Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Action Cancelled and running slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Action Cancelled and running slow

Unread postby PopaTom » January 24th, 2010, 2:32 pm

Hi Peku

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:28 on 24/01/2010 by Tom (Administrator - Elevation successful)

========== regfind ==========

Searching for "tmp16.tmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E4CE2C914CE26E648B83F0C8B68DE7B6\SourceList]
"PackageName"="tmp16.tmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E4CE2C914CE26E648B83F0C8B68DE7B6\SourceList]
"PackageName"="tmp16.tmp"

-=End Of File=-

Thank You, PopaTom
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm
Advertisement
Register to Remove

Re: Action Cancelled and running slow

Unread postby peku006 » January 24th, 2010, 2:59 pm

Hi PopaTom

Back Up registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E4CE2C914CE26E648B83F0C8B68DE7B6\SourceList]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E4CE2C914CE26E648B83F0C8B68DE7B6\SourceList]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Action Cancelled and running slow

Unread postby PopaTom » January 24th, 2010, 6:11 pm

Hi Peku;
After the scan had finished I tried to load "Ninja Trader" again. It failed to load and left a msg in an error window. The heading of the error window was "Windows Installer". The body of the msg read " The system administrator has set policies to prevent this installation".

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E4CE2C914CE26E648B83F0C8B68DE7B6\SourceList\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E4CE2C914CE26E648B83F0C8B68DE7B6\SourceList\ not found.

OTM by OldTimer - Version 3.1.2.2 log created on 01242010_150838

Thank You, PopaTom
Last edited by PopaTom on January 25th, 2010, 8:58 am, edited 1 time in total.
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Action Cancelled and running slow

Unread postby peku006 » January 25th, 2010, 3:44 am

Hi PopaTom

Download and run OTS

  • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.

      NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Action Cancelled and running slow

Unread postby PopaTom » January 25th, 2010, 8:22 am

Hi Peku;
Here is the OTS scan. After the scan had finished I tried to load "Ninja Trader and it failed. The "Windows Installer" error msg read "The system administrator has set policies to prevent this program from loading"

Code: Select all
OTS logfile created on: 1/25/2010 4:52:20 AM - Run 1
OTS by OldTimer - Version 3.1.19.5     Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
767.00 Mb Total Physical Memory | 417.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.39 Gb Total Space | 15.32 Gb Free Space | 50.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 41.31 Gb Total Space | 41.21 Gb Free Space | 99.74% Space Free | Partition Type: NTFS
Drive H: | 40.08 Gb Total Space | 40.00 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: TOM1
Current User Name: Tom
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Tom\Desktop\OTS.exe -> [2010/01/25 04:48:29 | 00,631,296 | ---- | M] (OldTimer Tools)
avgtray.exe -> C:\Program Files\AVG\AVG9\avgtray.exe -> [2009/12/31 09:36:18 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG9\avgrsx.exe -> [2009/12/11 14:05:17 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVG9\avgnsx.exe -> [2009/12/11 14:05:16 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgchsvx.exe -> C:\Program Files\AVG\AVG9\avgchsvx.exe -> [2009/11/22 16:19:00 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcsrvx.exe -> C:\Program Files\AVG\AVG9\avgcsrvx.exe -> [2009/11/22 16:18:58 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgemc.exe -> C:\Program Files\AVG\AVG9\avgemc.exe -> [2009/11/22 16:18:50 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2009/11/22 16:18:48 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/04/02 13:03:13 | 00,039,408 | ---- | M] (Google Inc.)
wscntfy.exe -> C:\WINDOWS\system32\wscntfy.exe -> [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
hpqsrmon.exe -> C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe -> [2008/03/13 09:34:28 | 00,081,920 | ---- | M] (Hewlett-Packard)
crosshair.exe -> C:\Program Files\CrossHair\CrossHair.exe -> [2006/07/23 17:06:56 | 00,094,208 | ---- | M] ()
kodakccs.exe -> C:\WINDOWS\system32\drivers\KodakCCS.exe -> [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company)
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> [2003/07/28 15:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation)
wkcalrem.exe -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe -> [2001/08/07 16:06:54 | 00,024,633 | ---- | M] (Microsoft® Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Tom\Desktop\OTS.exe -> [2010/01/25 04:48:29 | 00,631,296 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2009/12/17 16:36:24 | 00,067,360 | ---- | M] (NOS Microsystems Ltd.)
(avg9emc) AVG Free E-mail Scanner [Auto | Running] -> C:\Program Files\AVG\AVG9\avgemc.exe -> [2009/11/22 16:18:50 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg9wd) AVG Free WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2009/11/22 16:18:48 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.)
(gupdate) Google Update Service (gupdate) [Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/10/30 10:45:30 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [Auto | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/10/30 10:44:06 | 00,194,032 | ---- | M] (Google)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(hpqcxs08) hpqcxs08 [On_Demand | Stopped] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2009/05/21 20:21:18 | 00,248,832 | ---- | M] (Hewlett-Packard Co.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -> [2009/04/05 22:39:45 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.dll -> [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard)
(Net Driver HPZ12) Net Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZinw12.dll -> [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard)
(hpqddsvc) HP CUE DeviceDiscovery Service [On_Demand | Stopped] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -> [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(KodakCCS) Kodak Camera Connection Software [Auto | Running] -> C:\WINDOWS\system32\drivers\KodakCCS.exe -> [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company)
(NVSvc) NVIDIA Driver Helper Service [Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> [2003/07/28 15:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation)
 
