.sys -> C:\WINDOWS\System32\dllcache\mup.sys -> [2011/06/16 17:31:14 | 000,105,472 | ---- | C] (Microsoft Corporation) Google Earth -> C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth -> [2011/06/10 20:54:08 | 000,000,000 | ---D | C] File Type Assistant -> C:\Program Files\File Type Assistant -> [2011/06/08 12:31:25 | 000,000,000 | ---D | C] AI_RecycleBin -> C:\WINDOWS\System32\AI_RecycleBin -> [2011/06/08 12:29:51 | 000,000,000 | -HSD | C] Sophos -> C:\Documents and Settings\All Users\Start Menu\Programs\Sophos -> [2011/06/08 10:22:27 | 000,000,000 | ---D | C] Sophos -> C:\Program Files\Sophos -> [2011/06/08 10:22:26 | 000,000,000 | ---D | C] IMPLODE.DLL -> C:\WINDOWS\System32\IMPLODE.DLL -> [2005/04/01 18:09:12 | 000,018,944 | ---- | C] ( ) 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> [Files/Folders - Modified Within 30 Days] OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/06/24 14:23:10 | 000,645,120 | ---- | M] (OldTimer Tools) GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2011/06/24 13:47:00 | 000,000,886 | ---- | M] () Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2011/06/24 13:38:12 | 000,000,868 | ---- | M] () Symantec NetDetect.job -> C:\WINDOWS\tasks\Symantec NetDetect.job -> [2011/06/24 12:43:14 | 000,000,364 | ---- | M] () SyncBack Mark & Christine Lillard's backup.job -> C:\WINDOWS\tasks\SyncBack Mark & Christine Lillard's backup.job -> [2011/06/24 05:01:17 | 000,000,476 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2011/06/23 23:50:57 | 000,000,813 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/06/23 23:50:57 | 000,000,795 | ---- | M] () Disk Cleanup.job -> C:\WINDOWS\tasks\Disk Cleanup.job -> [2011/06/23 23:09:56 | 000,000,260 | ---- | M] () hpsysdrv.DAT -> C:\WINDOWS\System\hpsysdrv.DAT -> [2011/06/23 21:35:34 | 000,000,189 | ---- | M] () GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2011/06/23 21:35:19 | 000,000,882 | ---- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/06/23 21:34:49 | 000,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/06/23 21:34:48 | 527,814,656 | -HS- | M] () Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2011/06/23 12:04:33 | 000,001,740 | ---- | M] () Spybot - Search & Destroy - Scheduled Task.job -> C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [2011/06/22 17:00:44 | 000,000,306 | ---- | M] () MBR.dat -> C:\Documents and Settings\Owner\Desktop\MBR.dat -> [2011/06/22 07:15:22 | 000,000,512 | ---- | M] () FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2011/06/21 23:49:01 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/06/19 22:05:32 | 000,445,370 | ---- | M] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/06/19 22:05:32 | 000,072,576 | ---- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/06/19 17:32:32 | 000,001,158 | ---- | M] () imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/06/16 17:43:37 | 000,001,374 | ---- | M] () Shortcut to ComboFix(1).lnk -> C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix(1).lnk -> [2011/06/13 22:07:50 | 000,000,671 | ---- | M] () Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2011/06/10 20:54:09 | 000,001,926 | ---- | M] () TaxACT10.ini -> C:\WINDOWS\TaxACT10.ini -> [2011/06/04 15:08:20 | 000,000,038 | ---- | M] () mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2011/05/30 15:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) Map to Placerville.odt -> C:\Documents and Settings\Owner\My Documents\Map to Placerville.odt -> [2011/05/26 12:02:32 | 000,014,576 | ---- | M] () 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> [Files - No Company Name] Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2011/06/23 23:50:57 | 000,000,813 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/06/23 17:53:46 | 000,000,795 | ---- | C] () MBR.dat -> C:\Documents and Settings\Owner\Desktop\MBR.dat -> [2011/06/22 07:15:22 | 000,000,512 | ---- | C] () Shortcut to ComboFix(1).lnk -> C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix(1).lnk -> [2011/06/13 22:03:45 | 000,000,671 | ---- | C] () Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2011/06/10 20:54:09 | 000,001,926 | ---- | C] () Map to Placerville.odt -> C:\Documents and Settings\Owner\My Documents\Map to Placerville.odt -> [2011/05/26 12:02:32 | 000,014,576 | ---- | C] () TaxACT10.ini -> C:\WINDOWS\TaxACT10.ini -> [2011/01/21 17:30:26 | 000,000,038 | ---- | C] () MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2011/01/12 23:06:36 | 000,000,206 | ---- | C] () hpwins23.dat -> C:\WINDOWS\hpwins23.dat -> [2009/11/25 17:59:56 | 000,187,116 | ---- | C] () hpwmdl23.dat -> C:\WINDOWS\hpwmdl23.dat -> [2009/11/25 17:59:56 | 000,001,847 | ---- | C] () TaxACT09.ini -> C:\WINDOWS\TaxACT09.ini -> [2009/10/09 10:42:16 | 000,000,061 | ---- | C] () TaxACT08.ini -> C:\WINDOWS\TaxACT08.ini -> [2008/10/02 15:14:16 | 000,000,057 | ---- | C] () dragon.ini -> C:\WINDOWS\dragon.ini -> [2008/07/28 14:51:39 | 000,000,097 | ---- | C] () hpqEmlSz.INI -> C:\WINDOWS\hpqEmlSz.INI -> [2008/07/18 23:36:36 | 000,000,000 | ---- | C] () TaxACT07.ini -> C:\WINDOWS\TaxACT07.ini -> [2007/10/02 13:07:23 | 000,000,088 | ---- | C] () QHI.INI -> C:\WINDOWS\QHI.INI -> [2007/02/21 12:37:54 | 000,000,094 | ---- | C] () cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2007/02/19 11:46:58 | 000,000,543 | ---- | C] () HP_48BitScanUpdatePatch.ini -> C:\WINDOWS\HP_48BitScanUpdatePatch.ini -> [2006/12/26 09:54:33 | 000,000,214 | ---- | C] () TaxACT06.ini -> C:\WINDOWS\TaxACT06.ini -> [2006/10/03 07:54:20 | 000,000,141 | ---- | C] () unwash.exe -> C:\WINDOWS\unwash.exe -> [2006/09/14 22:42:52 | 000,043,008 | ---- | C] () A5W.INI -> C:\WINDOWS\A5W.INI -> [2006/09/12 15:30:00 | 000,000,035 | ---- | C] () uninstall NMRA06.exe -> C:\WINDOWS\uninstall NMRA06.exe -> [2006/09/02 07:49:36 | 000,219,046 | ---- | C] () HPGdiPlus.ini -> C:\WINDOWS\HPGdiPlus.ini -> [2006/04/30 09:02:37 | 000,000,206 | ---- | C] () dswplug.ini -> C:\WINDOWS\dswplug.ini -> [2006/03/26 10:32:17 | 000,000,026 | ---- | C] () YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2006/03/21 20:47:05 | 000,065,536 | ---- | C] () jautoexp.dat -> C:\WINDOWS\jautoexp.dat -> [2006/03/21 19:51:44 | 000,006,550 | ---- | C] () TaxACT05.ini -> C:\WINDOWS\TaxACT05.ini -> [2006/01/29 19:08:09 | 000,000,141 | ---- | C] () P2SODBC.DLL -> C:\WINDOWS\System32\P2SODBC.DLL -> [2005/04/01 18:09:13 | 000,131,072 | ---- | C] () P2IRDAO.DLL -> C:\WINDOWS\System32\P2IRDAO.DLL -> [2005/04/01 18:09:13 | 000,054,272 | ---- | C] () P2CTDAO.DLL -> C:\WINDOWS\System32\P2CTDAO.DLL -> [2005/04/01 18:09:13 | 000,050,176 | ---- | C] () P2BBND.DLL -> C:\WINDOWS\System32\P2BBND.DLL -> [2005/04/01 18:09:13 | 000,036,352 | ---- | C] () CO2C40EN.DLL -> C:\WINDOWS\System32\CO2C40EN.DLL -> [2005/04/01 18:09:12 | 000,748,160 | ---- | C] () InstallHelp.dll -> C:\WINDOWS\System32\InstallHelp.dll -> [2005/03/20 12:59:09 | 000,204,857 | ---- | C] () GMTUninstall.exe -> C:\WINDOWS\System32\GMTUninstall.exe -> [2005/03/20 12:59:09 | 000,111,308 | ---- | C] () cpeins04.dat -> C:\WINDOWS\cpeins04.dat -> [2005/03/04 16:38:05 | 000,100,724 | ---- | C] () hpomdl04.dat.temp -> C:\WINDOWS\hpomdl04.dat.temp -> [2005/03/04 16:38:05 | 000,017,176 | ---- | C] () hpomdl04.dat -> C:\WINDOWS\hpomdl04.dat -> [2005/03/03 16:27:52 | 000,017,176 | ---- | C] () hpoins04.dat -> C:\WINDOWS\hpoins04.dat -> [2005/03/03 16:00:44 | 000,104,265 | ---- | C] () TaxACT04.ini -> C:\WINDOWS\TaxACT04.ini -> [2005/01/11 14:37:33 | 000,000,127 | ---- | C] () _MSRSTRT.EXE -> C:\WINDOWS\_MSRSTRT.EXE -> [2005/01/09 08:26:12 | 000,002,560 | ---- | C] () UninstallFirefox.exe -> C:\WINDOWS\UninstallFirefox.exe -> [2005/01/02 01:43:48 | 000,107,134 | ---- | C] () mozver.dat -> C:\WINDOWS\mozver.dat -> [2005/01/02 01:43:28 | 000,005,457 | ---- | C] () iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2004/11/08 09:47:21 | 000,000,034 | ---- | C] () qfnonl.ini -> C:\WINDOWS\qfnonl.ini -> [2004/10/06 00:49:46 | 000,000,024 | ---- | C] () QFP.INI -> C:\WINDOWS\QFP.INI -> [2004/10/05 14:19:57 | 000,000,071 | ---- | C] () RDMWIN32.DLL -> C:\WINDOWS\System32\RDMWIN32.DLL -> [2004/10/05 14:19:50 | 000,207,872 | ---- | C] () ICOADB32.DAT -> C:\WINDOWS\ICOADB32.DAT -> [2004/10/05 14:19:48 | 000,006,472 | ---- | C] () ADDRBOOK.INI -> C:\WINDOWS\ADDRBOOK.INI -> [2004/10/05 14:19:48 | 000,000,252 | ---- | C] () secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/09/29 04:16:49 | 000,004,569 | ---- | C] () msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2004/09/28 15:36:48 | 000,000,004 | ---- | C] () pixworks.ini -> C:\WINDOWS\pixworks.ini -> [2004/08/09 15:02:27 | 000,000,052 | ---- | C] () RegHero.exe -> C:\WINDOWS\System32\RegHero.exe -> [2004/07/02 13:02:23 | 000,028,672 | ---- | C] () ICOA.INI -> C:\WINDOWS\ICOA.INI -> [2004/04/23 11:27:31 | 000,000,028 | ---- | C] () QFN.ini -> C:\WINDOWS\QFN.ini -> [2004/04/23 11:27:14 | 000,000,000 | ---- | C] () QDQICK.ini -> C:\WINDOWS\QDQICK.ini -> [2004/04/23 11:27:14 | 000,000,000 | ---- | C] () UnFL99.exe -> C:\WINDOWS\UnFL99.exe -> [2004/04/21 14:37:40 | 000,177,136 | ---- | C] () Unwise32.exe -> C:\WINDOWS\Unwise32.exe -> [2004/04/21 14:37:40 | 000,109,056 | ---- | C] () fiz15 -> C:\Program Files\fiz15 -> [2004/04/09 16:19:42 | 000,030,121 | -H-- | C] () fiz3 -> C:\Program Files\fiz3 -> [2004/04/09 16:19:42 | 000,030,119 | -H-- | C] () fiz18 -> C:\Program Files\fiz18 -> [2004/04/09 16:19:42 | 000,030,119 | -H-- | C] () fiz14 -> C:\Program Files\fiz14 -> [2004/04/09 16:19:42 | 000,030,110 | -H-- | C] () fiz2 -> C:\Program Files\fiz2 -> [2004/04/09 16:19:42 | 000,030,100 | -H-- | C] () fiz19 -> C:\Program Files\fiz19 -> [2004/04/09 16:19:42 | 000,030,086 | -H-- | C] () fiz10 -> C:\Program Files\fiz10 -> [2004/04/09 16:19:42 | 000,030,073 | -H-- | C] () fiz9 -> C:\Program Files\fiz9 -> [2004/04/09 16:19:42 | 000,030,072 | -H-- | C] () fiz5 -> C:\Program Files\fiz5 -> [2004/04/09 16:19:42 | 000,030,072 | -H-- | C] () fiz4 -> C:\Program Files\fiz4 -> [2004/04/09 16:19:42 | 000,030,069 | -H-- | C] () fiz1 -> C:\Program Files\fiz1 -> [2004/04/09 16:19:42 | 000,030,068 | -H-- | C] () fiz6 -> C:\Program Files\fiz6 -> [2004/04/09 16:19:42 | 000,030,066 | -H-- | C] () fiz16 -> C:\Program Files\fiz16 -> [2004/04/09 16:19:42 | 000,030,060 | -H-- | C] () fiz12 -> C:\Program Files\fiz12 -> [2004/04/09 16:19:42 | 000,030,032 | -H-- | C] () fiz8 -> C:\Program Files\fiz8 -> [2004/04/09 16:19:42 | 000,030,023 | -H-- | C] () fiz11 -> C:\Program Files\fiz11 -> [2004/04/09 16:19:42 | 000,030,021 | -H-- | C] () fiz13 -> C:\Program Files\fiz13 -> [2004/04/09 16:19:42 | 000,030,014 | -H-- | C] () fiz7 -> C:\Program Files\fiz7 -> [2004/04/09 16:19:42 | 000,030,008 | -H-- | C] () fiz17 -> C:\Program Files\fiz17 -> [2004/04/09 16:19:42 | 000,030,007 | -H-- | C] () fiz0 -> C:\Program Files\fiz0 -> [2004/04/09 16:19:42 | 000,006,467 | -H-- | C] () kyf.dat -> C:\Program Files\kyf.dat -> [2004/04/09 12:29:05 | 002,912,866 | -H-- | C] () pcconfig.dat -> C:\WINDOWS\pcconfig.dat -> [2004/04/05 02:15:55 | 000,000,125 | -H-- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2004/03/19 04:08:58 | 000,083,968 | ---- | C] () INTURS.DAT -> C:\WINDOWS\INTURS.DAT -> [2004/03/07 12:56:13 | 000,000,030 | ---- | C] () aolback.exe.lnk -> C:\WINDOWS\aolback.exe.lnk -> [2004/03/03 16:35:30 | 000,000,726 | ---- | C] () QBWCD.INI -> C:\WINDOWS\QBWCD.INI -> [2004/03/02 03:02:55 | 000,000,012 | ---- | C] () Ulead32.ini -> C:\WINDOWS\Ulead32.ini -> [2004/03/01 15:30:40 | 000,000,883 | ---- | C] () MKCoInstaller.dll -> C:\WINDOWS\System32\MKCoInstaller.dll -> [2004/03/01 15:27:08 | 000,110,592 | ---- | C] () nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2004/03/01 