[Driver Services - Safe List]
(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
(Wpsnuio) WPS NDIS Usermode I/O Protocol [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\wpsnuio.sys -> [2010/01/02 16:16:41 | 00,013,696 | ---- | M] (Skyhook Wireless)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/11/22 16:19:24 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/11/22 16:19:24 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/11/22 16:19:24 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZid412.sys -> [2009/08/26 22:41:08 | 00,049,920 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZipr12.sys -> [2009/08/26 22:41:04 | 00,016,496 | ---- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZius12.sys -> [2009/08/26 22:40:06 | 00,021,568 | ---- | M] (HP)
(PSI) PSI [File_System | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\psi_mf.sys -> [2009/06/17 05:20:34 | 00,012,648 | ---- | M] (Secunia)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -> [2008/02/13 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(Cdralw2k) Cdralw2k [Kernel | System | Stopped] -> C:\WINDOWS\system32\drivers\cdralw2k.sys -> [2007/02/02 03:00:00 | 00,009,464 | ---- | M] (Sonic Solutions)
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\cdr4_xp.sys -> [2007/02/02 03:00:00 | 00,009,336 | ---- | M] (Sonic Solutions)
(DcPTP) DcPTP [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\DcPtp.sys -> [2004/07/07 10:27:28 | 00,070,070 | ---- | M] (Eastman Kodak Company)
(Exportit) Exportit [Kernel | System | Stopped] -> C:\WINDOWS\system32\drivers\ExportIt.sys -> [2004/07/07 08:55:12 | 00,152,049 | ---- | M] (Eastman Kodak Company)
(DCFS2K) Kodak DCFS2K Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\DCFS2k.sys -> [2004/06/02 13:19:00 | 00,038,705 | ---- | M] (Eastman Kodak Company)
(DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\DcFpoint.sys -> [2004/05/20 08:41:54 | 00,061,564 | ---- | M] (Eastman Kodak Company)
(DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\DcLps.sys -> [2004/05/20 08:39:42 | 00,008,022 | ---- | M] (Eastman Kodak Company)
(DcCam) Kodak Camera Proxy [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\DcCam.sys -> [2004/05/20 08:21:10 | 00,036,918 | ---- | M] (Eastman Kodak Company)
(snapman) Apricorn Snapshots Manager [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\snapman.sys -> [2004/04/09 21:15:23 | 00,065,856 | ---- | M] (Apricorn)
(ezgmntr) EZ GIG II Backup Archive Explorer [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\ezgmntr.sys -> [2004/03/25 19:54:38 | 00,170,080 | ---- | M] (Apricorn)
(ezgfsfilt) EZ GIG II FS Filter [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\ezgfsfilt.sys -> [2004/03/25 19:54:38 | 00,026,912 | ---- | M] (Apricorn)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2003/07/28 15:19:00 | 01,341,339 | ---- | M] (NVIDIA Corporation)
(3c1807pd) U.S. Robotics V.92 Fax Win Int [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\3c1807pd.sys -> [2003/04/03 10:59:06 | 00,329,120 | ---- | M] (U.S. Robotics Corporation)
(PQNTDrv) PQNTDrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\PQNTDRV.sys -> [2003/03/14 14:18:30 | 00,004,228 | ---- | M] (PowerQuest Corporation)
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\BANTExt.sys -> [2003/03/06 14:48:08 | 00,003,840 | ---- | M] ()
(GUSBNET) Satellite Modem 360 USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gusbnet.sys -> [2002/11/17 11:57:24 | 00,039,572 | ---- | M] (Gilat Satellite Netwroks)
(GUSBFILTER) Gilat USB Adapter Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gusbfilter.sys -> [2002/11/17 11:57:24 | 00,003,124 | ---- | M] (Gilat Satellite Netwroks)
(cdudf_xp) cdudf_xp [File_System | System | Running] -> C:\WINDOWS\system32\drivers\Cdudf_xp.sys -> [2002/08/14 00:40:22 | 00,240,128 | ---- | M] (Roxio)
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Dvd_2k.sys -> [2002/08/01 01:20:12 | 00,025,578 | ---- | M] (Roxio)
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Mmc_2k.sys -> [2002/08/01 01:20:06 | 00,030,246 | ---- | M] (Roxio)
(pwd_2k) pwd_2k [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\pwd_2K.sys -> [2002/08/01 01:19:58 | 00,132,058 | ---- | M] (Roxio)
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> C:\WINDOWS\system32\drivers\UdfReadr_xp.sys -> [2002/08/01 01:16:30 | 00,206,464 | ---- | M] (Roxio)
(GSSUSB) Gilat SkyBlaster USB Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gssNic.sys -> [2002/04/29 03:40:04 | 00,161,681 | R--- | M] (Gilat Satellite Networks Ltd)
(NECEHCD) NEC PCI to USB Enhanced Host Controller [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\nehcd.sys -> [2001/11/30 00:40:50 | 00,033,911 | R--- | M] (OWC)
(FilterService) Filter Service [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\nusbd.sys -> [2001/11/30 00:40:50 | 00,032,500 | R--- | M] (OWC)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2001/08/18 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(USRpdA) U.S. Robotics 56K PCI Faxmodem Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USRpdA.sys -> [2001/08/17 14:28:26 | 00,113,762 | ---- | M] (U.S. Robotics Corporation)
(HCF_MSFT) HCF_MSFT [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HCF_MSFT.sys -> [2001/08/17 14:28:02 | 00,907,456 | ---- | M] (Conexant)
(ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ac97intc.sys -> [2001/08/17 05:20:04 | 00,096,256 | ---- | M] (Intel Corporation)
(DM9102) DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\DM9PCI5.SYS -> [2001/08/17 05:11:42 | 00,029,696 | ---- | M] (CNet Technology, Inc.                                                    )
(smwdm) smwdm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\smwdm.sys -> [2001/07/25 16:40:30 | 00,438,200 | ---- | M] (Analog Devices, Inc.)
(OMCI) OMCI [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/05/14 19:15:40 | 00,010,368 | ---- | M] (Dell Computer Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://red.clientapps.yahoo.com/customize/ie/defaults/cs/ymsgr6/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_USERS\.DEFAULT\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_USERS\S-1-5-18\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\] > -> -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language} -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\: "ProxyOverride" -> <local> -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\: "ProxyServer" -> http=127.0.0.1:9877 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Tom\Application Data\Mozilla\FireFox\Profiles\1yu32dil.default\prefs.js -> 
extensions.enabledItems -> {e1170235-2845-420c-acc3-42261a29dd46}:3.5.1 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2009/10/29 14:02:15 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions -> [2009/01/18 14:17:13 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1yu32dil.default\extensions -> [2009/03/18 00:11:53 | 00,000,000 | ---D | M]
Clipmarks   -> C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\1yu32dil.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46} -> [2009/01/18 14:25:34 | 00,000,000 | ---D | M]
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2009/06/30 17:08:14 | 00,328,248 | ---- | M] (Hewlett-Packard Co.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/12/21 18:27:44 | 00,075,200 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2009/12/12 09:27:13 | 00,329,312 | ---- | M] (RealPlayer)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2009/12/11 14:05:16 | 01,484,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Google Toolbar Notifier BHO] -> [2009/11/19 04:18:50 | 00,764,912 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Dictionary Compression sdch] -> [2009/10/26 05:46:12 | 00,458,736 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/11 04:17:29 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/10/11 04:17:12 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2009/06/30 17:07:40 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\] > -> HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" -> C:\Program Files\Google\Gmail Notifier\gnotify.exe [C:\Program Files\Google\Gmail Notifier\gnotify.exe] -> [2005/07/15 14:48:33 | 00,479,232 | ---- | M] (Google Inc.)