14:49:14 | 000,000,335 | ---- | C] () m2kasl.ini -> C:\WINDOWS\m2kasl.ini -> [2004/03/01 13:07:22 | 000,000,068 | ---- | C] () Tx32.dll -> C:\WINDOWS\System32\Tx32.dll -> [2004/03/01 12:57:24 | 000,314,880 | ---- | C] () FAMDOC.INI -> C:\WINDOWS\FAMDOC.INI -> [2004/03/01 12:51:49 | 000,001,103 | ---- | C] () VBRUN100.DLL -> C:\WINDOWS\VBRUN100.DLL -> [2004/03/01 12:51:42 | 000,271,264 | ---- | C] () FD3SETUP.EXE -> C:\WINDOWS\FD3SETUP.EXE -> [2004/03/01 12:51:42 | 000,046,226 | ---- | C] () SETUPKIT.DLL -> C:\WINDOWS\SETUPKIT.DLL -> [2004/03/01 12:51:42 | 000,007,008 | ---- | C] () iyvu9_32.dll -> C:\WINDOWS\System32\iyvu9_32.dll -> [2004/03/01 12:36:31 | 000,056,832 | ---- | C] () Wine Country Screen Saver.ini -> C:\WINDOWS\Wine Country Screen Saver.ini -> [2004/03/01 12:20:23 | 000,000,239 | ---- | C] () iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2004/03/01 11:54:42 | 000,000,075 | ---- | C] () REGPSD20.INI -> C:\WINDOWS\REGPSD20.INI -> [2004/03/01 11:02:14 | 000,000,036 | ---- | C] () Viewer.ini -> C:\WINDOWS\Viewer.ini -> [2004/03/01 11:01:49 | 000,000,037 | ---- | C] () PSDEWIN.INI -> C:\WINDOWS\PSDEWIN.INI -> [2004/03/01 10:59:40 | 000,000,781 | ---- | C] () psdxport.ini -> C:\WINDOWS\psdxport.ini -> [2004/03/01 10:59:40 | 000,000,080 | ---- | C] () MSREGUSR.INI -> C:\WINDOWS\MSREGUSR.INI -> [2004/02/29 18:54:38 | 000,000,000 | ---- | C] () encarta.ini -> C:\WINDOWS\encarta.ini -> [2004/02/29 18:44:51 | 000,000,057 | ---- | C] () WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2004/02/29 18:36:08 | 000,000,492 | ---- | C] () UNSUCCSS.EXE -> C:\WINDOWS\UNSUCCSS.EXE -> [2004/02/29 18:35:34 | 000,067,951 | ---- | C] () SLS.INI -> C:\WINDOWS\SLS.INI -> [2004/02/29 18:35:27 | 000,000,072 | ---- | C] () TrpMaker.INI -> C:\WINDOWS\TrpMaker.INI -> [2004/02/29 18:31:07 | 000,000,510 | ---- | C] () LEADDIB.DRV -> C:\WINDOWS\System32\LEADDIB.DRV -> [2004/02/29 18:30:34 | 000,038,688 | ---- | C] () MSVCRT10.DLL -> C:\WINDOWS\System32\MSVCRT10.DLL -> [2004/02/29 18:30:32 | 000,210,944 | ---- | C] () FPRUN300.DLL -> C:\WINDOWS\System32\FPRUN300.DLL -> [2004/02/29 18:29:19 | 000,011,136 | ---- | C] () ahd3.ini -> C:\WINDOWS\ahd3.ini -> [2004/02/29 18:15:20 | 000,000,429 | ---- | C] () AzureBay.bmp -> C:\Documents and Settings\Owner\Local Settings\Application Data\AzureBay.bmp -> [2004/02/29 18:13:00 | 003,932,214 | ---- | C] () sswpprep.bmp -> C:\Documents and Settings\Owner\Local Settings\Application Data\sswpprep.bmp -> [2004/02/29 18:12:59 | 002,359,350 | ---- | C] () AzureBay.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\AzureBay.ini -> [2004/02/29 18:12:59 | 000,000,678 | ---- | C] () ScreenSaver.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\ScreenSaver.ini -> [2004/02/29 18:12:33 | 000,000,612 | ---- | C] () TaxACT03.ini -> C:\WINDOWS\TaxACT03.ini -> [2004/02/29 14:56:10 | 000,000,128 | ---- | C] () qwimp.ini -> C:\WINDOWS\qwimp.ini -> [2004/02/28 22:42:09 | 000,000,078 | ---- | C] () intuprof.ini -> C:\WINDOWS\intuprof.ini -> [2004/02/28 22:42:08 | 000,001,442 | ---- | C] () DAntivirus.ini -> C:\WINDOWS\System32\DAntivirus.ini -> [2004/01/22 12:00:28 | 000,012,635 | ---- | C] () perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2003/11/05 17:06:59 | 000,272,128 | ---- | C] () perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2003/11/05 17:06:59 | 000,028,626 | ---- | C] () oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2003/11/05 17:06:56 | 000,004,490 | ---- | C] () oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2003/11/05 17:06:51 | 013,107,200 | ---- | C] () noise.dat -> C:\WINDOWS\System32\noise.dat -> [2003/11/05 17:06:46 | 000,000,741 | ---- | C] () mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2003/11/05 17:06:24 | 000,673,088 | ---- | C] () mib.bin -> C:\WINDOWS\System32\mib.bin -> [2003/11/05 17:06:24 | 000,046,258 | ---- | C] () ftdisk.sys -> C:\WINDOWS\System32\drivers\ftdisk.sys -> [2003/11/05 17:05:22 | 000,161,920 | ---- | C] () dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2003/11/05 17:05:17 | 000,218,003 | ---- | C] () dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2003/11/05 17:04:36 | 000,001,804 | ---- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2003/10/13 22:41:40 | 000,000,061 | ---- | C] () mshrml.ini -> C:\WINDOWS\System32\mshrml.ini -> [2003/10/13 22:24:52 | 000,000,051 | ---- | C] () 1_ssetup.ini -> C:\WINDOWS\System32\1_ssetup.ini -> [2003/10/13 15:52:52 | 000,000,438 | ---- | C] () sunistlog.ini -> C:\WINDOWS\System32\sunistlog.ini -> [2003/10/13 15:52:52 | 000,000,000 | ---- | C] () d3d8caps.dat -> C:\WINDOWS\System32\d3d8caps.dat -> [2003/10/11 01:15:25 | 000,001,100 | ---- | C] () fusioncache.dat -> C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat -> [2003/10/10 22:31:27 | 000,000,128 | ---- | C] () PCDrJNI_1_1.dll -> C:\WINDOWS\System32\PCDrJNI_1_1.dll -> [2003/10/10 22:29:24 | 000,167,936 | ---- | C] () bwUnin-6.2.3.66.exe -> C:\WINDOWS\bwUnin-6.2.3.66.exe -> [2003/10/10 22:26:40 | 000,090,112 | R--- | C] () CHODDI.SYS -> C:\WINDOWS\System32\CHODDI.SYS -> [2003/10/10 22:24:47 | 000,030,203 | ---- | C] () syscontr.dll -> C:\WINDOWS\System32\syscontr.dll -> [2003/10/10 22:24:29 | 000,024,576 | ---- | C] () hpreg.dll -> C:\WINDOWS\System32\hpreg.dll -> [2003/10/10 22:23:52 | 000,045,056 | ---- | C] () ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2003/10/10 22:18:34 | 000,001,120 | ---- | C] () QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2003/10/10 22:07:37 | 000,002,835 | ---- | C] () hphmon05.dat -> C:\WINDOWS\System32\hphmon05.dat -> [2003/10/10 21:30:11 | 000,006,848 | ---- | C] () HPHins01.dat -> C:\WINDOWS\HPHins01.dat -> [2003/10/10 21:30:06 | 000,018,403 | ---- | C] () hphmdl01.dat -> C:\WINDOWS\hphmdl01.dat -> [2003/10/10 21:30:06 | 000,004,308 | ---- | C] () hpomdl03.dat.temp -> C:\WINDOWS\hpomdl03.dat.temp -> [2003/10/10 21:12:25 | 000,034,468 | ---- | C] () hpoins03.dat.temp -> C:\WINDOWS\hpoins03.dat.temp -> [2003/10/10 21:12:25 | 000,028,884 | ---- | C] () hpomdl03.dat -> C:\WINDOWS\hpomdl03.dat -> [2003/10/10 20:47:15 | 000,034,468 | ---- | C] () hpdins01.dat -> C:\WINDOWS\hpdins01.dat -> [2003/10/10 20:39:27 | 000,014,676 | ---- | C] () hpzmdl01.dat -> C:\WINDOWS\hpzmdl01.dat -> [2003/10/10 20:39:27 | 000,000,000 | ---- | C] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2003/10/10 20:31:33 | 000,001,793 | ---- | C] () alcxinit.dat -> C:\WINDOWS\System32\drivers\alcxinit.dat -> [2003/10/10 20:25:30 | 000,001,040 | ---- | C] () nvcap.sys -> C:\WINDOWS\System32\drivers\nvcap.sys -> [2003/10/10 20:23:54 | 000,126,348 | ---- | C] () sis740.bin -> C:\WINDOWS\System32\sis740.bin -> [2003/10/10 20:22:04 | 000,049,152 | ---- | C] () sis650.bin -> C:\WINDOWS\System32\sis650.bin -> [2003/10/10 20:22:04 | 000,049,152 | ---- | C] () psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2003/10/10 20:05:09 | 000,363,520 | ---- | C] () PythonCOM22.dll -> C:\WINDOWS\System32\PythonCOM22.dll -> [2003/10/10 19:56:51 | 000,299,073 | ---- | C] () PyWinTypes22.dll -> C:\WINDOWS\System32\PyWinTypes22.dll -> [2003/10/10 19:56:51 | 000,065,536 | ---- | C] () bcbmm.dll -> C:\WINDOWS\System32\bcbmm.dll -> [2003/10/10 19:56:33 | 000,016,896 | ---- | C] () orun32.ini -> C:\WINDOWS\orun32.ini -> [2003/10/10 19:35:14 | 000,000,802 | ---- | C] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2003/10/10 19:33:45 | 000,002,048 | --S- | C] () emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2003/10/10 19:30:06 | 000,021,640 | ---- | C] () oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2003/10/10 19:22:28 | 000,000,667 | ---- | C] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2003/10/10 19:22:15 | 000,445,370 | ---- | C] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2003/10/10 19:22:15 | 000,072,576 | ---- | C] () ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2003/10/10 12:26:28 | 000,004,518 | ---- | C] () FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2003/10/10 12:25:42 | 000,404,712 | ---- | C] () px.ini -> C:\WINDOWS\System32\px.ini -> [2003/09/23 01:19:42 | 000,000,000 | ---- | C] () DProg.ini -> C:\WINDOWS\System32\DProg.ini -> [2003/03/27 15:28:44 | 000,004,955 | ---- | C] () PEV.exe -> C:\WINDOWS\PEV.exe -> [2002/01/01 01:32:34 | 000,256,512 | ---- | C] () MBR.exe -> C:\WINDOWS\MBR.exe -> [2002/01/01 01:32:34 | 000,208,896 | ---- | C] () sed.exe -> C:\WINDOWS\sed.exe -> [2002/01/01 01:32:34 | 000,098,816 | ---- | C] () grep.exe -> C:\WINDOWS\grep.exe -> [2002/01/01 01:32:34 | 000,080,412 | ---- | C] () zip.exe -> C:\WINDOWS\zip.exe -> [2002/01/01 01:32:34 | 000,068,096 | ---- | C] () MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 11:46:58 | 000,065,536 | ---- | C] () REGOBJ.DLL -> C:\WINDOWS\System32\REGOBJ.DLL -> [1998/01/12 01:00:00 | 000,040,448 | ---- | C] () [File - Lop Check] interMute -> C:\Documents and Settings\Administrator\Application Data\interMute -> [2003/10/13 22:24:52 | 000,000,000 | ---D | M] SampleView -> C:\Documents and Settings\Administrator\Application Data\SampleView -> [2003/10/10 22:47:50 | 000,000,000 | ---D | M] Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/08/26 06:57:22 | 000,000,000 | ---D | M] bOgCnHf01803 -> C:\Documents and Settings\All Users\Application Data\bOgCnHf01803 -> [2011/02/16 12:08:58 | 000,000,000 | ---D | M] Media Get LLC -> C:\Documents and Settings\All Users\Application Data\Media Get LLC -> [2011/04/22 00:35:01 | 000,000,000 | ---D | M] NCH Swift Sound -> C:\Documents and Settings\All Users\Application Data\NCH Swift Sound -> [2011/04/26 23:51:18 | 000,000,000 | ---D | M] Netscape Internet Service -> C:\Documents and Settings\All Users\Application Data\Netscape Internet Service -> [2005/02/21 13:19:15 | 000,000,000 | ---D | M] NTIReg -> C:\Documents and Settings\All Users\Application Data\NTIReg -> [2010/11/24 14:35:49 | 000,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/06/23 21:40:04 | 000,000,000 | ---D | M] Titanium -> C:\Documents and Settings\All Users\Application Data\Titanium -> [2010/12/03 12:26:26 | 000,000,000 | ---D | M] Ulead Systems -> C:\Documents and Settings\All Users\Application Data\Ulead Systems -> [2004/03/01 15:38:33 | 000,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2004/03/03 13:38:34 | 000,000,000 | ---D | M] {3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/11/07 10:09:36 | 000,000,000 | ---D | M] interMute -> C:\Documents and Settings\Default User\Application Data\interMute -> [2003/10/13 22:24:52 | 000,000,000 | ---D | M] SampleView -> C:\Documents and Settings\Default User\Application Data\SampleView -> [2003/10/10 22:47:50 | 000,000,000 | ---D | M] Blitware -> C:\Documents and Settings\Owner\Application Data\Blitware -> [2011/02/10 12:09:03 | 000,000,000 | ---D | M] Business Logic -> C:\Documents and Settings\Owner\Application Data\Business Logic -> [2004/03/08 03:04:16 | 000,000,000 | ---D | M] Common Files -> C:\Documents and Settings\Owner\Application Data\Common Files -> [2009/06/24 07:15:27 | 000,000,000 | ---D | M] EssentialPIM Pro -> C:\Documents and Settings\Owner\Application Data\EssentialPIM Pro -> [2005/08/22 12:22:44 | 000,000,000 | ---D | M] FDRLab -> C:\Documents and Settings\Owner\Application Data\FDRLab -> [2008/01/26 22:46:43 | 000,000,000 | ---D | M] GoodSync -> C:\Documents and Settings\Owner\Application Data\GoodSync -> [2008/02/27 13:21:47 | 000,000,000 | ---D | M] interMute -> C:\Documents and Settings\Owner\Application Data\interMute -> [2004/12/12 12:58:31 | 000,000,000 | ---D | M] InterTrust -> C:\Documents and Settings\Owner\Application Data\InterTrust -> [2004/03/01 15:22:43 | 000,000,000 | ---D | M] InterVideo -> C:\Documents and