"3c1807pd" ->  [C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd] -> File not found
"Adobe ARM" -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2009/12/11 15:57:56 | 00,948,672 | R--- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/12/22 01:57:28 | 00,035,760 | ---- | M] (Adobe Systems Incorporated)
"AVG9_TRAY" -> C:\Program Files\AVG\AVG9\avgtray.exe [C:\PROGRA~1\AVG\AVG9\avgtray.exe] -> [2009/12/31 09:36:18 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
"HPDJ Taskbar Utility" -> C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe] -> [2004/03/04 08:46:24 | 00,172,032 | ---- | M] (HP)
"hpqSRMon" -> C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe [C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe] -> [2008/03/13 09:34:28 | 00,081,920 | ---- | M] (Hewlett-Packard)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2003/07/28 15:19:00 | 04,841,472 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2003/07/28 15:19:00 | 00,323,584 | ---- | M] (NVIDIA Corporation)
"USRpdA" ->  [C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA] -> File not found
"WinPatrol" -> C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot] -> [2009/10/10 14:07:08 | 00,320,832 | ---- | M] (BillP Studios)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/04/02 13:03:13 | 00,039,408 | ---- | M] (Google Inc.)
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/04/02 13:03:13 | 00,039,408 | ---- | M] (Google Inc.)
< Run [HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\] > -> HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"CrossHair" -> C:\Program Files\CrossHair\CrossHair.exe [C:\Program Files\CrossHair\CrossHair.exe] -> [2006/07/23 17:06:56 | 00,094,208 | ---- | M] ()
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/04/02 13:03:13 | 00,039,408 | ---- | M] (Google Inc.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe -> [2001/08/07 16:06:54 | 00,024,633 | ---- | M] (Microsoft® Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMART-ER.lnk -> C:\Program Files\Apricorn\SMART-ER\SMART-ER.EXE -> [2001/05/01 13:17:54 | 00,286,720 | ---- | M] (Apricorn)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Tom Startup Folder > -> C:\Documents and Settings\Tom\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk -> C:\Program Files\Secunia\PSI\psi.exe -> [2009/08/21 01:15:32 | 00,900,816 | ---- | M] (Secunia)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoJITSetup" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoUpdateCheck" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoSplash" ->  [0] -> File not found
< Software Policy Settings [HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004] > -> HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\Software\Policies\Microsoft\Internet Explorer
\\"DisableImportExportFavorites" ->  [0] -> File not found
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel
\Control Panel\\"GeneralTab" ->  [0] -> File not found
\Control Panel\\"SecurityTab" ->  [0] -> File not found
\Control Panel\\"PrivacyTab" ->  [0] -> File not found
\Control Panel\\"ContentTab" ->  [0] -> File not found
\Control Panel\\"ConnectionsTab" ->  [0] -> File not found
\Control Panel\\"ProgramsTab" ->  [0] -> File not found
\Control Panel\\"AdvancedTab" ->  [0] -> File not found
\Control Panel\\"Advanced" ->  [0] -> File not found
\Control Panel\\"Cache" ->  [0] -> File not found
\Control Panel\\"History" ->  [0] -> File not found
\Control Panel\\"Colors" ->  [0] -> File not found
\Control Panel\\"links" ->  [0] -> File not found
\Control Panel\\"Fonts" ->  [0] -> File not found
\Control Panel\\"Languages" ->  [0] -> File not found
\Control Panel\\"Accessibility" ->  [0] -> File not found
\Control Panel\\"Connwiz Admin Lock" ->  [0] -> File not found
\Control Panel\\"Connection Settings" ->  [0] -> File not found
\Control Panel\\"Proxy" ->  [0] -> File not found
\Control Panel\\"Autoconfig" ->  [0] -> File not found
\Control Panel\\"Ratings" ->  [0] -> File not found
\Control Panel\\"Certificates" ->  [0] -> File not found
\Control Panel\\"Profiles" ->  [0] -> File not found
\Control Panel\\"FormSuggest" ->  [0] -> File not found
\Control Panel\\"FormSuggest Passwords" ->  [0] -> File not found
\Control Panel\\"Messaging" ->  [0] -> File not found
\Control Panel\\"CalendarContact" ->  [0] -> File not found
\Control Panel\\"ResetWebSettings" ->  [0] -> File not found
\Control Panel\\"Check_If_Default" ->  [0] -> File not found
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoBrowserSaveWebComplete" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoSearchCustomization" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoAddingChannels" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoRemovingChannels" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoAddingSubscriptions" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoEditingSubscriptions" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoRemovingSubscriptions" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoChannelLogging" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoScheduledUpdates" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoSubscriptionPasswords" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoChannelUI" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoSubscriptionContent" ->  [0] -> File not found
\Infodelivery\Restrictions\\"NoEditingScheduleGroups" ->  [0] -> File not found
\Infodelivery\Restrictions\\"MaxSubscriptionSize" ->  [0] -> File not found
\Infodelivery\Restrictions\\"MaxSubscriptionCount" ->  [0] -> File not found
\Infodelivery\Restrictions\\"MinUpdateInterval" ->  [0] -> File not found
\Infodelivery\Restrictions\\"UpdateExcludeBegin" ->  [0] -> File not found
\Infodelivery\Restrictions\\"UpdateExcludeEnd" ->  [0] -> File not found
\Infodelivery\Restrictions\\"MaxWebcrawlLevels" ->  [1] -> File not found
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Persistence\0
\Persistence\0\\"DomainLimit" ->  [1024] -> File not found
\Persistence\0\\"DocumentLimit" ->  [128] -> File not found
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Persistence\1
\Persistence\1\\"DomainLimit" ->  [10240] -> File not found
\Persistence\1\\"DocumentLimit" ->  [512] -> File not found
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Persistence\2
\Persistence\2\\"DomainLimit" ->  [1024] -> File not found
\Persistence\2\\"DocumentLimit" ->  [128] -> File not found
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Persistence\3
\Persistence\3\\"DomainLimit" ->  [1024] -> File not found
\Persistence\3\\"DocumentLimit" ->  [128] -> File not found
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Persistence\4
\Persistence\4\\"DomainLimit" ->  [640] -> File not found
\Persistence\4\\"DocumentLimit" ->  [64] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoMSAppLogo5ChannelNotify" ->  [0] -> File not found
\\"NoBandCustomize" ->  [0] -> File not found
\\"NoSharedDocuments" ->  [0] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"CDRAutoRun" ->  [0] -> File not found
\\"NoLogOff" ->  [0] -> File not found
\\"NoClose" ->  [0] -> File not found
\\"NoSetFolders" ->  [0] -> File not found
\\"NoFavoritesMenu" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"CDRAutoRun" ->  [0] -> File not found
\\"NoLogOff" ->  [0] -> File not found
\\"NoClose" ->  [0] -> File not found
\\"NoSetFolders" ->  [0] -> File not found
\\"NoFavoritesMenu" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004] > -> HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoNetHood" ->  [0] -> File not found
\\"NoFavoritesMenu" ->  [0] -> File not found
\\"NoChangeStartMenu" ->  [0] -> File not found
\\"NoLogoff" ->  [0] -> File not found
\\"NoSetTaskbar" ->  [0] -> File not found
\\"NoFileMenu" ->  [0] -> File not found
\\"EnforceShellExtensionSecurity" ->  [0] -> File not found
\\"LinkResolveIgnoreLinkInfo" ->  [0] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"NoNetConnectDisconnect" ->  [0] -> File not found
\\"NoDeletePrinter" ->  [0] -> File not found
\\"NoAddPrinter" ->  [0] -> File not found
\\"NoPrinterTabs" ->  [0] -> File not found
\\"Btn_Back" ->  [0] -> File not found
\\"Btn_Forward" ->  [0] -> File not found
\\"Btn_Stop" ->  [0] -> File not found
\\"Btn_Refresh" ->  [0] -> File not found
\\"Btn_Home" ->  [0] -> File not found
\\"Btn_Search" ->  [0] -> File not found
\\"Btn_History" ->  [0] -> File not found
\\"Btn_Favorites" ->  [0] -> File not found
\\"Btn_Media" ->  [0] -> File not found
\\"Btn_Folders" ->  [0] -> File not found
\\"Btn_Fullscreen" ->  [0] -> File not found
\\"Btn_Tools" ->  [0] -> File not found
\\"Btn_MailNews" ->  [0] -> File not found
\\"Btn_Size" ->  [0] -> File not found
\\"Btn_Print" ->  [0] -> File not found
\\"Btn_Edit" ->  [0] -> File not found
\\"Btn_Discussions" ->  [0] -> File not found
\\"Btn_Cut" ->  [0] -> File not found
\\"Btn_Copy" ->  [0] -> File not found
\\"Btn_Paste" ->  [0] -> File not found
\\"Btn_Encoding" ->  [0] -> File not found
\\"Btn_PrintPreview" ->  [0] -> File not found
\\"NoThumbnailCache" ->  [0] -> File not found
\\"RestrictRun" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004] > -> HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"NoSecCPL" ->  [0] -> File not found
\\"NoDevMgrPage" ->  [0] -> File not found
\\"NoConfigPage" ->  [0] -> File not found
\\"NoVirtMemPage" ->  [0] -> File not found
\\"NoFileSysPage" ->  [0] -> File not found
\\"NoNetSetup" ->  [0] -> File not found
\\"NoNetSetupIDPage" ->  [0] -> File not found
\\"NoNetSetupSecurityPage" ->  [0] -> File not found
\\"NoWorkgroupContents" ->  [0] -> File not found
\\"NoEntireNetwork" ->  [0] -> File not found
\\"NoFileSharingControl" ->  [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Search ->  [http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41486US] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Search ->  [http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41486US] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Button: Show or hide HP Smart Web Printing] -> [2009/06/30 17:07:40 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{E023F504-0C5A-4750-A1E7-A9046DEA8A21}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{E023F504-0C5A-4750-A1E7-A9046DEA8A21}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\] > -> HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2009/06/30 17:07:40 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
Extension\.bcf -> C:\Program Files\Internet Explorer\PLUGINS\NPBelv32.dll [Belarc Advisor and BelLive - Belarc's Content Personalization with Privacy] -> [2003/09/24 19:12:30 | 00,651,264 | ---- | M] (Belarc, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6617 domain(s) found. -> 
58 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6617 domain(s) found. -> 
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6617 domain(s) found. -> 
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\] > -> HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 10148 domain(s) found. -> 
  .[msn] -> My Computer -> 
64 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\] > -> HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-725345543-2000478354-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000161-0000-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/msaudio.cab [Reg Error: Key error.] -> 
{1851174C-97BD-4217-A0CC-E908F60D5B7A} [HKLM] -> https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB [Hewlett-Packard Online Support Services] -> 
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Reg Error: Key error.] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www2.snapfish.com/SnapfishActivia.cab [Snapfish Activia] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab [Windows Live Safety Center Base Module] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{9191F686-7F0A-441D-8A98-2FE3AC1BD913} [HKLM] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab [ActiveScan 2.0 Installer Class] -> 
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [HKLM] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38072.9108680556 [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab [Reg Error: Key error.] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [get_atlcom Class] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{7DDCA5DC-C912-4FBF-A5F5-059428258A40}\\DhcpNameServer -> 192.168.2.1   (CNet PRO200WL PCI Fast Ethernet Adapter) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"Use My Stylesheet" -> Reg Error: Invalid data type.
"User Stylesheet" -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/11/22 16:19:05 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
GoToAssist -> C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll -> [2009/04/05 22:39:36 | 00,010,536 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 22:41:34 | 00,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2008/03/20 09:36:30 | 00,550,312 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2007/11/02 10:58:46 | 01,421,312 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2007/11/30 01:05:44 | 00,107,864 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2008/03/25 21:21:20 | 00,247,128 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 18:57:00 | 00,362,496 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 18:57:00 | 00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2007/10/31 15:45:22 | 00,147,456 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe] -> [2008/03/20 09:36:38 | 03,782,048 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe] -> [2008/03/13 09:34:26 | 00,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe [C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe] -> [2008/03/20 09:36:40 | 00,135,168 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\AVG\AVG9\avgemc.exe" -> C:\Program Files\AVG\AVG9\avgemc.exe [C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe] -> [2009/11/22 16:18:50 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" -> C:\Program Files\AVG\AVG9\avgnsx.exe [C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/12/11 14:05:16 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" -> C:\Program Files\AVG\AVG9\avgupd.exe [C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/12/11 14:04:37 | 01,007,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2008/03/20 09:36:30 | 00,550,312 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2007/11/02 10:58:46 | 01,421,312 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2007/11/30 01:05:44 | 00,107,864 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2008/03/25 21:21:20 | 00,247,128 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 18:57:00 | 00,362,496 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 18:57:00 | 00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2007/10/31 15:45:22 | 00,147,456 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe] -> [2008/03/20 09:36:38 | 03,782,048 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe] -> [2008/03/13 09:34:26 | 00,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe [C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe] -> [2008/03/20 09:36:40 | 00,135,168 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe" -> C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe [C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application] -> [2009/12/09 06:25:04 | 00,143,360 | ---- | M] (NinjaTrader)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/03/22 21:00:42 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 90 Days]
 OTS.exe -> C:\Documents and Settings\Tom\Desktop\OTS.exe -> [2010/01/25 04:48:27 | 00,631,296 | ---- | C] (OldTimer Tools)