Settings\Owner\Application Data\InterVideo -> [2004/03/01 11:16:40 | 000,000,000 | ---D | M] Leadertech -> C:\Documents and Settings\Owner\Application Data\Leadertech -> [2004/04/24 06:47:12 | 000,000,000 | ---D | M] Lycos -> C:\Documents and Settings\Owner\Application Data\Lycos -> [2004/12/12 13:46:03 | 000,000,000 | ---D | M] Netscape -> C:\Documents and Settings\Owner\Application Data\Netscape -> [2005/03/20 13:45:31 | 000,000,000 | ---D | M] OpenOffice.org -> C:\Documents and Settings\Owner\Application Data\OpenOffice.org -> [2010/02/10 23:51:05 | 000,000,000 | ---D | M] rawh -> C:\Documents and Settings\Owner\Application Data\rawh -> [2005/05/05 09:41:18 | 000,000,000 | ---D | M] SampleView -> C:\Documents and Settings\Owner\Application Data\SampleView -> [2003/10/10 22:47:50 | 000,000,000 | ---D | M] Template -> C:\Documents and Settings\Owner\Application Data\Template -> [2004/05/19 04:18:43 | 000,000,000 | ---D | M] Titanium -> C:\Documents and Settings\Owner\Application Data\Titanium -> [2010/12/03 12:30:55 | 000,000,000 | ---D | M] Ulead Systems -> C:\Documents and Settings\Owner\Application Data\Ulead Systems -> [2004/10/03 18:59:31 | 000,000,000 | ---D | M] Watchtower -> C:\Documents and Settings\Owner\Application Data\Watchtower -> [2011/01/13 12:02:40 | 000,000,000 | ---D | M] {12EE7A5E-0674-42f9-A76B-000000004D00} -> C:\Documents and Settings\Owner\Application Data\{12EE7A5E-0674-42f9-A76B-000000004D00} -> [2005/02/08 02:04:01 | 000,000,000 | ---D | M] Disk Cleanup.job -> C:\WINDOWS\Tasks\Disk Cleanup.job -> [2011/06/23 23:09:56 | 000,000,260 | ---- | M] () expressburnShakeIcon.job -> C:\WINDOWS\Tasks\expressburnShakeIcon.job -> [2011/05/05 23:44:11 | 000,000,298 | ---- | M] () expressripShakeIcon.job -> C:\WINDOWS\Tasks\expressripShakeIcon.job -> [2011/05/05 23:44:19 | 000,000,294 | ---- | M] () SyncBack Mark & Christine Lillard's backup.job -> C:\WINDOWS\Tasks\SyncBack Mark & Christine Lillard's backup.job -> [2011/06/24 05:01:17 | 000,000,476 | ---- | M] () [Custom Scans] < %SYSTEMDRIVE%\*.exe > aswclnravastcleaner.exe -> C:\aswclnravastcleaner.exe -> [2007/05/25 23:11:51 | 000,407,680 | ---- | M] (ALWIL Software) GoogleEarth-0762.exe -> C:\GoogleEarth-0762.exe -> [2006/07/02 23:24:12 | 011,817,800 | ---- | M] (InstallShield Software Corporation) ta04dxdw.exe -> C:\ta04dxdw.exe -> [2005/01/11 14:36:44 | 008,471,123 | ---- | M] () WindowsServer2003-KB823980-x86-ENU.exe -> C:\WindowsServer2003-KB823980-x86-ENU.exe -> [2006/09/16 23:00:04 | 001,488,160 | ---- | M] (Microsoft Corporation) ysftcntr_current.exe -> C:\ysftcntr_current.exe -> [2006/12/21 15:18:23 | 000,480,760 | ---- | M] (Yahoo! Inc.) < MD5 Scans Start> < %systemdrive%\EXPLORER.EXE /md5 /s > explorer.exe : MD5=12896823FB95BFB3DC9B46BCAEDC9923 -> C:\WINDOWS\ERDNT\cache\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=12896823FB95BFB3DC9B46BCAEDC9923 -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=12896823FB95BFB3DC9B46BCAEDC9923 -> C:\WINDOWS\ServicePackFiles\i386\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -> C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe -> [2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) < %systemdrive%\SVCHOST.EXE /md5 /s > svchost.exe : MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -> C:\WINDOWS\ERDNT\cache\svchost.exe -> [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) svchost.exe : MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -> C:\WINDOWS\ServicePackFiles\i386\svchost.exe -> [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) svchost.exe : MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -> C:\WINDOWS\system32\svchost.exe -> [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) < %systemdrive%\USERINIT.EXE /md5 /s > userinit.exe : MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -> C:\WINDOWS\ERDNT\cache\userinit.exe -> [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) userinit.exe : MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -> C:\WINDOWS\ServicePackFiles\i386\userinit.exe -> [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) userinit.exe : MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) < %systemdrive%\VOLSNAP.IN_ /md5 /s > VOLSNAP.IN_ : MD5=62C53D73B499DF617902EEA3C96F7D89 -> C:\WINDOWS\I386\VOLSNAP.IN_ -> [2002/08/29 12:00:00 | 000,000,698 | ---- | M] () < %systemdrive%\VOLSNAP.INF /md5 /s > volsnap.inf : MD5=1C43F4D998567C9D2463E18669F33A3C -> C:\WINDOWS\inf\volsnap.inf -> [2002/08/29 12:00:00 | 000,001,095 | ---- | M] () < %systemdrive%\VOLSNAP.PNF /md5 /s > volsnap.PNF : MD5=E479619F2BF274CA211D65458943333B -> C:\WINDOWS\inf\volsnap.PNF -> [2004/02/28 17:48:11 | 000,004,964 | ---- | M] () < %systemdrive%\VOLSNAP.SY_ /md5 /s > VOLSNAP.SY_ : MD5=4ADB6F7627E090B157F1C93536C54FC2 -> C:\WINDOWS\I386\VOLSNAP.SY_ -> [2002/08/29 12:00:00 | 000,024,744 | ---- | M] () < %systemdrive%\VOLSNAP.SYS /md5 /s > volsnap.sys : MD5=4C8FCB5CC53AAB716D810740FE59D025 -> C:\WINDOWS\ServicePackFiles\i386\volsnap.sys -> [2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) volsnap.sys : MD5=4C8FCB5CC53AAB716D810740FE59D025 -> C:\WINDOWS\system32\drivers\volsnap.sys -> [2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) < %systemdrive%\WINLOGON.EXE /md5 /s > winlogon.exe : MD5=ED0EF0A136DEC83DF69F04118870003E -> C:\WINDOWS\ERDNT\cache\winlogon.exe -> [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) winlogon.exe : MD5=ED0EF0A136DEC83DF69F04118870003E -> C:\WINDOWS\ServicePackFiles\i386\winlogon.exe -> [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) winlogon.exe : MD5=ED0EF0A136DEC83DF69F04118870003E -> C:\WINDOWS\system32\winlogon.exe -> [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2011/06/21 23:45:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2011/06/21 23:45:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2011/06/21 23:45:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE] -> [2011/06/21 23:45:55 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2011/06/21 23:45:55 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2011/06/21 23:45:55 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"] -> [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\ -> C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN6.EXE ["C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN6.EXE"] -> [2002/08/29 05:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\YBROWSER.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\YBROWSER.EXE\shell\open\command\\ -> C:\Program Files\Yahoo!\browser\ybrowser.exe ["C:\PROGRA~1\YAHOO!\BROWSER\YBROWSER.EXE"] -> [2006/08/11 20:53:02 | 000,668,184 | ---- | M] (Yahoo!, Inc.) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2011/06/21 23:45:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2011/06/21 23:45:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2011/06/21 23:45:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE] -> [2011/06/21 23:45:55 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2011/06/21 23:45:55 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2011/06/21 23:45:55 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"] -> [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\ -> C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN6.EXE ["C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN6.EXE"] -> [2002/08/29 05:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\YBROWSER.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\YBROWSER.EXE\shell\open\command\\ -> C:\Program Files\Yahoo!\browser\ybrowser.exe ["C:\PROGRA~1\YAHOO!\BROWSER\YBROWSER.EXE"] -> [2006/08/11 20:53:02 | 000,668,184 | ---- | M] (Yahoo!, Inc.) Restore point Set: OTS Restore Point (0) [Alternate Data Streams] @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report > [/code]