 _OTM -> C:\_OTM -> [2010/01/24 15:08:38 | 00,000,000 | ---D | C]
 nview -> C:\WINDOWS\nview -> [2010/01/24 08:25:46 | 00,000,000 | ---D | C]
 setup.exe -> C:\Documents and Settings\Tom\Desktop\setup.exe -> [2010/01/24 08:01:34 | 00,228,424 | ---- | C] (NinjaTrader, LLC)
 TFC.exe -> C:\Documents and Settings\Tom\Desktop\TFC.exe -> [2010/01/23 16:11:57 | 00,439,808 | ---- | C] (OldTimer Tools)
 RECYCLER -> C:\RECYCLER -> [2010/01/23 09:09:07 | 00,000,000 | -HSD | C]
 cmdcons -> C:\cmdcons -> [2010/01/22 12:13:07 | 00,000,000 | RHSD | C]
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/01/22 12:12:00 | 00,212,480 | ---- | C] (SteelWerX)
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/01/22 12:12:00 | 00,161,792 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/01/22 12:12:00 | 00,136,704 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/01/22 12:12:00 | 00,031,232 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2010/01/22 12:10:37 | 00,000,000 | ---D | C]
 Panda Security -> C:\Program Files\Panda Security -> [2010/01/14 22:31:38 | 00,000,000 | ---D | C]
 Recent -> C:\Documents and Settings\Tom\Recent -> [2010/01/13 18:55:30 | 00,000,000 | RH-D | C]
 Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2010/01/03 23:32:57 | 00,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2010/01/03 23:32:57 | 00,000,000 | ---D | C]
 Skyhook Wireless -> C:\Program Files\Skyhook Wireless -> [2010/01/02 16:16:41 | 00,000,000 | ---D | C]
 spmsg.dll -> C:\WINDOWS\System32\spmsg.dll -> [2009/12/19 13:17:36 | 00,017,272 | ---- | C] (Microsoft Corporation)
 ie8 -> C:\WINDOWS\ie8 -> [2009/12/19 12:20:35 | 00,000,000 | -H-D | C]
 aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2009/12/19 12:06:06 | 00,471,552 | ---- | C] (Microsoft Corporation)
 vlc -> C:\Documents and Settings\Tom\Application Data\vlc -> [2009/12/19 11:58:48 | 00,000,000 | ---D | C]
 WinZip -> C:\Documents and Settings\All Users\Application Data\WinZip -> [2009/12/19 11:50:58 | 00,000,000 | ---D | C]
 Secunia -> C:\Program Files\Secunia -> [2009/12/19 11:41:05 | 00,000,000 | ---D | C]
 Malware -> C:\Documents and Settings\Tom\My Documents\Malware -> [2009/12/19 08:01:02 | 00,000,000 | ---D | C]
 CrossHair -> C:\Program Files\CrossHair -> [2009/12/17 12:13:43 | 00,000,000 | ---D | C]
 DELL -> C:\Documents and Settings\Tom\Desktop\DELL -> [2009/12/15 21:45:01 | 00,000,000 | ---D | C]
 MSECache -> C:\Program Files\MSECache -> [2009/12/14 21:43:19 | 00,000,000 | ---D | C]
 WinPatrol -> C:\Documents and Settings\Tom\Application Data\WinPatrol -> [2009/12/12 11:54:09 | 00,000,000 | ---D | C]
 BillP Studios -> C:\Program Files\BillP Studios -> [2009/12/12 11:53:52 | 00,000,000 | ---D | C]
 QuickTime -> C:\Program Files\QuickTime -> [2009/12/12 10:56:23 | 00,000,000 | ---D | C]
 Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [2009/12/12 10:56:22 | 00,000,000 | ---D | C]
 Apple -> C:\Program Files\Common Files\Apple -> [2009/12/12 09:38:53 | 00,000,000 | ---D | C]
 Apple -> C:\Documents and Settings\Tom\Local Settings\Application Data\Apple -> [2009/12/12 09:38:38 | 00,000,000 | ---D | C]
 Apple Software Update -> C:\Program Files\Apple Software Update -> [2009/12/12 09:38:33 | 00,000,000 | ---D | C]
 Apple -> C:\Documents and Settings\All Users\Application Data\Apple -> [2009/12/12 09:38:32 | 00,000,000 | ---D | C]
 Apple Computer -> C:\Documents and Settings\Tom\Local Settings\Application Data\Apple Computer -> [2009/12/12 09:37:42 | 00,000,000 | ---D | C]
 xing shared -> C:\Program Files\Common Files\xing shared -> [2009/12/12 09:26:31 | 00,000,000 | ---D | C]
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2009/12/12 09:18:34 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2009/12/12 09:18:34 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2009/12/12 09:18:34 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
 ERDNT -> C:\WINDOWS\ERDNT -> [2009/12/11 14:58:48 | 00,000,000 | ---D | C]
 ERUNT -> C:\Program Files\ERUNT -> [2009/12/11 14:57:20 | 00,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\Tom\Application Data\Malwarebytes -> [2009/12/11 14:16:01 | 00,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/11 14:15:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/11 14:15:53 | 00,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/11 14:15:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/11 14:15:52 | 00,000,000 | ---D | C]
 CCleaner -> C:\Program Files\CCleaner -> [2009/12/10 17:38:54 | 00,000,000 | ---D | C]
 NinjaTrader 6.5 -> C:\Program Files\NinjaTrader 6.5 -> [2009/12/10 09:02:58 | 00,000,000 | ---D | C]
 Malware -> C:\Documents and Settings\Tom\Desktop\Malware -> [2009/12/09 16:50:29 | 00,000,000 | ---D | C]
 rsit -> C:\rsit -> [2009/12/07 20:17:37 | 00,000,000 | ---D | C]
 Tom2 Docs -> C:\Documents and Settings\Tom\My Documents\Tom2 Docs -> [2009/12/06 20:04:24 | 00,000,000 | ---D | C]
 HP Product Assistant -> C:\Documents and Settings\All Users\Application Data\HP Product Assistant -> [2009/12/06 10:11:07 | 00,000,000 | ---D | C]
 New Folder -> C:\New Folder -> [2009/11/26 12:53:57 | 00,000,000 | ---D | C]
 MemTurbo 4 -> C:\Program Files\MemTurbo 4 -> [2009/11/26 08:48:19 | 00,000,000 | ---D | C]
 $AVG -> C:\$AVG -> [2009/11/22 16:19:49 | 00,000,000 | ---D | C]
 avg9 -> C:\Documents and Settings\All Users\Application Data\avg9 -> [2009/11/22 16:18:43 | 00,000,000 | ---D | C]
 Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/11/22 16:12:28 | 00,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/11/22 16:12:27 | 00,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/11/22 12:55:50 | 00,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/22 12:55:50 | 00,000,000 | ---D | M]
 My Videos -> C:\Documents and Settings\Tom\My Documents\My Videos -> [2009/11/10 23:49:19 | 00,000,000 | R--D | C]
 QuickTimeVR.qtx -> C:\WINDOWS\System32\QuickTimeVR.qtx -> [2009/11/10 23:08:24 | 00,094,208 | ---- | C] (Apple Inc.)
 QuickTime.qts -> C:\WINDOWS\System32\QuickTime.qts -> [2009/11/10 23:08:24 | 00,069,632 | ---- | C] (Apple Inc.)
 rmoc3260.dll -> C:\WINDOWS\System32\rmoc3260.dll -> [2009/11/10 08:27:10 | 00,185,920 | ---- | C] (RealNetworks, Inc.)
 pndx5016.dll -> C:\WINDOWS\System32\pndx5016.dll -> [2009/11/10 08:26:54 | 00,006,656 | ---- | C] (RealNetworks, Inc.)
 pndx5032.dll -> C:\WINDOWS\System32\pndx5032.dll -> [2009/11/10 08:26:54 | 00,005,632 | ---- | C] (RealNetworks, Inc.)
 Real -> C:\Documents and Settings\All Users\Application Data\Real -> [2009/11/10 08:25:29 | 00,000,000 | ---D | C]
 Temp -> C:\Documents and Settings\Tom\Local Settings\Application Data\Temp -> [2009/10/31 11:59:44 | 00,000,000 | ---D | C]
 Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2009/10/30 10:50:00 | 00,000,000 | ---D | M]
 Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2009/10/30 10:45:49 | 00,000,000 | ---D | M]
 ie7 -> C:\WINDOWS\ie7 -> [2009/10/30 10:29:31 | 00,000,000 | -H-D | C]
 omNovia -> C:\Program Files\omNovia -> [2009/10/29 06:40:26 | 00,000,000 | ---D | C]
 HPAppData -> C:\Documents and Settings\NetworkService\Application Data\HPAppData -> [2009/04/23 22:29:07 | 00,000,000 | ---D | M]
 Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2009/04/15 22:03:17 | 00,000,000 | ---D | M]
 HPAppData -> C:\Documents and Settings\LocalService\Application Data\HPAppData -> [2009/02/14 12:24:38 | 00,000,000 | ---D | M]
 Skyhook Wireless -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Skyhook Wireless -> [2009/01/28 20:10:30 | 00,000,000 | ---D | M]
 Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2008/03/22 08:49:18 | 00,000,000 | ---D | M]
 Google -> C:\Documents and Settings\LocalService\Application Data\Google -> [2008/03/22 08:49:06 | 00,000,000 | ---D | M]
 Help -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Help -> [2006/03/21 09:49:14 | 00,000,000 | ---D | M]
 Help -> C:\Documents and Settings\LocalService\Application Data\Help -> [2006/03/21 09:49:14 | 00,000,000 | ---D | M]
 
[Files/Folders - Modified Within 90 Days]
 OTS.exe -> C:\Documents and Settings\Tom\Desktop\OTS.exe -> [2010/01/25 04:48:29 | 00,631,296 | ---- | M] (OldTimer Tools)
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/01/25 04:42:20 | 00,002,206 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/01/25 04:42:17 | 00,000,876 | ---- | M] ()
 Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2010/01/25 04:40:59 | 00,000,868 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/01/25 04:40:36 | 00,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/01/25 04:40:24 | 00,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/01/25 04:40:18 | 80,433,9712 | -HS- | M] ()
 ntuser.dat -> C:\Documents and Settings\Tom\ntuser.dat -> [2010/01/25 00:24:56 | 09,707,520 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Tom\ntuser.ini -> [2010/01/25 00:24:56 | 00,000,178 | -HS- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/01/24 23:56:00 | 00,000,880 | ---- | M] ()
 SystemLook.exe -> C:\Documents and Settings\Tom\Desktop\SystemLook.exe -> [2010/01/24 11:25:43 | 00,100,908 | ---- | M] ()
 incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/01/24 09:41:29 | 54,617,974 | ---- | M] ()
 setup.exe -> C:\Documents and Settings\Tom\Desktop\setup.exe -> [2010/01/24 08:01:34 | 00,228,424 | ---- | M] (NinjaTrader, LLC)
 TFC.exe -> C:\Documents and Settings\Tom\Desktop\TFC.exe -> [2010/01/23 16:11:57 | 00,439,808 | ---- | M] (OldTimer Tools)
 system.ini -> C:\WINDOWS\system.ini -> [2010/01/23 08:58:48 | 00,000,227 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/01/23 08:58:36 | 00,000,027 | ---- | M] ()
 ComboFix.exe -> C:\Documents and Settings\Tom\Desktop\ComboFix.exe -> [2010/01/23 08:45:07 | 03,834,324 | R--- | M] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/01/23 08:44:08 | 00,077,136 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2010/01/22 12:13:16 | 00,000,281 | RHS- | M] ()
 RSIT.exe -> C:\Documents and Settings\Tom\Desktop\RSIT.exe -> [2010/01/21 15:13:37 | 00,781,909 | ---- | M] ()
 microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2010/01/20 09:29:12 | 00,142,495 | ---- | M] ()
 Yahoo! Mail.url -> C:\Documents and Settings\Tom\Desktop\Yahoo! Mail.url -> [2010/01/18 23:29:20 | 00,000,276 | ---- | M] ()
 Yahoo! Finance.url -> C:\Documents and Settings\Tom\Desktop\Yahoo! Finance.url -> [2010/01/15 20:15:21 | 00,003,460 | ---- | M] ()
 Gmail.url -> C:\Documents and Settings\Tom\Desktop\Gmail.url -> [2010/01/13 20:40:40 | 00,000,619 | ---- | M] ()
 ntuser.bak -> C:\Documents and Settings\Tom\ntuser.bak -> [2010/01/13 18:37:58 | 09,699,328 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/01/12 23:34:03 | 00,272,576 | ---- | M] ()
 IconCache.db -> C:\Documents and Settings\Tom\Local Settings\Application Data\IconCache.db -> [2010/01/11 06:01:59 | 02,691,650 | -H-- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
 wpsnuio.sys -> C:\WINDOWS\System32\drivers\wpsnuio.sys -> [2010/01/02 16:16:41 | 00,013,696 | ---- | M] (Skyhook Wireless)
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/01/02 16:02:26 | 00,690,416 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/01/02 16:02:26 | 00,180,428 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/01/02 16:02:26 | 00,005,322 | ---- | M] ()
 urlmon.dll -> C:\WINDOWS\System32\dllcache\urlmon.dll -> [2009/12/21 12:14:05 | 01,208,832 | ---- | M] (Microsoft Corporation)
 wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2009/12/21 12:14:05 | 00,916,480 | ---- | M] (Microsoft Corporation)
 mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2009/12/21 12:14:04 | 05,942,784 | ---- | M] (Microsoft Corporation)
 occache.dll -> C:\WINDOWS\System32\dllcache\occache.dll -> [2009/12/21 12:14:04 | 00,206,848 | ---- | M] (Microsoft Corporation)
 iertutil.dll -> C:\WINDOWS\System32\dllcache\iertutil.dll -> [2009/12/21 12:14:03 | 01,985,536 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\WINDOWS\System32\inetcpl.cpl -> [2009/12/21 12:14:03 | 01,469,440 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\WINDOWS\System32\dllcache\inetcpl.cpl -> [2009/12/21 12:14:03 | 01,469,440 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\WINDOWS\System32\msfeeds.dll -> [2009/12/21 12:14:03 | 00,594,432 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\WINDOWS\System32\dllcache\msfeeds.dll -> [2009/12/21 12:14:03 | 00,594,432 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\WINDOWS\System32\iepeers.dll -> [2009/12/21 12:14:03 | 00,184,320 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\WINDOWS\System32\dllcache\iepeers.dll -> [2009/12/21 12:14:03 | 00,184,320 | ---- | M] (Microsoft Corporation)
 msfeedsbs.dll -> C:\WINDOWS\System32\msfeedsbs.dll -> [2009/12/21 12:14:03 | 00,055,296 | ---- | M] (Microsoft Corporation)
 msfeedsbs.dll -> C:\WINDOWS\System32\dllcache\msfeedsbs.dll -> [2009/12/21 12:14:03 | 00,055,296 | ---- | M] (Microsoft Corporation)
 jsproxy.dll -> C:\WINDOWS\System32\jsproxy.dll -> [2009/12/21 12:14:03 | 00,025,600 | ---- | M] (Microsoft Corporation)
 jsproxy.dll -> C:\WINDOWS\System32\dllcache\jsproxy.dll -> [2009/12/21 12:14:03 | 00,025,600 | ---- | M] (Microsoft Corporation)
 ieframe.dll -> C:\WINDOWS\System32\dllcache\ieframe.dll -> [2009/12/21 12:14:02 | 11,070,464 | ---- | M] (Microsoft Corporation)
 iedkcs32.dll -> C:\WINDOWS\System32\iedkcs32.dll -> [2009/12/21 12:14:01 | 00,387,584 | ---- | M] (Microsoft Corporation)
 iedkcs32.dll -> C:\WINDOWS\System32\dllcache\iedkcs32.dll -> [2009/12/21 12:14:01 | 00,387,584 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\WINDOWS\System32\ie4uinit.exe -> [2009/12/21 06:19:18 | 00,173,056 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\WINDOWS\System32\dllcache\ie4uinit.exe -> [2009/12/21 06:19:18 | 00,173,056 | ---- | M] (Microsoft Corporation)
 nscompat.tlb -> C:\WINDOWS\System32\nscompat.tlb -> [2009/12/19 13:17:08 | 00,023,392 | ---- | M] ()
 amcompat.tlb -> C:\WINDOWS\System32\amcompat.tlb -> [2009/12/19 13:17:08 | 00,016,832 | ---- | M] ()
 vlc-1.0.3-win32.exe -> C:\Documents and Settings\Tom\My Documents\vlc-1.0.3-win32.exe -> [2009/12/19 12:58:59 | 18,030,130 | ---- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2009/12/19 11:50:58 | 00,000,619 | ---- | M] ()
 Secunia PSI.lnk -> C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk -> [2009/12/19 11:41:58 | 00,000,752 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/15 22:10:21 | 00,039,424 | ---- | M] ()
 Happy_Holidays2009[1].docx -> C:\Documents and Settings\Tom\My Documents\Happy_Holidays2009[1].docx -> [2009/12/14 21:49:08 | 00,013,037 | ---- | M] ()
 cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2009/12/12 09:31:41 | 00,001,033 | ---- | M] ()
 rmoc3260.dll -> C:\WINDOWS\System32\rmoc3260.dll -> [2009/12/12 09:27:00 | 00,185,920 | ---- | M] (RealNetworks, Inc.)
 pndx5016.dll -> C:\WINDOWS\System32\pndx5016.dll -> [2009/12/12 09:26:38 | 00,006,656 | ---- | M] (RealNetworks, Inc.)
 pndx5032.dll -> C:\WINDOWS\System32\pndx5032.dll -> [2009/12/12 09:26:38 | 00,005,632 | ---- | M] (RealNetworks, Inc.)
 msvcp71.dll -> C:\WINDOWS\System32\msvcp71.dll -> [2009/12/12 09:25:40 | 00,499,712 | ---- | M] (Microsoft Corporation)
 msvcr71.dll -> C:\WINDOWS\System32\msvcr71.dll -> [2009/12/12 09:25:40 | 00,348,160 | ---- | M] (Microsoft Corporation)
 pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2009/12/12 09:25:39 | 00,278,528 | ---- | M] (Real Networks, Inc)
 QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [2009/12/11 16:06:12 | 00,054,156 | -H-- | M] ()
 _MSRSTRT.EXE -> C:\WINDOWS\_MSRSTRT.EXE -> [2009/12/10 17:52:25 | 00,002,560 | ---- | M] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/12/09 22:54:07 | 00,261,632 | ---- | M] ()
 NtDirect.dll -> C:\WINDOWS\System32\NtDirect.dll -> [2009/12/09 06:24:54 | 00,098,304 | ---- | M] ()
 hpqins05.dat -> C:\WINDOWS\hpqins05.dat -> [2009/12/06 10:12:57 | 00,077,372 | ---- | M] ()
 Ÿ9Ÿ9 -> C:\Documents and Settings\Tom\Ÿ9Ÿ9 -> [2009/11/26 07:31:33 | 00,000,000 | ---- | M] ()
 avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2009/11/22 16:19:24 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2009/11/22 16:19:24 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2009/11/22 16:19:24 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
 iavichjw.avm -> C:\WINDOWS\System32\drivers\Avg\iavichjw.avm -> [2009/11/22 16:19:05 | 00,113,461 | ---- | M] ()
 avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/11/22 16:19:05 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
 sysmain.sdb -> C:\WINDOWS\System32\dllcache\sysmain.sdb -> [2009/11/21 08:51:42 | 01,206,508 | ---- | M] ()
 aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2009/11/21 08:51:04 | 00,471,552 | ---- | M] (Microsoft Corporation)
 QuickTimeVR.qtx -> C:\WINDOWS\System32\QuickTimeVR.qtx -> [2009/11/10 23:08:24 | 00,094,208 | ---- | M] (Apple Inc.)
 QuickTime.qts -> C:\WINDOWS\System32\QuickTime.qts -> [2009/11/10 23:08:24 | 00,069,632 | ---- | M] (Apple Inc.)
 TI.url -> C:\Documents and Settings\Tom\Desktop\TI.url -> [2009/11/09 08:19:14 | 00,000,290 | ---- | M] ()
 QTFont.for -> C:\WINDOWS\QTFont.for -> [2009/10/31 21:03:49 | 00,001,409 | ---- | M] ()
 extmgr.dll -> C:\WINDOWS\System32\dllcache\extmgr.dll -> [2009/10/29 00:46:51 | 00,133,120 | ---- | M] (Microsoft Corporation)
 ieudinit.exe -> C:\WINDOWS\System32\dllcache\ieudinit.exe -> [2009/10/28 07:36:11 | 00,013,824 | ---- | M] (Microsoft Corporation)
 
[Files - No Company Name]
 hiberfil.sys -> C:\hiberfil.sys -> [2010/01/24 14:52:51 | 80,433,9712 | -HS- | C] ()
 SystemLook.exe -> C:\Documents and Settings\Tom\Desktop\SystemLook.exe -> [2010/01/24 11:25:43 | 00,100,908 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2010/01/22 12:13:16 | 00,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2010/01/22 12:13:12 | 00,260,272 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/01/22 12:12:00 | 00,261,632 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2010/01/22 12:12:00 | 00,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2010/01/22 12:12:00 | 00,080,412 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/01/22 12:12:00 | 00,077,312 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2010/01/22 12:12:00 | 00,068,096 | ---- | C] ()
 ComboFix.exe -> C:\Documents and Settings\Tom\Desktop\ComboFix.exe -> [2010/01/22 12:09:35 | 03,834,324 | R--- | C] ()
 RSIT.exe -> C:\Documents and Settings\Tom\Desktop\RSIT.exe -> [2010/01/21 15:13:32 | 00,781,909 | ---- | C] ()
 IconCache.db -> C:\Documents and Settings\Tom\Local Settings\Application Data\IconCache.db -> [2010/01/11 06:01:56 | 02,691,650 | -H-- | C] ()
 vlc-1.0.3-win32.exe -> C:\Documents and Settings\Tom\My Documents\vlc-1.0.3-win32.exe -> [2009/12/19 12:58:00 | 18,030,130 | ---- | C] ()
 Secunia PSI.lnk -> C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Secunia PSI.lnk -> [2009/12/19 11:41:58 | 00,000,752 | ---- | C] ()
 Happy_Holidays2009[1].docx -> C:\Documents and Settings\Tom\My Documents\Happy_Holidays2009[1].docx -> [2009/12/14 21:49:07 | 00,013,037 | ---- | C] ()
 _MSRSTRT.EXE -> C:\WINDOWS\_MSRSTRT.EXE -> [2009/12/10 17:52:24 | 00,002,560 | ---- | C] ()
 NtDirect.dll -> C:\WINDOWS\System32\NtDirect.dll -> [2009/12/09 06:24:54 | 00,098,304 | ---- | C] ()
 hpqins05.dat -> C:\WINDOWS\hpqins05.dat -> [2009/12/06 10:05:06 | 00,077,372 | ---- | C] ()
 Yahoo! Finance.url -> C:\Documents and Settings\Tom\Desktop\Yahoo! Finance.url -> [2009/12/05 12:06:33 | 00,003,460 | ---- | C] ()
 TI.url -> C:\Documents and Settings\Tom\Desktop\TI.url -> [2009/11/02 07:54:23 | 00,000,290 | ---- | C] ()
 QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [2009/10/31 21:03:49 | 00,054,156 | -H-- | C] ()
 QTFont.for -> C:\WINDOWS\QTFont.for -> [2009/10/31 21:03:49 | 00,001,409 | ---- | C] ()
 Yahoo! Mail.url -> C:\Documents and Settings\Tom\Desktop\Yahoo! Mail.url -> [2009/10/31 08:16:29 | 00,000,276 | ---- | C] ()
 Gmail.url -> C:\Documents and Settings\Tom\Desktop\Gmail.url -> [2009/10/31 08:15:36 | 00,000,619 | ---- | C] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2009/10/30 10:45:44 | 00,000,880 | ---- | C] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2009/10/30 10:45:44 | 00,000,876 | ---- | C] ()
 Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2009/10/30 10:44:08 | 00,000,868 | ---- | C] ()
 QFN.ini -> C:\WINDOWS\QFN.ini -> [2009/02/21 21:16:29 | 00,000,000 | ---- | C] ()
 QDQICK.ini -> C:\WINDOWS\QDQICK.ini -> [2009/02/21 21:16:29 | 00,000,000 | ---- | C] ()
 hpqEmlSz.INI -> C:\WINDOWS\hpqEmlSz.INI -> [2009/02/18 16:14:42 | 00,000,000 | ---- | C] ()
 vbupdtx.ini -> C:\WINDOWS\vbupdtx.ini -> [2009/02/02 11:02:20 | 00,000,035 | ---- | C] ()
 A5W.INI -> C:\WINDOWS\A5W.INI -> [2008/12/21 08:52:47 | 00,000,035 | ---- | C] ()
 QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2008/12/16 16:12:06 | 00,000,900 | ---- | C] ()
 intuprof.ini -> C:\WINDOWS\intuprof.ini -> [2008/12/16 16:12:06 | 00,000,185 | ---- | C] ()
 HPBroker.dll -> C:\WINDOWS\HPBroker.dll -> [2008/01/14 16:47:06 | 00,099,712 | ---- | C] ()
 idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007/09/27 10:51:02 | 00,020,698 | ---- | C] ()
 gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007/09/27 10:48:48 | 00,030,628 | ---- | C] ()
 gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007/09/27 10:48:28 | 00,031,698 | ---- | C] ()
 TTutor7.ini -> C:\WINDOWS\TTutor7.ini -> [2007/01/23 15:03:39 | 00,000,146 | ---- | C] ()
 cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2006/12/29 13:05:19 | 00,001,033 | ---- | C] ()
 dellstat.ini -> C:\WINDOWS\dellstat.ini -> [2006/12/17 14:13:46 | 00,000,092 | ---- | C] ()
 lexstat.ini -> C:\WINDOWS\lexstat.ini -> [2006/12/17 14:02:19 | 00,000,407 | ---- | C] ()
 OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2006/10/13 12:30:10 | 00,668,976 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 00,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 00,026,489 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 00,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 00,026,040 | ---- | C] ()
 kodakpcd.Tom.ini -> C:\WINDOWS\kodakpcd.Tom.ini -> [2005/11/29 16:03:20 | 00,000,022 | ---- | C] ()
 nmocod.dll -> C:\WINDOWS\System32\nmocod.dll -> [2004/12/01 21:29:33 | 00,240,640 | ---- | C] ()
 usrwiz.ini -> C:\WINDOWS\usrwiz.ini -> [2004/12/01 21:28:15 | 00,000,096 | ---- | C] ()
 hpdj3740.ini -> C:\WINDOWS\hpdj3740.ini -> [2004/10/13 20:00:49 | 00,003,997 | ---- | C] ()
 hpbvspst.ini -> C:\WINDOWS\hpbvspst.ini -> [2004/10/13 20:00:08 | 00,000,414 | ---- | C] ()
 gssmsg.dll -> C:\WINDOWS\System32\gssmsg.dll -> [2004/04/05 12:06:16 | 00,045,056 | R--- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2004/03/27 01:08:10 | 00,363,520 | ---- | C] ()
 setupnt.dll -> C:\WINDOWS\System32\setupnt.dll -> [2004/03/25 19:54:39 | 00,037,888 | ---- | C] ()
 MSVCRT10.DLL -> C:\WINDOWS\System32\MSVCRT10.DLL -> [2004/03/25 17:14:42 | 00,210,944 | ---- | C] ()
 KPCMS.INI -> C:\WINDOWS\KPCMS.INI -> [2004/03/25 17:14:31 | 00,000,123 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2004/03/25 16:48:15 | 00,000,376 | ---- | C] ()
 videoimp.ini -> C:\WINDOWS\videoimp.ini -> [2004/03/25 16:29:59 | 00,000,416 | ---- | C] ()
 DEBUGSM.INI -> C:\WINDOWS\DEBUGSM.INI -> [2004/03/24 00:36:11 | 00,000,029 | ---- | C] ()
 EPSON 1260_1660 Installer.ini -> C:\WINDOWS\EPSON 1260_1660 Installer.ini -> [2004/03/24 00:21:35 | 00,000,196 | ---- | C] ()
 PRINTS~1.INI -> C:\WINDOWS\PRINTS~1.INI -> [2004/03/22 21:29:11 | 00,000,338 | ---- | C] ()
 BANTExt.sys -> C:\WINDOWS\System32\drivers\BANTExt.sys -> [2004/03/22 21:27:28 | 00,003,840 | ---- | C] ()
 xvid.dll -> C:\WINDOWS\System32\xvid.dll -> [2002/10/03 23:01:42 | 00,503,808 | ---- | C] ()
 KodakOneTouch.dll -> C:\WINDOWS\System32\KodakOneTouch.dll -> [2000/09/08 17:53:50 | 00,073,839 | ---- | C] ()
 sysres.dll -> C:\WINDOWS\System32\sysres.dll -> [1998/08/16 07:00:00 | 00,004,096 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\etc\hosts.20100103-234638.backup:SummaryInformation
< End of report >



Thank you, PopaTom
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Action Cancelled and running slow

Unread postby peku006 » January 25th, 2010, 9:46 am

Hi PopaTom

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer
    
     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Action Cancelled and running slow

Unread postby PopaTom » January 25th, 2010, 10:09 am

Hi Peku :)

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 07:06 on 25/01/2010 by Tom (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]
"AllowLockdownMedia"= 0x0000000001 (1)
"EnableAdminTSRemote"= 0x0000000001 (1)


-=End Of File=-
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Action Cancelled and running slow

Unread postby peku006 » January 25th, 2010, 11:03 am

Hi PopaTom

I'm not sure what causes your "Windows Installer error"

maybe this site will help

post back if it helped.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Action Cancelled and running slow

Unread postby PopaTom » January 25th, 2010, 3:34 pm

Hi Peku;
Well here we are again " a fresh like new PC and I can`t thank you enough"! I sometimes wonder if you fully realize how wonderful it is to have people like yourself so willing to lend a helping hand.

I have had PC`s for about 15 years now and I have spent a lot of money not only for the PC`s but also for techs to perform system upkeep etc. Now I am retired and it would have been an almost unbearable expense to have a "tech" do what you have done in the last few weeks.

I will be sending another "donation" soon. Thank You again for everything, PopaTom

I got the ninja trader program to load. I had to uninstall the older version first. I did download a MS hotfix {KB942288-v3} but I am not really sure that I needed it. It works, thats all that counts. My old friend is humming right along just like she use to !!!!
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Action Cancelled and running slow

Unread postby peku006 » January 25th, 2010, 4:05 pm

Hi PopaTom
Nice to hear that your computer is "fresh like new PC" :)
We are pleased to have been some help in getting you clean.

Your log now appears to be clean. Congratulations!

To remove all of the tools we used and the files and folders they created do the following:

Delete SystemLook from your desktop.

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.
Turn ON System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Here are some things that I think are worth having a look at if you don't already know a bout them:.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • SpywareBlaster
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox or Opera

Here is a great article by miekiemoes How to prevent Malware.

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Action Cancelled and running slow

Unread postby PopaTom » January 27th, 2010, 1:19 am

Hi Peku,

I read your instructions and I thank you for all your help. I hope I don`t have to bother you guys again for a long time:)

Your Friend, PopaTom
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Action Cancelled and running slow

Unread postby peku006 » January 27th, 2010, 4:13 am

As this issue appears to be resolved, this topic is now closed.

We are pleased to have been some help in getting you clean.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 302 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware