Free Malware Removal Forum

by **peku006** » January 23rd, 2009, 8:10 am

Hi Peterm1
hmm....F-Secure is not working properly
you still have the same Ad Yield Manager trouble

Let us take a deeper look...........

Please download OTScanIt2 from Geeks to Go or Bleeping Computer. Save it to your desktop.

Double click on OTScanIt2.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
Under Rookit Search, select Yes.
Click on Run Scan at the top left hand corner.
When done, Notepad will open. Please post this log in your next reply.

Thanks peku006

by **Peterm1** » January 23rd, 2009, 6:15 pm

OK at last it is done and this time it worked. (Relief!)

Here is the logfile

regards Peter

FSECURE

Scanning Report
Friday, January 23, 2009 18:17:12 - 08:40:16

Computer name: PETERS_COMPUTER
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 50 malware found
Email-Worm.VBS.KakWorm (virus)

* C:\Documents and Settings\HP_Administrator\My Documents\Personal Documents\ALLA - Visa application\Alla emails\backup.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\My Documents\Personal Documents\ALLA - Visa application\Alla emails\backup.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Peter ]
* C:\Documents and Settings\HP_Administrator\My Documents\Personal Documents\ALLA - Visa application\Alla emails\backup.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\My Documents\Personal Documents\ALLA - Visa application\Alla emails\backup.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:HI Hi Hi]
* C:\Documents and Settings\HP_Administrator\My Documents\Personal Documents\ALLA - Visa application\Alla emails\backup.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\My Documents\Personal Documents\ALLA - Visa application\Alla emails\backup.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Peter ]
* C:\Documents and Settings\HP_Administrator\My Documents\Personal Documents\ALLA - Visa application\Alla emails\backup.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\My Documents\Personal Documents\ALLA - Visa application\Alla emails\backup.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:HI Hi Hi]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\Personal Documents\ALLA - Visa application\Alla emails\outlook.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\Personal Documents\ALLA - Visa application\Alla emails\outlook.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Peter ]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\Personal Documents\ALLA - Visa application\Alla emails\outlook.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\Personal Documents\ALLA - Visa application\Alla emails\outlook.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:HI Hi Hi]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:HI Hi Hi]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Peter ]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:HI Hi Hi]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Peter ]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Peter ]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:Hi Alla]
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook\peter.pst\[From:Peter Maynard peterm1@ozemail.com.au][Subj:HI Hi Hi]

Email-Worm.VBS.KakWorm.z (virus)

* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, HI Hi Hi.eml\[From "Peter Maynard"
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml\[From "Peter Maynard"
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Peter .eml\[From "Peter Maynard"
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml\[From "Peter Maynard"
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml\[From "Peter Maynard"
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Peter .eml\[From "Peter Maynard"
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml\[From "Peter Maynard"
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, HI Hi Hi.eml\[From "Peter Maynard"
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml\[From "Peter Maynard"
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Peter .eml\[From "Peter Maynard"
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml\[From "Peter Maynard"
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, HI Hi Hi.eml\[From "Peter Maynard"

Exploit.HTML.SecurityBreach.3 (virus)

* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, HI Hi Hi.eml
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Peter .eml
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Peter .eml
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, HI Hi Hi.eml
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Peter .eml
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, Hi Alla.eml
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Alla Feb 2000 to July 2001.dbx\Peter Maynard peterm1@ozemail.com.au, HI Hi Hi.eml

Trojan-Spy.HTML.Fraud.gen (virus)

* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Sent Items.dbx\Peter peterm1@grapevine.com.au, Fw: Question for Seller about shipping eBay item # (481246767) .
* C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{075B647C-D1F0-4ABE-B6FD-D66C4D29301D}\Microsoft\Outlook Express\Sent Items.dbx\Peter peterm1@grapevine.com.au, Re: Question for Seller about shipping eBay item # (481246767) .

Statistics
Scanned:

* Files: 740707
* System: 5503
* Not scanned: 135

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 50
* Submitted: 0

Files not scanned:

* xW��6�ONFIG\SOFTWARE.LOG C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\arrow1.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\arrow2.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bck1.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt11.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt12.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt13.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt21.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt22.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt23.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt31.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt32.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt33.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt41.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt42.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt43.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt51.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt52.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt53.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt61.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\bt62.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\checkbox1.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\checkbox2.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\checkbox3.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\checkbox4.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\defbtn1.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\defbtn2.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\defbtn3.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\glyph1.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\glyph2.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\glyph3.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2)\Ad-Aware SE default.ask\glyph4.bmp
* C:\Program Files\Lavasoft\Ad-Aware SE Personal(2)\Skins(2 �

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Blacklight: 0.0.0
* F-Secure Hydra: 2.8.8110, 2009-01-23
* F-Secure Pegasus: 1.20.0, 1970-00-01
* F-Secure AVP: 7.0.171, 2009-01-23

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

GOORED

GooredFix v1.83 by jpshortstuff
Log created at 08:37 on 24/01/2009 running Option #1 (HP_Administrator)
Firefox version 3.0.5 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

by **Peterm1** » January 23rd, 2009, 7:12 pm

OK as you can see since your last post I got F Secure working and have posted the results, And here are the results for the last piece of software you asked me to run.

Many thanks Peter

OTS Scan Results

Code: Select all

OTScanIt2 logfile created on: 1/24/2009 9:30:22 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.6.2     Folder = C:\Documents and Settings\HP_Administrator\My Documents\00Temp Download\OTScanIt2
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: M/d/yyyy
 
1022.39 Mb Total Physical Memory | 287.39 Mb Available Physical Memory | 28.11% Memory free
3.24 Gb Paging File | 0.52 Gb Available in Paging File | 16.05% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.93 Gb Total Space | 51.56 Gb Free Space | 28.98% Space Free | Partition Type: NTFS
Drive D: | 8.36 Gb Total Space | 0.54 Gb Free Space | 6.51% Space Free | Partition Type: FAT32
Drive E: | 7.42 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 17.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 6.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive O: | 465.64 Gb Total Space | 307.82 Gb Free Space | 66.11% Space Free | Partition Type: FAT32
 
Computer Name: PETERS_COMPUTER
Current User Name: HP_Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 90 Days
 
[Processes - Safe List]
3 mobile broadband.exe -> %ProgramFiles%\3 Mobile\3 Mobile Broadband\3 Mobile Broadband.exe -> [2008/06/14 19:23:36 | 00,970,752 | ---- | M] (Huawei Technologies Co., Ltd.)
a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> [2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH)
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH)
ehmsas.exe -> %SystemRoot%\ehome\ehmsas.exe -> [2005/08/05 21:26:28 | 00,046,592 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 16:46:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
ehsched.exe -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 21:26:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/08/05 21:26:34 | 00,064,512 | ---- | M] (Microsoft Corporation)
elservice.exe -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -> [2006/06/01 23:55:00 | 00,180,224 | ---- | M] (Intel Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/12/03 06:41:53 | 00,307,704 | ---- | M] (Mozilla Corporation)
fsgk32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> [2009/01/22 19:04:25 | 00,440,448 | ---- | M] (F-Secure Corp.)
fssm32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> [2009/01/22 19:04:25 | 00,519,816 | ---- | M] (F-Secure Corp.)
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> [1998/05/08 02:34:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company)
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/02/22 10:28:34 | 00,081,920 | ---- | M] (Intel Corporation)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/10/15 17:36:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/19 22:34:59 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/01/19 22:34:59 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> [2005/02/03 10:14:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/03 18:50:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 18:49:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
mspmspsv.exe -> %SystemRoot%\system32\MsPMSPSv.exe -> [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2007/12/05 01:11:00 | 00,155,716 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\My Documents\00Temp Download\OTScanIt2\OTScanIt2.exe -> [2009/01/09 09:03:22 | 00,485,376 | ---- | M] (OldTimer Tools)
pdvdserv.exe -> %ProgramFiles%\Roxio\Roxio DVDMax Player\PDVDServ.exe -> [2003/10/27 02:04:34 | 00,032,768 | ---- | M] (Cyberlink Corp.)
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [2008/12/02 10:45:00 | 00,066,872 | ---- | M] ()
processtamertray.exe -> %ProgramFiles%\ProcessTamer\ProcessTamerTray.exe -> [2006/09/20 13:13:52 | 00,151,552 | ---- | M] ()
psiservice.exe -> %SystemRoot%\system32\PSIService.exe -> [2007/06/05 12:50:32 | 00,177,704 | ---- | M] ()
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH)
wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008/04/14 10:42:41 | 00,013,824 | ---- | M] (Microsoft Corporation)
wuauclt.exe -> %SystemRoot%\system32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> [2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH)
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
(AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH)
(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:17:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(CachemanXPService) CachemanXP [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\CachemanXP\CachemanXP.exe -> [2006/03/22 03:06:36 | 00,208,384 | ---- | M] (OuterTechnologies)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:17:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 16:46:56 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 21:26:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
(ELService) Intel(R) Quick Resume technology [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -> [2006/06/01 23:55:00 | 00,180,224 | ---- | M] (Intel Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 12:28:12 | 00,036,864 | ---- | M] (Microsoft Corporation)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/12/31 09:08:51 | 00,168,432 | ---- | M] (Google)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/02/22 10:28:34 | 00,081,920 | ---- | M] (Intel Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:11:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 09:25:10 | 00,864,256 | ---- | M] (Microsoft Corporation)
(Imapi Helper) Imapi Helper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alex Feinman\ISO Recorder\ImapiHelper.exe -> [2006/01/05 00:06:02 | 00,163,840 | ---- | M] (Alex Feinman)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/19 22:34:59 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006/06/21 04:38:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 20:57:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 09:25:14 | 00,122,880 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2007/12/05 01:11:00 | 00,155,716 | ---- | M] (NVIDIA Corporation)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [2008/12/02 10:45:00 | 00,066,872 | ---- | M] ()
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PSIService.exe -> [2007/06/05 12:50:32 | 00,177,704 | ---- | M] ()
(RegManServ) Registry Management Service [Win32_Own | Auto | Stopped] ->  -> File not found
(WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 18:49:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\MsPMSPSv.exe -> [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:35:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(3xHybrid) 3xHybrid service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\3xHybrid.sys -> [2006/04/12 14:06:56 | 02,829,696 | ---- | M] (ASUSTek)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> [2007/10/14 13:52:41 | 00,020,747 | ---- | M] (Meetinghouse Data Communications)
(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> [2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH)
(Cdr4_xp) Cdr4_xp [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\cdr4_xp.sys -> [2005/08/19 10:30:00 | 00,002,432 | ---- | M] (Sonic Solutions)
(Cdralw2k) Cdralw2k [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\cdralw2k.sys -> [2005/08/19 10:30:00 | 00,002,560 | ---- | M] (Sonic Solutions)
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %SystemRoot%\system32\drivers\Cdudf_xp.sys -> [2005/06/23 23:34:40 | 00,291,456 | ---- | M] (Sonic Solutions)
(DVDVRRdr_xp) DVDVRRdr_xp [File_System | System | Running] -> %SystemRoot%\system32\drivers\DVDVRRdr_xp.sys -> [2005/06/23 23:24:58 | 00,141,184 | ---- | M] (Windows (R) 2000 DDK provider)
(dvd_2K) dvd_2K [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dvd_2k.sys -> [2005/06/23 23:34:08 | 00,024,320 | ---- | M] (Sonic Solutions)
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2006/01/13 09:57:48 | 00,163,328 | ---- | M] (Intel Corporation)
(ELacpi) ELacpi [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ELacpi.sys -> [2006/05/09 23:06:44 | 00,009,728 | ---- | M] (Intel Corporation)
(ELhid) EL hid Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Elhid.sys -> [2006/05/09 23:06:18 | 00,010,112 | ---- | M] (Intel Corporation)
(ELkbd) EL KB Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Elkbd.sys -> [2006/05/09 23:06:22 | 00,006,912 | ---- | M] (Intel Corporation)
(ELmon) EL Monitor Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Elmon.sys -> [2006/05/09 23:06:42 | 00,007,040 | ---- | M] (Intel Corporation)
(ELmou) EL Mouse Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Elmou.sys -> [2006/05/09 23:06:20 | 00,006,400 | ---- | M] (Intel Corporation)
(epmntdrv) epmntdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\epmntdrv.sys -> [2008/11/25 17:18:26 | 00,008,704 | ---- | M] ()
(EuGdiDrv) EuGdiDrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\EuGdiDrv.sys -> [2008/11/25 17:18:22 | 00,003,072 | ---- | M] ()
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/14 03:06:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HidIr) Microsoft Infrared HID Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hidir.sys -> [2008/04/14 05:15:26 | 00,019,200 | ---- | M] (Microsoft Corporation)
(hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ewusbmdm.sys -> [2008/04/17 15:52:50 | 00,101,376 | ---- | M] (Huawei Technologies Co., Ltd.)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> [2006/02/22 10:14:30 | 00,250,368 | ---- | M] (Intel Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2006/06/15 04:34:12 | 04,299,264 | ---- | M] (Realtek Semiconductor Corp.)
(IrBus) Infrared bus filter driver for eHome remote controls [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\irbus.sys -> [2008/04/14 05:15:34 | 00,046,592 | ---- | M] (Microsoft Corporation)
(kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/14 05:09:48 | 00,014,592 | ---- | M] (Microsoft Corporation)
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mmc_2k.sys -> [2005/06/23 23:20:18 | 00,023,808 | ---- | M] (Sonic Solutions)
(MPE) BDA MPE Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mpe.sys -> [2008/04/14 05:16:22 | 00,015,232 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2007/12/05 01:11:00 | 07,435,392 | ---- | M] (NVIDIA Corporation)
(Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Pcouffin.sys -> [2008/11/21 21:49:26 | 00,047,360 | ---- | M] (VSO Software)
(prodrv06) StarForce Protection Environment Driver v6 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\prodrv06.sys -> [2003/10/10 23:36:24 | 00,052,128 | ---- | M] (Protection Technology)
(prohlp02) StarForce Protection Helper Driver v2 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\prohlp02.sys -> [2003/10/11 00:36:26 | 00,062,720 | ---- | M] (Protection Technology)
(prosync1) StarForce Protection Synchronization Driver v1 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\prosync1.sys -> [2003/09/06 22:52:08 | 00,006,944 | ---- | M] (Protection Technology)
(Ps2) Ps2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PS2.sys -> [2005/12/13 10:57:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/10 14:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Pwd_2k.sys -> [2005/06/23 23:08:36 | 00,117,760 | ---- | M] (Sonic Solutions)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2008/03/06 14:58:02 | 00,043,528 | ---- | M] (Sonic Solutions)
(RT73) Belkin Wireless G Plus MIMO USB Network Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt73.sys -> [2005/11/24 20:21:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> [2004/08/04 08:01:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [2008/12/04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2008/12/04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [2008/12/04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SAVRKBootTasks) Boot Tasks Driver [Kernel | System | Running] -> %SystemRoot%\system32\SAVRKBootTasks.sys -> [2007/08/14 08:12:18 | 00,018,816 | ---- | M] (Sophos Plc)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 20:55:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfdrv01.sys -> [2005/03/04 04:23:57 | 00,048,640 | ---- | M] (Protection Technology)
(sfhlp01) StarForce Protection Helper Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfhlp01.sys -> [2003/09/06 22:57:06 | 00,004,832 | ---- | M] (Protection Technology)
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfhlp02.sys -> [2005/02/24 02:29:54 | 00,006,656 | ---- | M] (Protection Technology)
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfsync02.sys -> [2004/12/03 20:50:41 | 00,020,544 | ---- | M] (Protection Technology)
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation)
(ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH)
(StreamSurge) StreamSurge Driver (miniport) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ss.sys -> [2005/06/18 03:18:46 | 00,019,968 | ---- | M] (WikiTek Inc.)
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> [2006/08/09 00:09:50 | 00,010,344 | ---- | M] (Symantec Corporation)
(UDFReadr) UDFReadr [File_System | System | Running] -> %SystemRoot%\system32\drivers\Udfreadr.sys -> [2005/06/23 23:21:22 | 00,202,496 | ---- | M] (Sonic Solutions)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/14 05:15:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(F-Secure Standalone Minifilter) F-Secure Standalone Minifilter [Kernel | On_Demand | Running] -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk.sys -> [2009/01/22 19:03:50 | 00,070,144 | ---- | M] ()
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com.au/ -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\8k4rytkq.default\prefs.js -> 
browser.search.defaultenginename -> "Google" ->
browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
browser.search.selectedEngine -> "Yahoo" ->
browser.startup.homepage -> "http://www.google.com.au/" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.5" ->
extensions.enabledItems -> {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.8 ->
extensions.enabledItems -> bandwidthmeter@gotomyhelp.com:1.2.5 ->
extensions.enabledItems -> {71328583-3CA7-4809-B4BA-570A85818FBB}:0.4.7.1 ->
extensions.enabledItems -> dlembed@aeruder.net:0.5 ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.3 ->
extensions.enabledItems -> {c50ca3c4-5656-43c2-a061-13e717f73fc8}:1.6.1 ->
extensions.enabledItems -> faviconizetab@espion.just-size.jp:0.9.8.2 ->
extensions.enabledItems -> {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.7.2 ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20080609.0 ->
extensions.enabledItems -> {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20081203 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4 ->
extensions.enabledItems -> {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.1 ->
extensions.enabledItems -> nosquint@urandom.ca:1.93.2.1 ->
extensions.enabledItems -> {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.2.5 ->
extensions.enabledItems -> {7a46f9fe-4818-4837-ae4a-39c53978ae99}:1.4.4 ->
extensions.enabledItems -> {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.3.9 ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 ->
extensions.enabledItems -> {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28 ->
extensions.enabledItems -> {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:0.5.8 ->
extensions.enabledItems -> {049952B3-A745-43bd-8D26-D1349B1ED944}:1.4.2008052701 ->
extensions.enabledItems -> {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3 ->
extensions.enabledItems -> {dc5d9a10-2736-11da-8cd6-0800200c9a66}:1.4.8 ->
extensions.enabledItems -> {ded0fc70-7215-4802-afeb-b2982d3e7225}:3 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 ->
< HOSTS File > (289917 bytes and 10030 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{145B29F4-A56B-4b90-BBAC-45784EBEBBB7} [HKLM] -> %ProgramFiles%\StumbleUpon\StumbleUponIEBar.dll [StumbleUpon Launcher] -> [2007/10/25 05:27:00 | 00,987,832 | ---- | M] (stumbleupon.com)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 23:03:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2009/01/19 22:35:00 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/01/19 22:34:58 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/01/19 22:35:01 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [2004/08/26 11:57:32 | 00,405,504 | ---- | M] ()
"{5093EB4C-3E93-40AB-9266-B607BA87BDC8}" [HKLM] -> %ProgramFiles%\StumbleUpon\StumbleUponIEBar.dll [StumbleUpon Toolbar] -> [2007/10/25 05:27:00 | 00,987,832 | ---- | M] (stumbleupon.com)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"avgnt" -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
"ehTray" -> %SystemRoot%\ehome\ehtray.exe ["C:\WINDOWS\ehome\ehtray.exe"] -> [2005/08/05 21:26:34 | 00,064,512 | ---- | M] (Microsoft Corporation)
"EnGraph QuickTimeKiller" -> %ProgramFiles%\EnGraph\QuicktimeKiller\QuickTimeKiller.exe [C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe] -> [2005/03/20 12:01:04 | 00,045,056 | ---- | M] ( )
"HPBootOp" -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/15 23:04:58 | 00,249,856 | ---- | M] (Hewlett-Packard Company)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup] -> [2004/07/28 00:20:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll ["C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2007/12/05 01:11:00 | 08,523,776 | ---- | M] (NVIDIA Corporation)
"PCDrProfiler" -> %ProgramFiles%\PC-Doctor 5 for Windows\RunProfiler.exe ["C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r] -> File not found
"Recguard" -> %SystemRoot%\SMINST\Recguard.exe ["C:\WINDOWS\SMINST\RECGUARD.EXE"] -> [2005/07/22 22:44:00 | 00,237,568 | ---- | M] ()
"RemoteControl" -> %ProgramFiles%\Roxio\Roxio DVDMax Player\PDVDServ.exe ["C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe"] -> [2003/10/27 02:04:34 | 00,032,768 | ---- | M] (Cyberlink Corp.)
"RoxioEngineUtility" -> %CommonProgramFiles%\Roxio Shared\System\EngUtil.exe ["C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"] -> [2003/05/01 19:14:50 | 00,065,536 | ---- | M] (Roxio)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/01/19 22:34:59 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 18:50:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Skype" -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2008/11/18 16:31:04 | 21,633,320 | R--- | M] (Skype Technologies S.A.)
"SUPERAntiSpyware" -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE ["C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"] -> [2009/01/11 16:43:00 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe-BackupByPhotoshopPortable\Calibration\Adobe Gamma Loader.exe -> File not found
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\ProcessTamer.lnk -> %ProgramFiles%\ProcessTamer\ProcessTamerTray.exe -> [2006/09/20 13:13:52 | 00,151,552 | ---- | M] ()
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
\\"EnableLUA" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Easy-WebPrint Add To Print List -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.] -> File not found
Easy-WebPrint High Speed Print -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.] -> File not found
Easy-WebPrint Preview -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.] -> File not found
Easy-WebPrint Print -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.] -> File not found
StumbleUpon PhotoBlog It! ->  [res://StumbleUponIEBar.dll/blogimage] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{5C2E94DC-F116-4B31-8CA4-36E22ECC5B15}:Exec [HKLM] ->  [Button: Bookmark Master] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> %SystemRoot%\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Connection Help] -> [2008/12/18 00:55:59 | 00,000,706 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Connection Help] -> [2008/12/18 00:55:59 | 00,000,706 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/14 05:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 10:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 10:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Connection Help] -> File not found
CmdMapping\\"{E908B145-C847-4e85-B315-07E2E70DECF8}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 10:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5221 domain(s) found. -> 
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7820 domain(s) found. -> 
63 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scan8/oscan8.cab [BDSCANONLINE Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192340765343 [WUWebControl Class] -> 
{664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} [HKLM] -> http://support.f-secure.com/ols3beta/fscax.cab [F-Secure Online Scanner 3.3] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key does not exist or could not be opened.] -> 
{AE9DCB17-F804-11D2-A44A-0020182C1446} [HKLM] -> file:///J:/SuperCD/IntraLaunch.CAB [IntraLaunch.MainControl] -> 
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{45BD45FD-4B09-45B8-B225-ED8F895294A4} ->    (Belkin Wireless G Plus MIMO USB Network Adapter) -> 
{51B0F284-67B1-4616-B378-39A2B7120CB7} ->    (1394 Net Adapter) -> 
{CAEEC9C9-DD32-48AB-A9A1-3C926EFC128E} ->    () -> 
{D1ED57DB-54BC-4A28-882E-3073C1B6101A} ->    (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
secuload.dll ->  -> File not found
wiki.dll ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> [2009/01/11 16:43:08 | 00,356,352 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 18:50:00 | 00,083,224 | ---- | M] (Microsoft Corporation)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 05:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 10:42:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> [2006/08/08 23:55:52 | 00,036,903 | ---- | M] (Hewlett-Packard)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 05:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 10:42:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" -> C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe [C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32] -> [2008/03/13 12:23:00 | 05,022,944 | ---- | M] (Crytek GmbH)
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" -> C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe [C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32] -> [2008/03/13 12:23:02 | 00,017,120 | ---- | M] (Crytek GmbH)
"C:\Program Files\Electronic Arts\EADM\Core.exe" -> C:\Program Files\Electronic Arts\EADM\Core.exe [C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager] -> [2008/07/22 12:34:50 | 02,772,992 | ---- | M] (Electronic Arts)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/14 10:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/11/18 16:31:04 | 21,633,320 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe" -> C:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe [C:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:*:Enabled:Frontlines Game] -> [2008/10/22 11:24:54 | 22,726,448 | ---- | M] (Kaos Studios)
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" -> C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe [C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)] -> [2007/10/29 20:40:58 | 01,450,688 | ---- | M] ()
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" -> C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe [C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)] -> [2007/10/29 20:55:22 | 05,784,256 | ---- | M] ()
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" -> C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe [C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10] -> [2008/04/16 17:35:22 | 25,667,160 | ---- | M] (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" -> C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe [C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9] -> [2008/04/23 15:46:32 | 26,150,480 | ---- | M] (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" -> C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe [C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update] -> [2008/02/22 11:08:44 | 00,619,144 | ---- | M] (Ubisoft)
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe" -> C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe [C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe:*:Enabled:GRAW] -> [2006/06/29 12:27:26 | 15,269,376 | ---- | M] ()
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe" -> C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe [C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas] -> [2007/10/15 10:00:44 | 33,923,072 | ---- | M] ()
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe" -> C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe [C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater] -> [2006/11/16 23:27:28 | 00,208,896 | ---- | M] (Ubisoft)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> [2006/08/08 23:55:52 | 00,036,903 | ---- | M] (Hewlett-Packard)
"C:\WINDOWS\system32\PnkBstrA.exe" -> C:\WINDOWS\system32\PnkBstrA.exe [C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA] -> [2008/12/02 10:45:00 | 00,066,872 | ---- | M] ()
"C:\WINDOWS\system32\PnkBstrB.exe" -> C:\WINDOWS\system32\PnkBstrB.exe [C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB] -> [2008/12/02 10:45:05 | 00,103,736 | ---- | M] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/14 05:10:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2006/08/08 23:50:48 | 00,000,050 | ---- | M] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] ()
E:\AutoRun.exe [MZ | ] -> E:\AutoRun.exe [ UDF ] -> [2007/08/15 18:19:16 | 00,398,600 | R--- | M] (Electronic Arts)
E:\Autorun [] -> E:\Autorun.exe [ UDF ] -> [2007/08/15 18:19:16 | 00,398,600 | R--- | M] (Electronic Arts)
E:\autorun.dat [ÐÏà¡±á | ] -> E:\autorun.dat [ UDF ] -> [2007/08/16 18:18:10 | 02,162,688 | R--- | M] ()
E:\autorun.inf [[autorun] | open=Autorun.exe | Icon=MOHA.ico | Name=Medal of Honor Airborne |  | [Special] | Disk=1 | ProductGuiID={25F28E39-FDBB-11DB-8314-0800200C9A66} |  | ] -> E:\autorun.inf [ UDF ] -> [2007/08/16 18:18:10 | 00,000,150 | R--- | M] ()
F:\AutoRun.exe [MZ | ] -> F:\AutoRun.exe [ CDFS ] -> [2008/04/24 08:14:40 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
F:\AUTORUN.INF [[AutoRun] | open=AutoRun.exe | icon=3 Mobile.ico | ] -> F:\AUTORUN.INF [ CDFS ] -> [2008/06/14 07:38:02 | 00,000,048 | R--- | M] ()
K:\autorun.exe [MZ | ] -> K:\autorun.exe [ UDF ] -> [2008/03/07 04:30:54 | 00,131,720 | R--- | M] (InstallShield Software Corporation)
K:\autorun.ico [] -> K:\autorun.ico [ UDF ] -> [2008/02/23 01:38:27 | 00,058,601 | R--- | M] ()
K:\autorun.inf [[autorun] | open=autorun.exe | icon=autorun.ico | ] -> K:\autorun.inf [ UDF ] -> [2008/02/23 01:38:27 | 00,000,047 | R--- | M] ()
K:\autorun.ini [[32bit] | EXEName=demo32.exe | DBDName=Splash.dbd | CmdLine=-q | CopyFiles=0 | DIRName=Splash | [0x0409] | Caption=DemoShield Launch | PrepMessage=DemoShield is preparing to launch the DemoShield Demo | WaitMessage=Please wait one moment... | Scanning=Scanning: | Copying=Copying | To=to | Cancel=Cancel | LocalLaunch=Run Locally | NoSpace=Disk space is low. Do you want to run the demo locally? | ] -> K:\autorun.ini [ UDF ] -> [2008/02/23 01:38:44 | 00,000,382 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{43f9db26-a0d7-11dd-ab0c-0018f33057fa}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43f9db26-a0d7-11dd-ab0c-0018f33057fa}\Shell
\{43f9db26-a0d7-11dd-ab0c-0018f33057fa}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43f9db26-a0d7-11dd-ab0c-0018f33057fa}\Shell\AutoRun
\{43f9db26-a0d7-11dd-ab0c-0018f33057fa}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
\{925472f9-f77f-11dc-aa68-001150e31f01}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{925472f9-f77f-11dc-aa68-001150e31f01}\Shell
\{925472f9-f77f-11dc-aa68-001150e31f01}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{925472f9-f77f-11dc-aa68-001150e31f01}\Shell\AutoRun
\{925472f9-f77f-11dc-aa68-001150e31f01}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
\{98e0e2ef-77dd-11dc-a988-806d6172696f}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98e0e2ef-77dd-11dc-a988-806d6172696f}\Shell
\{98e0e2ef-77dd-11dc-a988-806d6172696f}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98e0e2ef-77dd-11dc-a988-806d6172696f}\Shell\AutoRun
\{98e0e2ef-77dd-11dc-a988-806d6172696f}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98e0e2ef-77dd-11dc-a988-806d6172696f}\Shell\AutoRun\command
\{98e0e2ef-77dd-11dc-a988-806d6172696f}\Shell\AutoRun\command\\"" -> K:\autorun.exe [K:\autorun.exe] -> [2008/03/07 04:30:54 | 00,131,720 | R--- | M] (InstallShield Software Corporation)
 
[Registry - Additional Scans - Safe List]
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> 
"{00022613-0000-0000-C000-000000000046}" [HKLM] -> %SystemRoot%\system32\mmsys.cpl [Multimedia File Property Sheet] -> [2008/04/14 10:42:41 | 00,618,496 | ---- | M] (Microsoft Corporation)
"{0006F045-0000-0000-C000-000000000046}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office\OLKFSTUB.DLL [Microsoft Outlook Custom Icon Handler] -> [1998/12/17 15:53:12 | 00,049,202 | ---- | M] (Microsoft Corporation)
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [Autoplay for SlideShow] -> [2008/04/14 10:42:05 | 00,438,272 | ---- | M] (Microsoft Corporation)
"{0873D142-79EF-49fa-81B5-211AAC0B0A7F}" [HKLM] -> %ProgramFiles%\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll [Target Finder Shell Extension] -> [2005/06/23 23:50:46 | 00,172,032 | ---- | M] ()
"{0B124F8F-91F0-11D1-B8B5-006008059382}" [HKLM] -> %SystemRoot%\system32\appwiz.cpl [Installed Apps Enumerator] -> [2008/04/14 10:42:41 | 00,549,888 | ---- | M] (Microsoft Corporation)
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" [HKLM] -> %SystemRoot%\system32\cabview.dll [.CAB file viewer] -> [2008/04/14 10:41:50 | 00,084,480 | ---- | M] (Microsoft Corporation)
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}" [HKLM] -> %SystemRoot%\system32\dsuiext.dll [Directory Property UI] -> [2008/04/14 10:41:52 | 00,113,152 | ---- | M] (Microsoft Corporation)
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Inplace Droplist Combo Control] -> [2008/04/14 10:41:52 | 00,048,128 | ---- | M] (Microsoft Corporation)
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}" [HKLM] -> %SystemRoot%\system32\cscui.dll [Offline Files Folder Options] -> [2008/04/14 10:41:51 | 00,326,656 | ---- | M] (Microsoft Corporation)
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}" [HKLM] -> %SystemRoot%\msagent\agentpsh.dll [Microsoft Agent Character Property Sheet Handler] -> [2008/04/14 10:41:48 | 00,024,064 | ---- | M] (Microsoft Corporation)
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" [HKLM] -> %SystemRoot%\system32\dsquery.dll [Directory Object Find] -> [2008/04/14 10:41:52 | 00,239,104 | ---- | M] (Microsoft Corporation)
"{176d6597-26d3-11d1-b350-080036a75b03}" [HKLM] -> %SystemRoot%\system32\icmui.dll [ICM Scanner Management] -> [2004/08/10 14:30:00 | 00,054,784 | ---- | M] (Microsoft Corporation)
"{19F500E0-9964-11cf-B63D-08002B317C03}" [HKLM] -> %SystemRoot%\system32\LAYOUT.DLL [Desktop Icon Layout] -> [2001/05/26 15:46:42 | 00,013,824 | ---- | M] (Microsoft)
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" [HKLM] -> %SystemRoot%\system32\nvshell.dll [Desktop Explorer] -> [2007/12/05 01:11:00 | 00,466,944 | ---- | M] ()
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" [HKLM] -> %SystemRoot%\system32\nvshell.dll [Desktop Explorer Menu] -> [2007/12/05 01:11:00 | 00,466,944 | ---- | M] ()
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" [HKLM] -> %SystemRoot%\system32\nvshell.dll [nView Desktop Context Menu] -> [2007/12/05 01:11:00 | 00,466,944 | ---- | M] ()
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" [HKLM] -> %SystemRoot%\system32\rshx32.dll [NTFS Security Page] -> [2008/04/14 10:42:04 | 00,039,936 | ---- | M] (Microsoft Corporation)
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> %CommonProgramFiles%\System\Ole DB\oledb32.dll [Microsoft Data Link] -> [2008/04/14 10:42:02 | 00,487,424 | ---- | M] (Microsoft Corporation)
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Inplace Time Control] -> [2008/04/14 10:41:52 | 00,048,128 | ---- | M] (Microsoft Corporation)
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> %ProgramFiles%\Outlook Express\wabfind.dll [For &People...] -> [2008/04/14 10:42:08 | 00,032,768 | ---- | M] (Microsoft Corporation)
"{34F4B935-17DC-4885-8BC9-CCD1ADF42F93}" [HKLM] -> %ProgramFiles%\Alex Feinman\ISO Recorder\ISORecorder.dll [Record ISO Image to CD] -> [2006/01/05 01:04:36 | 00,344,064 | ---- | M] (Alex Feinman)
"{352EC2B7-8B9A-11D1-B8AE-006008059382}" [HKLM] -> %SystemRoot%\system32\appwiz.cpl [Shell Application Manager] -> [2008/04/14 10:42:41 | 00,549,888 | ---- | M] (Microsoft Corporation)
"{35786D3C-B075-49b9-88DD-029876E11C01}" [HKLM] -> %SystemRoot%\system32\WpdShext.dll [Portable Devices] -> [2006/10/18 22:17:22 | 02,603,008 | ---- | M] (Microsoft Corporation)
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" [HKLM] -> %SystemRoot%\system32\docprop.dll [OLE Docfile Property Page] -> [2004/08/10 14:30:00 | 00,046,080 | ---- | M] (Microsoft Corporation)
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [GDI+ file thumbnail extractor] -> [2008/04/14 10:42:05 | 00,438,272 | ---- | M] (Microsoft Corporation)
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}" [HKLM] -> %SystemRoot%\system32\wiashext.dll [Scanners & Cameras] -> [2008/04/14 10:42:08 | 00,589,312 | ---- | M] (Microsoft Corporation)
"{3FF0AAD4-EF61-4409-B47C-62CD81A6D902}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [SFContextMenu] -> File not found
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Video Media Properties Handler] -> [2008/04/14 10:42:05 | 00,152,064 | ---- | M] (Microsoft Corporation)
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" [HKLM] -> %SystemRoot%\system32\ntshrui.dll [Shell extensions for sharing] -> [2008/04/14 10:42:02 | 00,143,360 | ---- | M] (Microsoft Corporation)
"{41E300E0-78B6-11ce-849B-444553540000}" [HKLM] -> %SystemRoot%\system32\themeui.dll [PlusPack CPL Extension] -> [2008/04/14 10:42:07 | 00,385,536 | ---- | M] (Microsoft Corporation)
"{42071712-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] -> %SystemRoot%\system32\deskadp.dll [Display Adapter CPL Extension] -> [2004/08/10 14:30:00 | 00,016,384 | ---- | M] (Microsoft Corporation)
"{42071713-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] -> %SystemRoot%\system32\deskmon.dll [Display Monitor CPL Extension] -> [2004/08/10 14:30:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
"{44121072-A222-48f2-A58A-6D9AD51EBBE9}" [HKLM] -> %SystemRoot%\system32\XPSSHHDR.dll [Microsoft.XPS.Shell.Thumbnail.1] -> [2007/03/23 06:37:54 | 00,583,504 | ---- | M] (Microsoft Corporation)
"{45670FA8-ED97-4F44-BC93-305082590BFB}" [HKLM] -> %SystemRoot%\system32\XPSSHHDR.dll [Microsoft.XPS.Shell.Metadata.1] -> [2007/03/23 06:37:54 | 00,583,504 | ---- | M] (Microsoft Corporation)
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" [HKLM] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\shlext.dll [Shell Extension for Malware scanning] -> [2008/06/12 13:48:42 | 00,065,793 | ---- | M] (Avira GmbH)
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}" [HKLM] -> %SystemRoot%\system32\mydocs.dll [MyDocs Properties] -> [2008/04/14 10:42:01 | 00,090,624 | ---- | M] (Microsoft Corporation)
"{4E40F770-369C-11d0-8922-00A024AB2DBB}" [HKLM] -> %SystemRoot%\system32\dssec.dll [DS Security Page] -> [2008/04/14 10:41:52 | 00,051,200 | ---- | M] (Microsoft Corporation)
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" [HKLM] -> %SystemRoot%\system32\slayerxp.dll [Compatibility Page] -> [2008/04/14 10:42:06 | 00,025,088 | ---- | M] (Microsoft Corporation)
"{56117100-C0CD-101B-81E2-00AA004AE837}" [HKLM] -> %SystemRoot%\system32\shscrap.dll [Shell Scrap DataHandler] -> [2008/04/14 10:42:05 | 00,027,648 | ---- | M] (Microsoft Corporation)
"{58f1f272-9240-4f51-b6d4-fd63d1618591}" [HKLM] -> %SystemRoot%\system32\netplwiz.dll [Get a Passport Wizard] -> [2008/04/14 10:42:01 | 00,875,008 | ---- | M] (Microsoft Corporation)
"{59099400-57FF-11CE-BD94-0020AF85B590}" [HKLM] -> %SystemRoot%\system32\diskcopy.dll [Disk Copy Extension] -> [2008/04/14 10:41:52 | 01,504,256 | ---- | M] (Microsoft Corporation)
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" [HKLM] -> %SystemRoot%\system32\twext.dll [Previous Versions Property Page] -> [2008/04/14 10:42:07 | 00,057,856 | ---- | M] (Microsoft Corporation)
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" [HKLM] -> %SystemRoot%\system32\ntlanui2.dll [Shell extensions for Microsoft Windows Network objects] -> [2004/08/10 14:30:00 | 00,014,336 | ---- | M] (Microsoft Corporation)
"{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}" [HKLM] ->  [IVB Shl Ext] -> File not found
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" [HKLM] -> %SystemRoot%\system32\icmui.dll [ICM Monitor Management] -> [2004/08/10 14:30:00 | 00,054,784 | ---- | M] (Microsoft Corporation)
"{5E44E225-A408-11CF-B581-008029601108}" [HKLM] -> %ProgramFiles%\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll [Roxio DragToDisc Shell Extension] -> [2005/06/24 00:03:12 | 00,319,488 | ---- | M] (Sonic Solutions)
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" [HKLM] -> %SystemRoot%\system32\wuaucpl.cpl [Auto Update Property Sheet Extension] -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation)
"{60254CA5-953B-11CF-8C96-00AA00B8708C}" [HKLM] -> %SystemRoot%\system32\wshext.dll [Shell extensions for Windows Script Host] -> [2008/05/09 21:23:40 | 00,090,112 | ---- | M] (Microsoft Corporation)
"{60fd46de-f830-4894-a628-6fa81bc0190d}" [HKLM] -> %SystemRoot%\system32\photowiz.dll [%DESC_PublishDropTarget%] -> [2008/04/14 10:42:02 | 00,176,128 | ---- | M] (Microsoft Corporation)
"{62AE1F9A-126A-11D0-A14B-0800361B1103}" [HKLM] -> %SystemRoot%\system32\dsuiext.dll [Directory Context Menu Verbs] -> [2008/04/14 10:41:52 | 00,113,152 | ---- | M] (Microsoft Corporation)
"{63da6ec0-2e98-11cf-8d82-444553540000}" [HKLM] -> %SystemRoot%\system32\msieftp.dll [FTP Folders Webview] -> [2008/04/14 10:41:59 | 00,248,832 | ---- | M] (Microsoft Corporation)
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" [HKLM] -> %SystemRoot%\system32\audiodev.dll [Portable Media Devices] -> [2006/10/18 22:17:08 | 00,276,992 | ---- | M] (Microsoft Corporation)
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [Shell Image Data Factory] -> [2008/04/14 10:42:05 | 00,438,272 | ---- | M] (Microsoft Corporation)
"{675F097E-4C4D-11D0-B6C1-0800091AA605}" [HKLM] -> %SystemRoot%\system32\icmui.dll [ICM Printer Management] -> [2004/08/10 14:30:00 | 00,054,784 | ---- | M] (Microsoft Corporation)
"{67C63340-679B-11D2-92EE-000021474C11}" [HKLM] -> %SystemRoot%\system32\OpenExpert.dll [OpenExpert Extensions] -> [2002/05/31 02:30:22 | 00,121,344 | ---- | M] ()
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" [HKLM] -> %SystemRoot%\system32\extmgr.dll [Extensions Manager Folder] -> [2008/10/17 07:08:35 | 00,133,120 | ---- | M] (Microsoft Corporation)
"{6A205B57-2567-4A2C-B881-F787FAB579A3}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Inplace Calendar Control] -> [2008/04/14 10:41:52 | 00,048,128 | ---- | M] (Microsoft Corporation)
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" [HKLM] -> %SystemRoot%\system32\netplwiz.dll [Shell Publishing Wizard Object] -> [2008/04/14 10:42:01 | 00,875,008 | ---- | M] (Microsoft Corporation)
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" [HKLM] -> %SystemRoot%\system32\netshell.dll [Network Connections] -> [2008/04/14 10:42:02 | 01,703,936 | ---- | M] (Microsoft Corporation)
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}" [HKLM] -> %SystemRoot%\system32\cryptext.dll [Crypto PKO Extension] -> [2008/04/14 10:41:51 | 00,053,760 | ---- | M] (Microsoft Corporation)
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}" [HKLM] -> %SystemRoot%\system32\cryptext.dll [Crypto Sign Extension] -> [2008/04/14 10:41:51 | 00,053,760 | ---- | M] (Microsoft Corporation)
"{750fdf0e-2a26-11d1-a3ea-080036587f03}" [HKLM] -> %SystemRoot%\system32\cscui.dll [Offline Files Menu] -> [2008/04/14 10:41:51 | 00,326,656 | ---- | M] (Microsoft Corporation)
"{77597368-7b15-11d0-a0c2-080036af3f03}" [HKLM] -> %SystemRoot%\system32\printui.dll [Web Printer Shell Extension] -> [2008/04/14 10:42:03 | 00,560,640 | ---- | M] (Microsoft Corporation)
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" [HKLM] -> %SystemRoot%\system32\mstask.dll [Tasks Folder Shell Extension] -> [2008/04/14 10:42:00 | 00,274,944 | ---- | M] (Microsoft Corporation)
"{7988B573-EC89-11cf-9C00-00AA00A14F56}" [HKLM] -> %SystemRoot%\system32\dskquoui.dll [Disk Quota UI] -> [2008/04/14 10:41:52 | 00,155,648 | ---- | M] (Microsoft Corporation)
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" [HKLM] -> %SystemRoot%\system32\mmcshext.dll [MMC Icon Handler] -> [2008/04/14 10:41:57 | 00,061,440 | ---- | M] (Microsoft Corporation)
"{7A9D77BD-5403-11d2-8785-2E0420524153}" [HKLM] -> %SystemRoot%\system32\netplwiz.dll [User Accounts] -> [2008/04/14 10:42:01 | 00,875,008 | ---- | M] (Microsoft Corporation)
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" [HKLM] -> %SystemRoot%\system32\ShellvRTF.dll [ShellViewRTF] -> [2005/06/03 22:59:30 | 00,237,568 | ---- | M] (XSS)
"{83bbcbf3-b28a-4919-a5aa-73027445d672}" [HKLM] -> %SystemRoot%\system32\wiashext.dll [Scanners & Cameras] -> [2008/04/14 10:42:08 | 00,589,312 | ---- | M] (Microsoft Corporation)
"{85BBD920-42A0-1069-A2E4-08002B30309D}" [HKLM] -> %SystemRoot%\system32\syncui.dll [Briefcase] -> [2008/04/14 10:42:07 | 00,191,488 | ---- | M] (Microsoft Corporation)
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Audio Media Properties Handler] -> [2008/04/14 10:42:05 | 00,152,064 | ---- | M] (Microsoft Corporation)
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Avi Properties Handler] -> [2008/04/14 10:42:05 | 00,152,064 | ---- | M] (Microsoft Corporation)
"{883373C3-BF89-11D1-BE35-080036B11A03}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Shell Ext] -> [2008/04/14 10:41:52 | 00,048,128 | ---- | M] (Microsoft Corporation)
"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> %SystemRoot%\system32\hticons.dll [HyperTerminal Icon Ext] -> [2004/08/10 14:30:00 | 00,044,544 | ---- | M] (Hilgraeve, Inc.)
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" [HKLM] -> %SystemRoot%\system32\zipfldr.dll [Compressed (zipped) Folder SendTo Target] -> [2008/04/14 10:42:11 | 00,338,432 | ---- | M] (Microsoft Corporation)
"{88C6C381-2E85-11D0-94DE-444553540000}" [HKLM] -> %SystemRoot%\system32\occache.dll [ActiveX Cache Folder] -> [2008/10/17 07:08:39 | 00,102,912 | ---- | M] (Microsoft Corporation)
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" [HKLM] -> %SystemRoot%\system32\dsquery.dll [Directory Query UI] -> [2008/04/14 10:41:52 | 00,239,104 | ---- | M] (Microsoft Corporation)
"{8DD448E6-C188-4aed-AF92-44956194EB1F}" [HKLM] -> %SystemRoot%\system32\wmpshell.dll [Windows Media Player Burn Audio CD Context Menu Handler] -> [2006/10/18 22:17:20 | 00,099,840 | ---- | M] (Microsoft Corporation)
"{8EE97210-FD1F-4B19-91DA-67914005F020}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Inplace ML Edit Box Control] -> [2008/04/14 10:41:52 | 00,048,128 | ---- | M] (Microsoft Corporation)
"{905667aa-acd6-11d2-8080-00805f6596d2}" [HKLM] -> %SystemRoot%\system32\wiashext.dll [Scanners & Cameras] -> [2008/04/14 10:42:08 | 00,589,312 | ---- | M] (Microsoft Corporation)
"{992CFFA0-F557-101A-88EC-00DD010CCC48}" [HKLM] -> %SystemRoot%\system32\netshell.dll [Network Connections] -> [2008/04/14 10:42:02 | 01,703,936 | ---- | M] (Microsoft Corporation)
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" [HKLM] -> %SystemRoot%\system32\twext.dll [Previous Versions] -> [2008/04/14 10:42:07 | 00,057,856 | ---- | M] (Microsoft Corporation)
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [Summary Info Thumbnail handler (DOCFILES)] -> [2008/04/14 10:42:05 | 00,438,272 | ---- | M] (Microsoft Corporation)
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" [HKLM] -> %SystemRoot%\system32\dsquery.dll [Shell properties for a DS object] -> [2008/04/14 10:41:52 | 00,239,104 | ---- | M] (Microsoft Corporation)
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" [HKLM] -> %SystemRoot%\system32\sendmail.dll [Sendmail service] -> [2008/04/14 10:42:05 | 00,054,784 | ---- | M] (Microsoft Corporation)
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" [HKLM] -> %SystemRoot%\system32\sendmail.dll [Sendmail service] -> [2008/04/14 10:42:05 | 00,054,784 | ---- | M] (Microsoft Corporation)
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" [HKLM] -> %ProgramFiles%\a-squared Free\a2freecontmenu.dll [a-squared Free Shell Extension] -> [2008/12/17 08:32:04 | 00,224,400 | ---- | M] (Emsi Software GmbH)
"{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC}" [HKLM] -> %ProgramFiles%\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll [My Media] -> [2003/07/15 13:08:28 | 01,191,936 | ---- | M] (Roxio, Inc.)
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Midi Properties Handler] -> [2008/04/14 10:42:05 | 00,152,064 | ---- | M] (Microsoft Corporation)
"{A70C977A-BF00-412C-90B7-034C51DA2439}" [HKLM] -> %SystemRoot%\system32\nvcpl.dll [NvCpl DesktopContext Class] -> [2007/12/05 01:11:00 | 08,523,776 | ---- | M] (NVIDIA Corporation)
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" [HKLM] -> %SystemRoot%\system32\docprop2.dll [Microsoft DocProp Inplace Edit Box Control] -> [2008/04/14 10:41:52 | 00,048,128 | ---- | M] (Microsoft Corporation)
"{add36aa8-751a-4579-a266-d66f5202ccbb}" [HKLM] -> %SystemRoot%\system32\netplwiz.dll [Print Ordering via the Web] -> [2008/04/14 10:42:01 | 00,875,008 | ---- | M] (Microsoft Corporation)
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" [HKLM] -> %SystemRoot%\system32\cscui.dll [Offline Files Folder] -> [2008/04/14 10:41:51 | 00,326,656 | ---- | M] (Microsoft Corporation)
"{BD472F60-27FA-11cf-B8B4-444553540000}" [HKLM] -> %SystemRoot%\system32\zipfldr.dll [Compressed (zipped) Folder Right Drag Handler] -> [2008/04/14 10:42:11 | 00,338,432 | ---- | M] (Microsoft Corporation)
"{BD84B380-8CA2-1069-AB1D-08000948F534}" [HKLM] -> %SystemRoot%\system32\fontext.dll [Fonts] -> [2008/04/14 10:41:53 | 00,382,976 | ---- | M] (Microsoft Corporation)
"{C38C9EFF-166C-11D4-98D6-204C4F4F5020}" [HKLM] ->  [Piky Basket] -> File not found
"{c5a40261-cd64-4ccf-84cb-c394da41d590}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Video Thumbnail Extractor] -> [2008/04/14 10:42:05 | 00,152,064 | ---- | M] (Microsoft Corporation)
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" [HKLM] -> %SystemRoot%\system32\netplwiz.dll [Web Publishing Wizard] -> [2008/04/14 10:42:01 | 00,875,008 | ---- | M] (Microsoft Corporation)
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" [HKLM] -> %SystemRoot%\system32\wmpshell.dll [Windows Media Player Play as Playlist Context Menu Handler] -> [2006/10/18 22:17:20 | 00,099,840 | ---- | M] (Microsoft Corporation)
"{CFCCC7A0-A282-11D1-9082-006008059382}" [HKLM] -> %SystemRoot%\system32\appwiz.cpl [Darwin App Publisher] -> [2008/04/14 10:42:41 | 00,549,888 | ---- | M] (Microsoft Corporation)
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" [HKLM] -> %SystemRoot%\system32\mstask.dll [Scheduled Tasks] -> [2008/04/14 10:42:00 | 00,274,944 | ---- | M] (Microsoft Corporation)
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" [HKLM] -> %SystemRoot%\system32\WpdShext.dll [Portable Devices Menu] -> [2006/10/18 22:17:22 | 02,603,008 | ---- | M] (Microsoft Corporation)
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" [HKLM] -> %SystemRoot%\system32\icmui.dll [ICC Profile] -> [2004/08/10 14:30:00 | 00,054,784 | ---- | M] (Microsoft Corporation)
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" [HKLM] -> %SystemRoot%\system32\mstask.dll [Tasks Folder Icon Handler] -> [2008/04/14 10:42:00 | 00,274,944 | ---- | M] (Microsoft Corporation)
"{E0D79304-84BE-11CE-9641-444553540000}" [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> [2002/11/22 07:40:00 | 00,020,552 | ---- | M] (WinZip Computing, Inc.)
"{E0D79305-84BE-11CE-9641-444553540000}" [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> [2002/11/22 07:40:00 | 00,020,552 | ---- | M] (WinZip Computing, Inc.)
"{E0D79306-84BE-11CE-9641-444553540000}" [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> [2002/11/22 07:40:00 | 00,020,552 | ---- | M] (WinZip Computing, Inc.)
"{E0D79307-84BE-11CE-9641-444553540000}" [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> [2002/11/22 07:40:00 | 00,020,552 | ---- | M] (WinZip Computing, Inc.)
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}" [HKLM] -> %SystemRoot%\system32\wiashext.dll [Scanners & Cameras] -> [2008/04/14 10:42:08 | 00,589,312 | ---- | M] (Microsoft Corporation)
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" [HKLM] -> %SystemRoot%\system32\dfshim.dll [Shell Icon Handler for Application References] -> [2007/10/24 01:17:28 | 00,096,760 | ---- | M] (Microsoft Corporation)
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}" [HKLM] -> %SystemRoot%\system32\shmedia.dll [Wav Properties Handler] -> [2008/04/14 10:42:05 | 00,152,064 | ---- | M] (Microsoft Corporation)
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" [HKLM] -> %SystemRoot%\system32\dfshim.dll [ShellLink for Application References] -> [2007/10/24 01:17:28 | 00,096,760 | ---- | M] (Microsoft Corporation)
"{e84fda7c-1d6a-45f6-b725-cb260c236066}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [Shell Image Verbs] -> [2008/04/14 10:42:05 | 00,438,272 | ---- | M] (Microsoft Corporation)
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" [HKLM] -> %SystemRoot%\system32\zipfldr.dll [Compressed (zipped) Folder] -> [2008/04/14 10:42:11 | 00,338,432 | ---- | M] (Microsoft Corporation)
"{EAB841A0-9550-11cf-8C16-00805F1408F3}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [HTML Thumbnail Extractor] -> [2008/04/14 10:42:05 | 00,438,272 | ---- | M] (Microsoft Corporation)
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" [HKLM] -> %SystemRoot%\system32\shimgvw.dll [Shell Image Property Handler] -> [2008/04/14 10:42:05 | 00,438,272 | ---- | M] (Microsoft Corporation)
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" [HKLM] -> %SystemRoot%\system32\dfsshlex.dll [DfsShell] -> [2008/04/14 10:41:51 | 00,028,672 | ---- | M] (Microsoft Corporation)
"{ECF03A32-103D-11d2-854D-006008059367}" [HKLM] -> %SystemRoot%\system32\mydocs.dll [MyDocs Drop Target] -> [2008/04/14 10:42:01 | 00,090,624 | ---- | M] (Microsoft Corporation)
"{ECF03A33-103D-11d2-854D-006008059367}" [HKLM] -> %SystemRoot%\system32\mydocs.dll [MyDocs Copy Hook] -> [2008/04/14 10:42:01 | 00,090,624 | ---- | M] (Microsoft Corporation)
"{F0152790-D56E-4445-850E-4F3117DB740C}" [HKLM] -> %SystemRoot%\system32\remotepg.dll [Remote Sessions CPL Extension] -> [2008/04/14 10:42:04 | 00,060,416 | ---- | M] (Microsoft Corporation)
"{F020E586-5264-11d1-A532-0000F8757D7E}" [HKLM] -> %SystemRoot%\system32\dsquery.dll [Directory Start/Search Find] -> [2008/04/14 10:41:52 | 00,239,104 | ---- | M] (Microsoft Corporation)
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Shell Extensions for RealOne Player] -> File not found
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" [HKLM] -> %SystemRoot%\system32\wmpshell.dll [Windows Media Player Add to Playlist Context Menu Handler] -> [2006/10/18 22:17:20 | 00,099,840 | ---- | M] (Microsoft Corporation)
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" [HKLM] -> %SystemRoot%\system32\rshx32.dll [Printers Security Page] -> [2008/04/14 10:42:04 | 00,039,936 | ---- | M] (Microsoft Corporation)
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" [HKLM] -> %SystemRoot%\system32\ntshrui.dll [Shell extensions for sharing] -> [2008/04/14 10:42:02 | 00,143,360 | ---- | M] (Microsoft Corporation)
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" [HKLM] -> %SystemRoot%\system32\deskperf.dll [Display TroubleShoot CPL Extension] -> [2004/08/10 14:30:00 | 00,018,432 | ---- | M] (Microsoft Corporation)
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" [HKLM] -> %SystemRoot%\system32\wiashext.dll [Scanners & Cameras] -> [2008/04/14 10:42:08 | 00,589,312 | ---- | M] (Microsoft Corporation)
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" [HKLM] -> %SystemRoot%\system32\nvcpl.dll [Play on my TV helper] -> [2007/12/05 01:11:00 | 08,523,776 | ---- | M] (NVIDIA Corporation)
< Approved Shell Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> 
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}" [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> [2001/05/19 22:27:40 | 00,561,209 | ---- | M] ()
 
[Files/Folders - Created Within 90 Days]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Snap185.jpg -> %UserProfile%\My Documents\Snap185.jpg -> [2009/01/23 21:56:48 | 00,022,193 | ---- | C] ()
fsaua.data -> %SystemDrive%\fsaua.data -> [2009/01/22 18:01:14 | 00,000,000 | ---D | C]
Kasperski1.html -> %UserProfile%\My Documents\Kasperski1.html -> [2009/01/22 06:14:01 | 00,002,800 | ---- | C] ()
Thumbs.db -> %AllUsersProfile%\Desktop\Thumbs.db -> [2009/01/21 21:02:50 | 00,006,144 | -HS- | C] ()
Kasperski.html -> %UserProfile%\My Documents\Kasperski.html -> [2009/01/21 19:48:35 | 00,002,743 | ---- | C] ()
jv16 PowerTools.lnk -> %UserProfile%\Desktop\jv16 PowerTools.lnk -> [2009/01/18 23:18:31 | 00,000,711 | ---- | C] ()
jv16 PowerTools -> %ProgramFiles%\jv16 PowerTools -> [2009/01/18 23:18:29 | 00,000,000 | ---D | C]
Shortcut to Noiseware.exe (2).lnk -> %UserProfile%\Desktop\Shortcut to Noiseware.exe (2).lnk -> [2009/01/18 22:48:18 | 00,000,834 | ---- | C] ()
omsk.jpg -> %UserProfile%\My Documents\omsk.jpg -> [2009/01/18 21:55:28 | 00,079,867 | ---- | C] ()
rsit -> %SystemDrive%\rsit -> [2009/01/18 08:43:12 | 00,000,000 | ---D | C]
65F1CF6331E0450B96F34A88BE7361A6.TMP -> %SystemRoot%\65F1CF6331E0450B96F34A88BE7361A6.TMP -> [2009/01/17 19:47:41 | 00,000,000 | ---D | C]
ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [2009/01/17 14:55:10 | 00,000,056 | -H-- | C] ()
skypePM -> %AppData%\skypePM -> [2009/01/17 14:55:08 | 00,000,000 | ---D | C]
Skype -> %AppData%\Skype -> [2009/01/17 14:51:46 | 00,000,000 | ---D | C]
Skype.lnk -> %AllUsersProfile%\Desktop\Skype.lnk -> [2009/01/17 14:50:27 | 00,002,257 | ---- | C] ()
Skype -> %ProgramFiles%\Skype -> [2009/01/17 14:50:16 | 00,000,000 | ---D | C]
Skype -> %CommonProgramFiles%\Skype -> [2009/01/17 14:50:16 | 00,000,000 | ---D | C]
Skype -> %AllUsersProfile%\Application Data\Skype -> [2009/01/17 14:50:05 | 00,000,000 | ---D | C]
Softi FreeOCR.lnk -> %AllUsersProfile%\Desktop\Softi FreeOCR.lnk -> [2009/01/17 14:10:51 | 00,000,974 | ---- | C] ()
tessdata -> %SystemRoot%\tessdata -> [2009/01/17 14:10:49 | 00,000,000 | ---D | C]
Softi Software -> %ProgramFiles%\Softi Software -> [2009/01/17 14:10:40 | 00,000,000 | ---D | C]
Softi Software -> %AppData%\Softi Software -> [2009/01/17 14:10:25 | 00,000,000 | ---D | C]
leica m3.jpg -> %UserProfile%\My Documents\leica m3.jpg -> [2009/01/14 17:51:03 | 00,205,890 | ---- | C] ()
lm046q1.jpg -> %UserProfile%\My Documents\lm046q1.jpg -> [2009/01/13 20:35:32 | 00,110,204 | ---- | C] ()
lm046q.jpg -> %UserProfile%\My Documents\lm046q.jpg -> [2009/01/13 20:35:28 | 00,096,494 | ---- | C] ()
lm481p1.jpg -> %UserProfile%\My Documents\lm481p1.jpg -> [2009/01/13 20:33:13 | 00,085,403 | ---- | C] ()
lm481p.jpg -> %UserProfile%\My Documents\lm481p.jpg -> [2009/01/13 20:33:09 | 00,080,043 | ---- | C] ()
LWCITM.jpg -> %UserProfile%\My Documents\LWCITM.jpg -> [2009/01/13 20:32:22 | 00,184,369 | ---- | C] ()
DSC00039rev.jpg -> %UserProfile%\My Documents\DSC00039rev.jpg -> [2009/01/13 20:31:47 | 00,798,523 | ---- | C] ()
MP-50.jpg -> %UserProfile%\My Documents\MP-50.jpg -> [2009/01/13 20:31:10 | 00,114,670 | ---- | C] ()
camera family 3.jpg -> %UserProfile%\My Documents\camera family 3.jpg -> [2009/01/13 20:30:31 | 00,254,396 | ---- | C] ()
chromettl.jpg -> %UserProfile%\My Documents\chromettl.jpg -> [2009/01/13 20:30:09 | 00,241,654 | ---- | C] ()
193573545.jpg -> %UserProfile%\My Documents\193573545.jpg -> [2009/01/13 20:29:47 | 00,173,782 | ---- | C] ()
mda+elmarit135.jpg -> %UserProfile%\My Documents\mda+elmarit135.jpg -> [2009/01/13 20:29:38 | 00,137,979 | ---- | C] ()
154062682.jpg -> %UserProfile%\My Documents\154062682.jpg -> [2009/01/13 20:29:05 | 00,056,713 | ---- | C] ()
DSC_0009.jpg -> %UserProfile%\My Documents\DSC_0009.jpg -> [2009/01/13 20:28:52 | 00,324,720 | ---- | C] ()
LeicaLunaStarbig.jpg -> %UserProfile%\My Documents\LeicaLunaStarbig.jpg -> [2009/01/13 20:28:19 | 00,133,016 | ---- | C] ()
kameraleder1.jpg -> %UserProfile%\My Documents\kameraleder1.jpg -> [2009/01/13 20:27:54 | 00,093,524 | ---- | C] ()
KillBox.exe -> %UserProfile%\My Documents\KillBox.exe -> [2009/01/12 08:22:25 | 00,073,728 | ---- | C] (Option^Explicit Software                        vbtechcd@gmail.com)
masters of photography.flv -> %UserProfile%\My Documents\masters of photography.flv -> [2009/01/11 22:34:20 | 11,761,417 | ---- | C] ()
Wim Wenders Movie for Leica Camera.flv -> %UserProfile%\My Documents\Wim Wenders Movie for Leica Camera.flv -> [2009/01/11 22:24:13 | 03,941,234 | ---- | C] ()
Recent -> %UserProfile%\Recent -> [2009/01/11 17:29:14 | 00,000,000 | RH-D | C]
SAVRKBootTasks.sys -> %SystemRoot%\System32\SAVRKBootTasks.sys -> [2009/01/11 14:59:01 | 00,018,816 | ---- | C] (Sophos Plc)
Snap177.jpg -> %UserProfile%\My Documents\Snap177.jpg -> [2009/01/11 14:43:19 | 00,033,199 | ---- | C] ()
qtp HDR software.lnk -> %UserProfile%\Desktop\qtp HDR software.lnk -> [2009/01/11 09:13:45 | 00,000,633 | ---- | C] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2009/01/10 21:37:29 | 00,054,156 | -H-- | C] ()
QTFont.for -> %SystemRoot%\QTFont.for -> [2009/01/10 21:37:29 | 00,001,409 | ---- | C] ()
Registry Toolkit.lnk -> %AllUsersProfile%\Desktop\Registry Toolkit.lnk -> [2009/01/10 17:13:57 | 00,001,093 | ---- | C] ()
Lightroom.lnk -> %AllUsersProfile%\Desktop\Lightroom.lnk -> [2009/01/10 00:26:17 | 00,001,839 | ---- | C] ()
Avira AntiVir Personal Profile My Documents.LNK -> %UserProfile%\Desktop\Avira AntiVir Personal Profile My Documents.LNK -> [2009/01/09 23:01:52 | 00,001,884 | ---- | C] ()
My Corel Shows -> %UserProfile%\My Documents\My Corel Shows -> [2009/01/09 21:56:20 | 00,000,000 | ---D | C]
Desktop.ini -> %UserProfile%\My Documents\Desktop.ini -> [2009/01/09 21:45:45 | 00,000,088 | -HS- | C] ()
Snap175.jpg -> %UserProfile%\My Documents\Snap175.jpg -> [2009/01/09 08:12:54 | 00,178,320 | ---- | C] ()
Snap173.jpg -> %UserProfile%\My Documents\Snap173.jpg -> [2009/01/09 08:12:54 | 00,100,749 | ---- | C] ()
Snap174.jpg -> %UserProfile%\My Documents\Snap174.jpg -> [2009/01/09 08:12:54 | 00,100,344 | ---- | C] ()
Snap172.jpg -> %UserProfile%\My Documents\Snap172.jpg -> [2009/01/09 08:12:54 | 00,084,210 | ---- | C] ()
Snap171.jpg -> %UserProfile%\My Documents\Snap171.jpg -> [2009/01/09 08:12:54 | 00,081,809 | ---- | C] ()
Snap176.jpg -> %UserProfile%\My Documents\Snap176.jpg -> [2009/01/09 08:12:54 | 00,033,953 | ---- | C] ()
Flickr -> %UserProfile%\Local Settings\Application Data\Flickr -> [2009/01/01 17:36:45 | 00,000,000 | ---D | C]
Flickr Uploadr.lnk -> %UserProfile%\Desktop\Flickr Uploadr.lnk -> [2009/01/01 17:36:19 | 00,001,655 | ---- | C] ()
Easy-PhotoPrint.lnk -> %AllUsersProfile%\Desktop\Easy-PhotoPrint.lnk -> [2009/01/01 17:14:03 | 00,001,709 | ---- | C] ()
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [2008/12/29 11:54:02 | 00,000,000 | ---D | C]
Adobe -> %AppData%\Adobe -> [2008/12/29 11:36:49 | 00,000,000 | ---D | C]
Ubisoft -> %AppData%\Ubisoft -> [2008/12/24 17:56:41 | 00,000,000 | ---D | C]
Ubisoft -> %AllUsersProfile%\Application Data\Ubisoft -> [2008/12/24 17:56:08 | 00,000,000 | ---D | C]
Assassin's Creed.lnk -> %AllUsersProfile%\Desktop\Assassin's Creed.lnk -> [2008/12/24 17:54:28 | 00,001,844 | ---- | C] ()
Shortcut to RawImport.exe.lnk -> %UserProfile%\Desktop\Shortcut to RawImport.exe.lnk -> [2008/12/23 21:30:22 | 00,000,703 | ---- | C] ()
Roxio Easy Media Creator Basic DVD Home.lnk -> %AllUsersProfile%\Desktop\Roxio Easy Media Creator Basic DVD Home.lnk -> [2008/12/23 19:06:56 | 00,001,983 | ---- | C] ()
SureThing CD Labeler 4 SE.lnk -> %AllUsersProfile%\Desktop\SureThing CD Labeler 4 SE.lnk -> [2008/12/23 17:44:34 | 00,000,689 | ---- | C] ()
SureThing -> %ProgramFiles%\SureThing -> [2008/12/23 17:44:14 | 00,000,000 | ---D | C]
MVUNINST -> %SystemRoot%\MVUNINST -> [2008/12/23 17:44:14 | 00,000,000 | ---D | C]
Roxio DVDMax Player.lnk -> %AllUsersProfile%\Desktop\Roxio DVDMax Player.lnk -> [2008/12/23 17:39:50 | 00,001,831 | ---- | C] ()
Roxio Easy CD & DVD Creator 6.lnk -> %AllUsersProfile%\Desktop\Roxio Easy CD & DVD Creator 6.lnk -> [2008/12/23 17:35:25 | 00,001,817 | ---- | C] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/12/21 08:10:09 | 00,001,613 | ---- | C] ()
install.dat -> %SystemDrive%\install.dat -> [2008/12/20 22:20:33 | 00,000,164 | ---- | C] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/20 21:57:39 | 00,001,745 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/12/20 21:57:37 | 00,000,000 | ---D | C]
Tenebril -> %AllUsersProfile%\Application Data\Tenebril -> [2008/12/20 11:44:41 | 00,000,000 | ---D | C]
AntiVir PE Classic.lnk -> %AllUsersProfile%\Desktop\AntiVir PE Classic.lnk -> [2008/12/19 23:36:30 | 00,001,862 | ---- | C] ()
avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> [2008/12/19 23:36:21 | 00,045,376 | ---- | C] (Avira GmbH)
ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> [2008/12/19 23:36:21 | 00,028,352 | ---- | C] (Avira GmbH)
avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> [2008/12/19 23:36:21 | 00,022,336 | ---- | C] (Avira GmbH)
avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> [2008/12/19 23:36:19 | 00,075,072 | ---- | C] (Avira GmbH)
Avira -> %ProgramFiles%\Avira -> [2008/12/19 23:36:18 | 00,000,000 | ---D | C]
Avira -> %AllUsersProfile%\Application Data\Avira -> [2008/12/19 23:36:18 | 00,000,000 | ---D | C]
a-squared Free.lnk -> %AllUsersProfile%\Desktop\a-squared Free.lnk -> [2008/12/19 06:35:16 | 00,000,659 | ---- | C] ()
a-squared Free -> %UserProfile%\My Documents\a-squared Free -> [2008/12/19 06:35:10 | 00,000,000 | ---D | C]
a-squared Free -> %ProgramFiles%\a-squared Free -> [2008/12/19 06:35:10 | 00,000,000 | ---D | C]
SpycatcherAgentSetupTemp -> %SystemRoot%\System32\SpycatcherAgentSetupTemp -> [2008/12/19 06:15:40 | 00,000,000 | ---D | C]
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [2008/12/19 05:53:54 | 00,000,701 | ---- | C] ()
SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [2008/12/19 05:53:52 | 00,000,000 | ---D | C]
Sophos Anti-Rootkit (2).lnk -> %UserProfile%\Desktop\Sophos Anti-Rootkit (2).lnk -> [2008/12/18 08:01:33 | 00,001,767 | ---- | C] ()
Prefetch -> %SystemRoot%\Prefetch -> [2008/12/18 01:08:00 | 00,000,000 | ---D | C]
scripting -> %SystemRoot%\System32\scripting -> [2008/12/18 00:51:36 | 00,000,000 | ---D | C]
l2schemas -> %SystemRoot%\l2schemas -> [2008/12/18 00:51:36 | 00,000,000 | ---D | C]
en -> %SystemRoot%\System32\en -> [2008/12/18 00:51:35 | 00,000,000 | ---D | C]
bits -> %SystemRoot%\System32\bits -> [2008/12/18 00:51:35 | 00,000,000 | ---D | C]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [2008/12/18 00:48:14 | 00,000,000 | ---D | C]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [2008/12/18 00:40:13 | 00,000,000 | -H-D | C]
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/12/17 22:34:47 | 00,000,804 | ---- | C] ()
Imagenomic -> %ProgramFiles%\Imagenomic -> [2008/12/17 20:08:25 | 00,000,000 | ---D | C]
Scan20005yyy.jpg -> %UserProfile%\My Documents\Scan20005yyy.jpg -> [2008/12/17 20:01:56 | 00,463,512 | ---- | C] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2008/12/17 19:18:39 | 00,000,944 | ---- | C] ()
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [2008/12/17 17:57:56 | 00,000,000 | ---D | C]
Thumbs.db -> %SystemRoot%\System32\Thumbs.db -> [2008/12/17 07:56:04 | 00,014,848 | -HS- | C] ()
Shortcut to Elements (O).lnk -> %UserProfile%\Desktop\Shortcut to Elements (O).lnk -> [2008/12/16 20:52:04 | 00,000,187 | ---- | C] ()
!KillBox -> %SystemDrive%\!KillBox -> [2008/12/16 20:47:27 | 00,000,000 | ---D | C]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [2008/12/16 18:06:36 | 00,000,000 | ---D | C]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2008/12/16 18:05:47 | 00,000,791 | ---- | C] ()
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [2008/12/16 18:05:46 | 00,000,000 | ---D | C]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [2008/12/16 18:05:46 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2008/12/16 17:29:52 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/16 17:29:51 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/16 17:29:51 | 00,000,707 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/16 17:29:49 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/16 17:29:48 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/12/16 17:29:48 | 00,000,000 | ---D | C]
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2008/12/16 17:11:23 | 00,001,559 | ---- | C] ()
CCleaner -> %ProgramFiles%\CCleaner -> [2008/12/16 17:11:22 | 00,000,000 | ---D | C]
Shortcut to HijackThis.exe.lnk -> %UserProfile%\Desktop\Shortcut to HijackThis.exe.lnk -> [2008/12/16 08:03:59 | 00,000,653 | ---- | C] ()
HijackThis -> %ProgramFiles%\HijackThis -> [2008/12/16 07:43:44 | 00,000,000 | ---D | C]
spyware doctor -> %UserProfile%\My Documents\spyware doctor -> [2008/12/16 07:18:08 | 00,000,000 | ---D | C]
Shortcut to Corel Paint Shop Pro Photo.exe.lnk -> %UserProfile%\Desktop\Shortcut to Corel Paint Shop Pro Photo.exe.lnk -> [2008/12/15 22:14:26 | 00,000,900 | ---- | C] ()
TeaTimer (Spybot - Search & Destroy) -> %ProgramFiles%\TeaTimer (Spybot - Search & Destroy) -> [2008/12/15 18:50:42 | 00,000,000 | ---D | C]
Misc. Support Library (Spybot - Search & Destroy) -> %ProgramFiles%\Misc. Support Library (Spybot - Search & Destroy) -> [2008/12/15 18:50:41 | 00,000,000 | ---D | C]
SDHelper (Spybot - Search & Destroy) -> %ProgramFiles%\SDHelper (Spybot - Search & Destroy) -> [2008/12/15 18:50:40 | 00,000,000 | ---D | C]
File Scanner Library (Spybot - Search & Destroy) -> %ProgramFiles%\File Scanner Library (Spybot - Search & Destroy) -> [2008/12/15 18:50:36 | 00,000,000 | ---D | C]
FastStone Photo Resizer.lnk -> %AllUsersProfile%\Desktop\FastStone Photo Resizer.lnk -> [2008/12/14 11:27:08 | 00,000,803 | ---- | C] ()
FastStone Photo Resizer -> %ProgramFiles%\FastStone Photo Resizer -> [2008/12/14 11:27:02 | 00,000,000 | ---D | C]
{0691F710-1ECA-4B5A-9727-25554F1BFDC6} -> %AllUsersProfile%\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} -> [2008/12/12 18:04:25 | 00,000,000 | -H-D | C]
Crysis WARHEAD.lnk -> %AllUsersProfile%\Desktop\Crysis WARHEAD.lnk -> [2008/12/12 18:04:16 | 00,000,936 | ---- | C] ()
EA Download Manager.lnk -> %AllUsersProfile%\Desktop\EA Download Manager.lnk -> [2008/12/12 17:48:24 | 00,001,821 | ---- | C] ()
ProgramData -> %SystemDrive%\ProgramData -> [2008/12/12 17:48:20 | 00,000,000 | ---D | C]
ealregsnapshot1.reg -> %SystemRoot%\System32\ealregsnapshot1.reg -> [2008/12/12 17:48:01 | 00,001,142 | ---- | C] ()
mswinsck.ocx -> %SystemRoot%\System32\drivers\setup\mswinsck.ocx -> [2008/12/11 18:10:01 | 00,108,336 | ---- | C] (Microsoft Corporation)
startup.reg -> %SystemRoot%\System32\drivers\setup\startup.reg -> [2008/12/11 18:10:01 | 00,000,632 | ---- | C] ()
setup -> %SystemRoot%\System32\drivers\setup -> [2008/12/11 18:10:01 | 00,000,000 | ---D | C]
irc -> %SystemRoot%\System32\drivers\setup\irc -> [2008/12/11 18:10:01 | 00,000,000 | ---D | C]
hosts -> %SystemRoot%\System32\drivers\setup\hosts -> [2008/12/11 18:10:01 | 00,000,000 | ---D | C]
downloader -> %SystemRoot%\System32\drivers\setup\downloader -> [2008/12/11 18:10:01 | 00,000,000 | ---D | C]
Shortcut to FSViewer.exe.lnk -> %UserProfile%\Desktop\Shortcut to FSViewer.exe.lnk -> [2008/12/10 19:32:40 | 00,000,643 | ---- | C] ()
FSViewer36 -> %ProgramFiles%\FSViewer36 -> [2008/12/10 18:47:05 | 00,000,000 | ---D | C]
Shortcut to Flickr Uploadr.exe.lnk -> %UserProfile%\Desktop\Shortcut to Flickr Uploadr.exe.lnk -> [2008/12/08 18:50:52 | 00,000,693 | ---- | C] ()
Downloads -> %UserProfile%\My Documents\Downloads -> [2008/12/08 17:18:39 | 00,000,000 | ---D | C]
NTFSFormat.dll -> %SystemRoot%\System32\NTFSFormat.dll -> [2008/12/03 20:16:43 | 00,472,064 | ---- | C] ()
BootMan.exe -> %SystemRoot%\System32\BootMan.exe -> [2008/12/03 20:16:43 | 00,225,280 | ---- | C] ()
DeviceManager.dll -> %SystemRoot%\System32\DeviceManager.dll -> [2008/12/03 20:16:43 | 00,180,736 | ---- | C] ()
NTFSCopy.dll -> %SystemRoot%\System32\NTFSCopy.dll -> [2008/12/03 20:16:43 | 00,139,776 | ---- | C] ()
Partition.dll -> %SystemRoot%\System32\Partition.dll -> [2008/12/03 20:16:43 | 00,093,184 | ---- | C] ()
NTFSLib.dll -> %SystemRoot%\System32\NTFSLib.dll -> [2008/12/03 20:16:43 | 00,086,528 | ---- | C] ()
setupempdrv03.exe -> %SystemRoot%\System32\setupempdrv03.exe -> [2008/12/03 20:16:43 | 00,086,408 | ---- | C] ()
ResizeNTFS.dll -> %SystemRoot%\System32\ResizeNTFS.dll -> [2008/12/03 20:16:43 | 00,086,016 | ---- | C] ()
Device.dll -> %SystemRoot%\System32\Device.dll -> [2008/12/03 20:16:43 | 00,068,096 | ---- | C] ()
FatCopy.dll -> %SystemRoot%\System32\FatCopy.dll -> [2008/12/03 20:16:43 | 00,065,536 | ---- | C] ()
FatResizeMove.dll -> %SystemRoot%\System32\FatResizeMove.dll -> [2008/12/03 20:16:43 | 00,061,952 | ---- | C] ()
FileSystemCheck.dll -> %SystemRoot%\System32\FileSystemCheck.dll -> [2008/12/03 20:16:43 | 00,045,568 | ---- | C] ()
FatLib.dll -> %SystemRoot%\System32\FatLib.dll -> [2008/12/03 20:16:43 | 00,031,744 | ---- | C] ()
FATFileSystemAnalyser.dll -> %SystemRoot%\System32\FATFileSystemAnalyser.dll -> [2008/12/03 20:16:43 | 00,025,088 | ---- | C] ()
NTFSFileSystemAnalyser.dll -> %SystemRoot%\System32\NTFSFileSystemAnalyser.dll -> [2008/12/03 20:16:43 | 00,024,576 | ---- | C] ()
FatFormat.dll -> %SystemRoot%\System32\FatFormat.dll -> [2008/12/03 20:16:43 | 00,022,016 | ---- | C] ()
Fixup.dll -> %SystemRoot%\System32\Fixup.dll -> [2008/12/03 20:16:43 | 00,021,504 | ---- | C] ()
SectorCopy.dll -> %SystemRoot%\System32\SectorCopy.dll -> [2008/12/03 20:16:43 | 00,017,920 | ---- | C] ()
FileSystemAnalyser.dll -> %SystemRoot%\System32\FileSystemAnalyser.dll -> [2008/12/03 20:16:43 | 00,014,848 | ---- | C] ()
EuEpmGdi.dll -> %SystemRoot%\System32\EuEpmGdi.dll -> [2008/12/03 20:16:43 | 00,014,848 | ---- | C] ()
DeviceAdapter.dll -> %SystemRoot%\System32\DeviceAdapter.dll -> [2008/12/03 20:16:43 | 00,010,752 | ---- | C] ()
epmntdrv.sys -> %SystemRoot%\System32\epmntdrv.sys -> [2008/12/03 20:16:43 | 00,008,704 | ---- | C] ()
CallbackOperator.dll -> %SystemRoot%\System32\CallbackOperator.dll -> [2008/12/03 20:16:43 | 00,006,656 | ---- | C] ()
EuGdiDrv.sys -> %SystemRoot%\System32\EuGdiDrv.sys -> [2008/12/03 20:16:43 | 00,003,072 | ---- | C] ()
AbleRAWer -> %ProgramFiles%\AbleRAWer -> [2008/12/03 18:05:08 | 00,000,000 | ---D | C]
Stepok's RAW Importer -> %ProgramFiles%\Stepok's RAW Importer -> [2008/12/03 17:50:26 | 00,000,000 | ---D | C]
Crysis.lnk -> %AllUsersProfile%\Desktop\Crysis.lnk -> [2008/12/02 10:43:43 | 00,000,990 | ---- | C] ()
Nik Software -> %AppData%\Nik Software -> [2008/11/29 17:39:01 | 00,000,000 | ---D | C]
MSSecurityNS -> %SystemRoot%\MSSecurityNS -> [2008/11/29 17:36:29 | 00,000,000 | ---D | C]
MSSecurityNi -> %SystemRoot%\MSSecurityNi -> [2008/11/29 17:36:29 | 00,000,000 | ---D | C]
SILKYPIX Developer Studio 3.0E Free.lnk -> %AllUsersProfile%\Desktop\SILKYPIX Developer Studio 3.0E Free.lnk -> [2008/11/26 22:16:26 | 00,001,845 | ---- | C] ()
Phase_One -> %UserProfile%\Local Settings\Application Data\Phase_One -> [2008/11/26 22:15:06 | 00,000,000 | ---D | C]
Phase One -> %AllUsersProfile%\Application Data\Phase One -> [2008/11/26 22:13:27 | 00,000,000 | ---D | C]
CaptureOne -> %UserProfile%\Local Settings\Application Data\CaptureOne -> [2008/11/26 22:13:23 | 00,000,000 | ---D | C]
Pixmantec -> %AppData%\Pixmantec -> [2008/11/26 21:21:48 | 00,000,000 | ---D | C]
RawShooter essentials 2006.lnk -> %AllUsersProfile%\Desktop\RawShooter essentials 2006.lnk -> [2008/11/26 21:18:02 | 00,000,923 | ---- | C] ()
Pixmantec -> %ProgramFiles%\Pixmantec -> [2008/11/26 21:18:01 | 00,000,000 | ---D | C]
Alex Feinman -> %ProgramFiles%\Alex Feinman -> [2008/11/23 15:51:55 | 00,000,000 | ---D | C]
imageCache7.db -> %UserProfile%\Local Settings\Application Data\imageCache7.db -> [2008/11/23 14:46:18 | 00,000,000 | ---- | C] ()
Pcouffin.sys -> %SystemRoot%\System32\drivers\Pcouffin.sys -> [2008/11/21 21:49:26 | 00,047,360 | ---- | C] (VSO Software)
Magic DVD Copier.lnk -> %UserProfile%\Desktop\Magic DVD Copier.lnk -> [2008/11/21 21:49:25 | 00,000,701 | ---- | C] ()
MagicDVDCopier -> %ProgramFiles%\MagicDVDCopier -> [2008/11/21 21:49:24 | 00,000,000 | ---D | C]
SILKYPIX Developer Studio 2.0 SE.lnk -> %AllUsersProfile%\Desktop\SILKYPIX Developer Studio 2.0 SE.lnk -> [2008/11/21 21:07:02 | 00,002,515 | ---- | C] ()
ISL -> %ProgramFiles%\ISL -> [2008/11/21 21:06:56 | 00,000,000 | ---D | C]
Shortcut to Photoshop.lnk -> %UserProfile%\Desktop\Shortcut to Photoshop.lnk -> [2008/11/17 17:43:00 | 00,000,966 | ---- | C] ()
vlc -> %AppData%\vlc -> [2008/11/15 23:52:01 | 00,000,000 | ---D | C]
GHISLER -> %UserProfile%\Local Settings\Application Data\GHISLER -> [2008/11/15 23:47:25 | 00,000,000 | ---D | C]
FLV-Media Player.lnk -> %UserProfile%\Desktop\FLV-Media Player.lnk -> [2008/11/15 23:28:13 | 00,000,407 | ---- | C] ()
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/12 20:27:15 | 00,455,296 | ---- | C] (Microsoft Corporation)
Load Advanced AI in SandBox2.lnk -> %UserProfile%\Desktop\Load Advanced AI in SandBox2.lnk -> [2008/11/11 22:26:13 | 00,001,799 | ---- | C] ()
Play Advanced AI.lnk -> %UserProfile%\Desktop\Play Advanced AI.lnk -> [2008/11/11 22:26:12 | 00,001,781 | ---- | C] ()
Alla Resized for Web -> %UserProfile%\My Documents\Alla Resized for Web -> [2008/11/09 13:10:47 | 00,000,000 | ---D | C]
spmsg.dll -> %SystemRoot%\System32\spmsg.dll -> [2008/11/08 20:50:39 | 00,017,272 | ---- | C] (Microsoft Corporation)
GameShadow.lnk -> %UserProfile%\Desktop\GameShadow.lnk -> [2008/11/08 20:47:22 | 00,001,895 | ---- | C] ()
Downloaded Installations -> %UserProfile%\Local Settings\Application Data\Downloaded Installations -> [2008/11/08 20:46:59 | 00,000,000 | ---D | C]
Frontlines - Fuel of War.lnk -> %AllUsersProfile%\Desktop\Frontlines - Fuel of War.lnk -> [2008/11/08 13:40:42 | 00,001,838 | ---- | C] ()
DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [2008/11/08 13:40:08 | 00,000,000 | ---D | C]
AGEIA -> %SystemRoot%\System32\AGEIA -> [2008/11/08 13:39:56 | 00,000,000 | ---D | C]
THQ -> %AllUsersProfile%\Application Data\THQ -> [2008/11/08 13:37:53 | 00,000,000 | ---D | C]
Shortcut to CrysisLauncher.lnk -> %UserProfile%\Desktop\Shortcut to CrysisLauncher.lnk -> [2008/11/08 09:33:04 | 00,000,809 | ---- | C] ()
EndItAll.lnk -> %UserProfile%\Desktop\EndItAll.lnk -> [2008/11/08 00:31:09 | 00,000,641 | ---- | C] ()
EndItAll -> %ProgramFiles%\EndItAll -> [2008/11/08 00:31:08 | 00,000,000 | ---D | C]
ProcessTamer.lnk -> %UserProfile%\Start Menu\Programs\Startup\ProcessTamer.lnk -> [2008/11/06 19:12:53 | 00,000,775 | ---- | C] ()
DonationCoder_processtamer_InstallInfo.dat -> %SystemRoot%\System32\DonationCoder_processtamer_InstallInfo.dat -> [2008/11/06 17:11:27 | 00,000,046 | ---- | C] ()
DSC_1341aqs.jpg -> %UserProfile%\My Documents\DSC_1341aqs.jpg -> [2008/11/04 07:27:59 | 00,557,471 | ---- | C] ()
DSC_1337ttggd.jpg -> %UserProfile%\My Documents\DSC_1337ttggd.jpg -> [2008/11/04 07:27:03 | 00,624,186 | ---- | C] ()
avg8 -> %AllUsersProfile%\Application Data\avg8 -> [2008/11/04 07:24:40 | 00,000,000 | ---D | C]
AVG -> %ProgramFiles%\AVG -> [2008/11/04 07:24:40 | 00,000,000 | ---D | C]
Shortcut to my image favorites.lnk -> %UserProfile%\Desktop\Shortcut to my image favorites.lnk -> [2008/10/29 08:40:16 | 00,000,353 | ---- | C] ()
Crysis_devmode.lnk -> %UserProfile%\Desktop\Crysis_devmode.lnk -> [2008/10/28 21:35:55 | 00,001,008 | ---- | C] ()
My Games -> %UserProfile%\My Documents\My Games -> [2008/10/27 18:29:53 | 00,000,000 | ---D | C]
PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [2008/10/27 18:12:01 | 00,022,328 | ---- | C] ()
PnkBstrK.sys -> %AppData%\PnkBstrK.sys -> [2008/10/27 18:12:01 | 00,022,328 | ---- | C] ()
pbsvc.exe -> %SystemRoot%\System32\pbsvc.exe -> [2008/10/27 18:11:45 | 00,669,184 | ---- | C] ()
PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [2008/10/27 18:11:45 | 00,103,736 | ---- | C] ()
PnkBstrA.exe -> %SystemRoot%\System32\PnkBstrA.exe -> [2008/10/27 18:11:45 | 00,066,872 | ---- | C] ()
Electronic Arts -> %ProgramFiles%\Electronic Arts -> [2008/10/27 17:56:40 | 00,000,000 | R--D | C]
 
[Files/Folders - Modified Within 90 Days]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
17 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> 
17 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> 
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/01/24 09:29:15 | 12,058,624 | ---- | M] ()
Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [2009/01/24 08:36:48 | 03,958,272 | -HS- | M] ()
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2009/01/24 00:00:42 | 00,000,330 | -H-- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/01/24 00:00:24 | 00,005,483 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/01/24 00:00:24 | 00,004,232 | ---- | M] ()
Snap185.jpg -> %UserProfile%\My Documents\Snap185.jpg -> [2009/01/23 21:56:48 | 00,022,193 | ---- | M] ()
perf.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat -> [2009/01/23 18:17:13 | 00,000,128 | ---- | M] ()
KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys -> [2009/01/23 17:41:50 | 00,009,914 | -HS- | M] ()
PKP_DLec.DAT -> %AllUsersProfile%\Application Data\PKP_DLec.DAT -> [2009/01/23 17:22:22 | 00,000,020 | -H-- | M] ()
PKP_DLds.DAT -> %AllUsersProfile%\Application Data\PKP_DLds.DAT -> [2009/01/23 17:22:22 | 00,000,020 | -H-- | M] ()
fsusscr.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> [2009/01/23 17:17:57 | 00,928,392 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> [2009/01/23 17:17:57 | 00,928,392 | ---- | M] (F-Secure Corporation)
fsedb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [2009/01/23 17:17:47 | 01,889,170 | ---- | M] ()
fsedb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat -> [2009/01/23 17:17:47 | 01,889,170 | ---- | M] ()
sai.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat -> [2009/01/23 17:17:41 | 00,001,348 | ---- | M] ()
sai.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat -> [2009/01/23 17:17:41 | 00,001,348 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat -> [2009/01/23 17:17:41 | 00,000,449 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat -> [2009/01/23 17:17:41 | 00,000,449 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat -> [2009/01/23 17:17:41 | 00,000,243 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat -> [2009/01/23 17:17:41 | 00,000,243 | ---- | M] ()
sfdb.dat -> %UserProfile%\Local Settings\Temp\jkos-HP_Administrator\engine\bases\sfdb.dat -> [2009/01/23 07:28:33 | 00,775,612 | ---- | M] ()
kosglue-7.0.25.0.dll -> %UserProfile%\Local Settings\Temp\jkos-HP_Administrator\binaries\kosglue-7.0.25.0.dll -> [2009/01/23 07:25:42 | 00,729,152 | ---- | M] (Kaspersky Lab)
prremote.dll -> %UserProfile%\Local Settings\Temp\jkos-HP_Administrator\binaries\prremote.dll -> [2009/01/23 07:25:41 | 00,090,112 | ---- | M] (Kaspersky Lab)
msvcr80.dll -> %UserProfile%\Local Settings\Temp\jkos-HP_Administrator\binaries\msvcr80.dll -> [2009/01/23 07:25:40 | 00,626,688 | ---- | M] ()
prLoader.dll -> %UserProfile%\Local Settings\Temp\jkos-HP_Administrator\binaries\prLoader.dll -> [2009/01/23 07:25:40 | 00,184,320 | ---- | M] (Kaspersky Lab)
msvcp80.dll -> %UserProfile%\Local Settings\Temp\jkos-HP_Administrator\binaries\msvcp80.dll -> [2009/01/23 07:25:39 | 00,548,864 | ---- | M] (Microsoft Corporation)
kave.dll -> %UserProfile%\Local Settings\Temp\jkos-HP_Administrator\binaries\kave.dll -> [2009/01/23 07:25:38 | 00,282,624 | ---- | M] (Kaspersky Lab.)
ikave.dll -> %UserProfile%\Local Settings\Temp\jkos-HP_Administrator\binaries\ikave.dll -> [2009/01/23 07:25:38 | 00,065,536 | ---- | M] ()
ScanningProcess.exe -> %UserProfile%\Local Settings\Temp\jkos-HP_Administrator\binaries\ScanningProcess.exe -> [2009/01/23 07:25:37 | 00,139,264 | ---- | M] (Kaspersky Lab.)
FSSync.dll -> %UserProfile%\Local Settings\Temp\jkos-HP_Administrator\binaries\FSSync.dll -> [2009/01/23 07:25:36 | 00,038,400 | ---- | M] (Kaspersky Lab)
msvcm80.dll -> %UserProfile%\Local Settings\Temp\jkos-HP_Administrator\binaries\msvcm80.dll -> [2009/01/23 07:25:34 | 00,479,232 | ---- | M] (Microsoft Corporation)
Thumbs.db -> %SystemRoot%\Thumbs.db -> [2009/01/23 07:14:16 | 00,060,416 | -HS- | M] ()
fsmart.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> [2009/01/22 19:04:32 | 00,147,456 | ---- | M] (F-Secure Corporation)
fsmart.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> [2009/01/22 19:04:32 | 00,147,456 | ---- | M] (F-Secure Corporation)
fssm32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> [2009/01/22 19:04:25 | 00,519,816 | ---- | M] (F-Secure Corp.)
fssm32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> [2009/01/22 19:04:25 | 00,519,816 | ---- | M] (F-Secure Corp.)
fm4av.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [2009/01/22 19:04:25 | 00,482,448 | ---- | M] ()
fm4av.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> [2009/01/22 19:04:25 | 00,482,448 | ---- | M] ()
fsgk32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> [2009/01/22 19:04:25 | 00,440,448 | ---- | M] (F-Secure Corp.)
fsgk32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> [2009/01/22 19:04:25 | 00,440,448 | ---- | M] (F-Secure Corp.)
AVPFPI0.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> [2009/01/22 19:04:25 | 00,154,304 | ---- | M] (Kaspersky Lab)
AVPFPI0.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> [2009/01/22 19:04:25 | 00,154,304 | ---- | M] (Kaspersky Lab)
fsepx32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsepx32.dll -> [2009/01/22 19:04:25 | 00,150,144 | ---- | M] (F-Secure Corporation)
fsepx32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsepx32.dll -> [2009/01/22 19:04:25 | 00,150,144 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> [2009/01/22 19:04:25 | 00,120,456 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> [2009/01/22 19:04:25 | 00,120,456 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsuss.dll -> [2009/01/22 19:04:25 | 00,106,496 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuss.dll -> [2009/01/22 19:04:25 | 00,106,496 | ---- | M] (F-Secure Corporation)
fsgkiapi.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> [2009/01/22 19:04:25 | 00,100,456 | ---- | M] (F-Secure Corp.)
fsgkiapi.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> [2009/01/22 19:04:25 | 00,100,456 | ---- | M] (F-Secure Corp.)
avpproxy.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> [2009/01/22 19:04:25 | 00,084,672 | ---- | M] (F-Secure Corporation)
avpproxy.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> [2009/01/22 19:04:25 | 00,084,672 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> [2009/01/22 19:04:25 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> [2009/01/22 19:04:25 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsup32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> [2009/01/22 19:04:16 | 00,577,536 | ---- | M] (F-Secure Corporation)
fsup32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> [2009/01/22 19:04:16 | 00,577,536 | ---- | M] (F-Secure Corporation)
fsupdllb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [2009/01/22 19:04:16 | 00,422,594 | ---- | M] ()
fsupdllb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [2009/01/22 19:04:16 | 00,422,594 | ---- | M] ()
fspe32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> [2009/01/22 19:04:16 | 00,385,024 | ---- | M] (F-Secure Corporation)
fspe32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> [2009/01/22 19:04:16 | 00,385,024 | ---- | M] (F-Secure Corporation)
fsecr32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> [2009/01/22 19:04:16 | 00,262,144 | ---- | M] (F-Secure Corporation)
fsecr32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> [2009/01/22 19:04:16 | 00,262,144 | ---- | M] (F-Secure Corporation)
fsupnp32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> [2009/01/22 19:04:16 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupnp32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> [2009/01/22 19:04:16 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupfg32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> [2009/01/22 19:04:16 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupfg32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> [2009/01/22 19:04:16 | 00,098,304 | ---- | M] (F-Secure Corporation)
fsupwu32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> [2009/01/22 19:04:16 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupwu32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> [2009/01/22 19:04:16 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupux32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> [2009/01/22 19:04:16 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupux32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> [2009/01/22 19:04:16 | 00,090,112 | ---- | M] (F-Secure Corporation)
fsupmw32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> [2009/01/22 19:04:16 | 00,086,016 | ---- | M] (F-Secure Corporation)
fsupmw32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> [2009/01/22 19:04:16 | 00,086,016 | ---- | M] (F-Secure Corporation)
fsupcx32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> [2009/01/22 19:04:16 | 00,073,728 | ---- | M] (F-Secure Corporation)
fsupcx32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> [2009/01/22 19:04:16 | 00,073,728 | ---- | M] (F-Secure Corporation)
fsuptmpl.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat -> [2009/01/22 19:04:16 | 00,005,828 | ---- | M] ()
fsuptmpl.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat -> [2009/01/22 19:04:16 | 00,005,828 | ---- | M] ()
fsupplgn.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat -> [2009/01/22 19:04:16 | 00,000,226 | ---- | M] ()
fsupplgn.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat -> [2009/01/22 19:04:16 | 00,000,226 | ---- | M] ()
fsblu.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> [2009/01/22 19:03:55 | 00,731,784 | ---- | M] (F-Secure Corporation)
fsbld.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> [2009/01/22 19:03:55 | 00,731,784 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> [2009/01/22 19:03:50 | 00,651,264 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> [2009/01/22 19:03:50 | 00,651,264 | ---- | M] (F-Secure Corporation)
Nse_w32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> [2009/01/22 19:03:45 | 00,588,856 | ---- | M] (Norman ASA)
Nse_w32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [2009/01/22 19:03:45 | 00,588,856 | ---- | M] (Norman ASA)
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2009/01/22 18:54:30 | 00,054,156 | -H-- | M] ()
hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat -> [2009/01/22 17:42:11 | 00,000,248 | ---- | M] ()
Perflib_Perfdata_b7c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_b7c.dat -> [2009/01/22 17:40:38 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_140.dat -> %SystemRoot%\Temp\Perflib_Perfdata_140.dat -> [2009/01/22 17:39:17 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/22 17:39:15 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/22 17:38:55 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/01/22 17:38:51 | 10,721,23904 | -HS- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/22 16:34:58 | 00,000,178 | -HS- | M] ()
Kasperski1.html -> %UserProfile%\My Documents\Kasperski1.html -> [2009/01/22 06:14:01 | 00,002,800 | ---- | M] ()
Thumbs.db -> %AllUsersProfile%\Application Data\Thumbs.db -> [2009/01/21 21:02:51 | 00,008,704 | -HS- | M] ()
Thumbs.db -> %AllUsersProfile%\Desktop\Thumbs.db -> [2009/01/21 21:02:50 | 00,006,144 | -HS- | M] ()
Thumbs.db -> %SystemRoot%\System32\Thumbs.db -> [2009/01/21 20:59:29 | 00,014,848 | -HS- | M] ()
Kasperski.html -> %UserProfile%\My Documents\Kasperski.html -> [2009/01/21 19:48:35 | 00,002,743 | ---- | M] ()
Skype.lnk -> %AllUsersProfile%\Desktop\Skype.lnk -> [2009/01/20 21:20:03 | 00,002,257 | ---- | M] ()
S-1-5-21-719643214-4086298668-1613825807-1007.dat -> %SystemRoot%\Temp\wrstemp\S-1-5-21-719643214-4086298668-1613825807-1007.dat -> [2009/01/20 16:51:26 | 00,005,592 | ---- | M] ()
S-1-5-20.dat -> %SystemRoot%\Temp\wrstemp\S-1-5-20.dat -> [2009/01/20 16:51:26 | 00,004,250 | ---- | M] ()
S-1-5-19.dat -> %SystemRoot%\Temp\wrstemp\S-1-5-19.dat -> [2009/01/20 16:51:26 | 00,004,182 | ---- | M] ()
S-1-5-18.dat -> %SystemRoot%\Temp\wrstemp\S-1-5-18.dat -> [2009/01/20 16:51:26 | 00,003,434 | ---- | M] ()
jv16 PowerTools.lnk -> %UserProfile%\Desktop\jv16 PowerTools.lnk -> [2009/01/18 23:18:31 | 00,000,711 | ---- | M] ()
Shortcut to Noiseware.exe (2).lnk -> %UserProfile%\Desktop\Shortcut to Noiseware.exe (2).lnk -> [2009/01/18 22:48:18 | 00,000,834 | ---- | M] ()
omsk.jpg -> %UserProfile%\My Documents\omsk.jpg -> [2009/01/18 21:55:28 | 00,079,867 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/01/17 22:39:00 | 00,222,720 | ---- | M] ()
ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [2009/01/17 14:55:10 | 00,000,056 | -H-- | M] ()
Softi FreeOCR.lnk -> %AllUsersProfile%\Desktop\Softi FreeOCR.lnk -> [2009/01/17 14:10:51 | 00,000,974 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/01/17 13:43:17 | 00,000,883 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/01/16 21:09:32 | 00,000,290 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/16 17:43:56 | 00,001,158 | ---- | M] ()
OCRDel.exe -> %UserProfile%\Local Settings\Temp\OCRDel.exe -> [2009/01/14 17:59:30 | 00,016,384 | ---- | M] ()
leica m3.jpg -> %UserProfile%\My Documents\leica m3.jpg -> [2009/01/14 17:51:05 | 00,205,890 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
lm046q1.jpg -> %UserProfile%\My Documents\lm046q1.jpg -> [2009/01/13 20:35:32 | 00,110,204 | ---- | M] ()
lm046q.jpg -> %UserProfile%\My Documents\lm046q.jpg -> [2009/01/13 20:35:29 | 00,096,494 | ---- | M] ()
lm481p1.jpg -> %UserProfile%\My Documents\lm481p1.jpg -> [2009/01/13 20:33:13 | 00,085,403 | ---- | M] ()
lm481p.jpg -> %UserProfile%\My Documents\lm481p.jpg -> [2009/01/13 20:33:09 | 00,080,043 | ---- | M] ()
LWCITM.jpg -> %UserProfile%\My Documents\LWCITM.jpg -> [2009/01/13 20:32:23 | 00,184,369 | ---- | M] ()
DSC00039rev.jpg -> %UserProfile%\My Documents\DSC00039rev.jpg -> [2009/01/13 20:31:48 | 00,798,523 | ---- | M] ()
MP-50.jpg -> %UserProfile%\My Documents\MP-50.jpg -> [2009/01/13 20:31:10 | 00,114,670 | ---- | M] ()
camera family 3.jpg -> %UserProfile%\My Documents\camera family 3.jpg -> [2009/01/13 20:30:32 | 00,254,396 | ---- | M] ()
chromettl.jpg -> %UserProfile%\My Documents\chromettl.jpg -> [2009/01/13 20:30:09 | 00,241,654 | ---- | M] ()
193573545.jpg -> %UserProfile%\My Documents\193573545.jpg -> [2009/01/13 20:29:47 | 00,173,782 | ---- | M] ()
mda+elmarit135.jpg -> %UserProfile%\My Documents\mda+elmarit135.jpg -> [2009/01/13 20:29:39 | 00,137,979 | ---- | M] ()
154062682.jpg -> %UserProfile%\My Documents\154062682.jpg -> [2009/01/13 20:29:07 | 00,056,713 | ---- | M] ()
DSC_0009.jpg -> %UserProfile%\My Documents\DSC_0009.jpg -> [2009/01/13 20:28:53 | 00,324,720 | ---- | M] ()
LeicaLunaStarbig.jpg -> %UserProfile%\My Documents\LeicaLunaStarbig.jpg -> [2009/01/13 20:28:19 | 00,133,016 | ---- | M] ()
kameraleder1.jpg -> %UserProfile%\My Documents\kameraleder1.jpg -> [2009/01/13 20:27:58 | 00,093,524 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/01/12 07:54:13 | 00,000,284 | ---- | M] ()
masters of photography.flv -> %UserProfile%\My Documents\masters of photography.flv -> [2009/01/11 22:36:42 | 11,761,417 | ---- | M] ()
Wim Wenders Movie for Leica Camera.flv -> %UserProfile%\My Documents\Wim Wenders Movie for Leica Camera.flv -> [2009/01/11 22:24:57 | 03,941,234 | ---- | M] ()
S-1-5-21-719643214-4086298668-1613825807-500.dat -> %SystemRoot%\Temp\wrstemp\S-1-5-21-719643214-4086298668-1613825807-500.dat -> [2009/01/11 17:41:10 | 00,004,886 | ---- | M] ()
tmp_bmp.bmp -> %AllUsersProfile%\Application Data\tmp_bmp.bmp -> [2009/01/11 17:18:35 | 01,440,054 | ---- | M] ()
Snap177.jpg -> %UserProfile%\My Documents\Snap177.jpg -> [2009/01/11 14:43:19 | 00,033,199 | ---- | M] ()
qtp HDR software.lnk -> %UserProfile%\Desktop\qtp HDR software.lnk -> [2009/01/11 09:13:45 | 00,000,633 | ---- | M] ()
QTFont.for -> %SystemRoot%\QTFont.for -> [2009/01/10 21:37:29 | 00,001,409 | ---- | M] ()
Registry Toolkit.lnk -> %AllUsersProfile%\Desktop\Registry Toolkit.lnk -> [2009/01/10 17:13:57 | 00,001,093 | ---- | M] ()
Lightroom.lnk -> %AllUsersProfile%\Desktop\Lightroom.lnk -> [2009/01/10 00:26:17 | 00,001,839 | ---- | M] ()
Avira AntiVir Personal Profile My Documents.LNK -> %UserProfile%\Desktop\Avira AntiVir Personal Profile My Documents.LNK -> [2009/01/09 23:01:52 | 00,001,884 | ---- | M] ()
Desktop.ini -> %UserProfile%\My Documents\Desktop.ini -> [2009/01/09 21:45:45 | 00,000,088 | -HS- | M] ()
Snap176.jpg -> %UserProfile%\My Documents\Snap176.jpg -> [2009/01/08 20:37:49 | 00,033,953 | ---- | M] ()
Snap175.jpg -> %UserProfile%\My Documents\Snap175.jpg -> [2009/01/08 20:28:35 | 00,178,320 | ---- | M] ()
Snap174.jpg -> %UserProfile%\My Documents\Snap174.jpg -> [2009/01/08 20:27:23 | 00,100,344 | ---- | M] ()
Snap173.jpg -> %UserProfile%\My Documents\Snap173.jpg -> [2009/01/08 20:26:53 | 00,100,749 | ---- | M] ()
Snap172.jpg -> %UserProfile%\My Documents\Snap172.jpg -> [2009/01/08 20:09:46 | 00,084,210 | ---- | M] ()
SILKYPIX Developer Studio 2.0 SE.lnk -> %AllUsersProfile%\Desktop\SILKYPIX Developer Studio 2.0 SE.lnk -> [2009/01/05 18:36:12 | 00,002,515 | ---- | M] ()
Flickr Uploadr.lnk -> %UserProfile%\Desktop\Flickr Uploadr.lnk -> [2009/01/01 17:36:19 | 00,001,655 | ---- | M] ()
Easy-PhotoPrint.lnk -> %AllUsersProfile%\Desktop\Easy-PhotoPrint.lnk -> [2009/01/01 17:14:03 | 00,001,709 | ---- | M] ()
Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [2008/12/31 09:12:55 | 00,001,847 | ---- | M] ()
index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/12/29 07:54:50 | 00,032,768 | -HS- | M] ()
index.dat -> %SystemRoot%\Temp\History\History.IE5\index.dat -> [2008/12/29 07:54:50 | 00,016,384 | -HS- | M] ()
index.dat -> %SystemRoot%\Temp\Cookies\index.dat -> [2008/12/29 07:54:50 | 00,016,384 | -HS- | M] ()
Assassin's Creed.lnk -> %AllUsersProfile%\Desktop\Assassin's Creed.lnk -> [2008/12/24 17:54:28 | 00,001,844 | ---- | M] ()
Shortcut to RawImport.exe.lnk -> %UserProfile%\Desktop\Shortcut to RawImport.exe.lnk -> [2008/12/23 21:30:22 | 00,000,703 | ---- | M] ()
Roxio Easy Media Creator Basic DVD Home.lnk -> %AllUsersProfile%\Desktop\Roxio Easy Media Creator Basic DVD Home.lnk -> [2008/12/23 19:06:56 | 00,001,983 | ---- | M] ()
Roxio DVDMax Player.lnk -> %AllUsersProfile%\Desktop\Roxio DVDMax Player.lnk -> [2008/12/23 17:46:35 | 00,001,831 | ---- | M] ()
SureThing CD Labeler 4 SE.lnk -> %AllUsersProfile%\Desktop\SureThing CD Labeler 4 SE.lnk -> [2008/12/23 17:44:34 | 00,000,689 | ---- | M] ()
Roxio Easy CD & DVD Creator 6.lnk -> %AllUsersProfile%\Desktop\Roxio Easy CD & DVD Creator 6.lnk -> [2008/12/23 17:35:25 | 00,001,817 | ---- | M] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/12/21 08:10:09 | 00,001,613 | ---- | M] ()
Snap171.jpg -> %UserProfile%\My Documents\Snap171.jpg -> [2008/12/21 07:20:48 | 00,081,809 | ---- | M] ()
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2008/12/20 22:51:01 | 00,289,917 | R--- | M] ()
install.dat -> %SystemDrive%\install.dat -> [2008/12/20 22:20:40 | 00,000,164 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/20 21:57:39 | 00,001,745 | ---- | M] ()
Shortcut to my image favorites.lnk -> %UserProfile%\Desktop\Shortcut to my image favorites.lnk -> [2008/12/20 07:32:30 | 00,000,353 | ---- | M] ()
AntiVir PE Classic.lnk -> %AllUsersProfile%\Desktop\AntiVir PE Classic.lnk -> [2008/12/19 23:36:30 | 00,001,862 | ---- | M] ()
a-squared Free.lnk -> %AllUsersProfile%\Desktop\a-squared Free.lnk -> [2008/12/19 06:35:16 | 00,000,659 | ---- | M] ()
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [2008/12/19 05:53:54 | 00,000,701 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/12/18 17:49:36 | 00,436,552 | ---- | M] ()
Sophos Anti-Rootkit (2).lnk -> %UserProfile%\Desktop\Sophos Anti-Rootkit (2).lnk -> [2008/12/18 08:01:33 | 00,001,767 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/12/18 07:27:47 | 00,524,780 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/12/18 07:27:47 | 00,443,296 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/12/18 07:27:47 | 00,072,184 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/12/18 01:12:09 | 00,139,984 | ---- | M] ()
ntldr -> %SystemDrive%\ntldr -> [2008/12/18 00:45:32 | 00,250,048 | RHS- | M] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/12/17 22:34:47 | 00,000,804 | ---- | M] ()
Scan20005yyy.jpg -> %UserProfile%\My Documents\Scan20005yyy.jpg -> [2008/12/17 20:01:59 | 00,463,512 | ---- | M] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2008/12/17 19:18:39 | 00,000,944 | ---- | M] ()
Shortcut to Elements (O).lnk -> %UserProfile%\Desktop\Shortcut to Elements (O).lnk -> [2008/12/16 20:52:04 | 00,000,187 | ---- | M] ()
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2008/12/16 18:05:47 | 00,000,791 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/16 17:29:51 | 00,000,707 | ---- | M] ()
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2008/12/16 17:11:38 | 00,001,559 | ---- | M] ()
Shortcut to HijackThis.exe.lnk -> %UserProfile%\Desktop\Shortcut to HijackThis.exe.lnk -> [2008/12/16 08:03:59 | 00,000,653 | ---- | M] ()
Shortcut to Corel Paint Shop Pro Photo.exe.lnk -> %UserProfile%\Desktop\Shortcut to Corel Paint Shop Pro Photo.exe.lnk -> [2008/12/15 22:14:26 | 00,000,900 | ---- | M] ()
FastStone Photo Resizer.lnk -> %AllUsersProfile%\Desktop\FastStone Photo Resizer.lnk -> [2008/12/14 11:27:08 | 00,000,803 | ---- | M] ()
MICRX.TNI -> %AllUsersProfile%\Application Data\MICRX.TNI -> [2008/12/13 23:06:30 | 00,000,572 | ---- | M] ()
mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/12/13 17:10:02 | 03,593,216 | ---- | M] (Microsoft Corporation)
mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/12/13 17:10:02 | 03,593,216 | ---- | M] (Microsoft Corporation)
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> [2008/12/12 18:23:18 | 00,107,888 | ---- | M] (Sony DADC Austria AG.)
Crysis WARHEAD.lnk -> %AllUsersProfile%\Desktop\Crysis WARHEAD.lnk -> [2008/12/12 18:04:16 | 00,000,936 | ---- | M] ()
EA Download Manager.lnk -> %AllUsersProfile%\Desktop\EA Download Manager.lnk -> [2008/12/12 17:48:24 | 00,001,821 | ---- | M] ()
ealregsnapshot1.reg -> %SystemRoot%\System32\ealregsnapshot1.reg -> [2008/12/12 17:48:01 | 00,001,142 | ---- | M] ()
Shortcut to FSViewer.exe.lnk -> %UserProfile%\Desktop\Shortcut to FSViewer.exe.lnk -> [2008/12/10 19:32:40 | 00,000,643 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation)
Shortcut to Flickr Uploadr.exe.lnk -> %UserProfile%\Desktop\Shortcut to Flickr Uploadr.exe.lnk -> [2008/12/08 18:50:52 | 00,000,693 | ---- | M] ()
SSUPDATE.EXE -> %UserProfile%\Local Settings\Temp\SSUPDATE.EXE -> [2008/12/04 13:50:00 | 00,158,960 | ---- | M] (SUPERAntiSpyware.com)
RawShooter essentials 2006.lnk -> %AllUsersProfile%\Desktop\RawShooter essentials 2006.lnk -> [2008/12/03 18:11:24 | 00,000,923 | ---- | M] ()
PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [2008/12/02 10:45:19 | 00,022,328 | ---- | M] ()
PnkBstrK.sys -> %AppData%\PnkBstrK.sys -> [2008/12/02 10:45:19 | 00,022,328 | ---- | M] ()
PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [2008/12/02 10:45:05 | 00,103,736 | ---- | M] ()
pbsvc.exe -> %SystemRoot%\System32\pbsvc.exe -> [2008/12/02 10:45:00 | 00,669,184 | ---- | M] ()
PnkBstrA.exe -> %SystemRoot%\System32\PnkBstrA.exe -> [2008/12/02 10:45:00 | 00,066,872 | ---- | M] ()
Crysis.lnk -> %AllUsersProfile%\Desktop\Crysis.lnk -> [2008/12/02 10:43:43 | 00,000,990 | ---- | M] ()
BootMan.exe -> %SystemRoot%\System32\BootMan.exe -> [2008/11/27 08:51:24 | 00,225,280 | ---- | M] ()
SILKYPIX Developer Studio 3.0E Free.lnk -> %AllUsersProfile%\Desktop\SILKYPIX Developer Studio 3.0E Free.lnk -> [2008/11/26 22:16:26 | 00,001,845 | ---- | M] ()
NTFSFormat.dll -> %SystemRoot%\System32\NTFSFormat.dll -> [2008/11/26 15:58:14 | 00,472,064 | ---- | M] ()
FatCopy.dll -> %SystemRoot%\System32\FatCopy.dll -> [2008/11/26 15:55:08 | 00,065,536 | ---- | M] ()
SectorCopy.dll -> %SystemRoot%\System32\SectorCopy.dll -> [2008/11/26 15:54:38 | 00,017,920 | ---- | M] ()
NTFSCopy.dll -> %SystemRoot%\System32\NTFSCopy.dll -> [2008/11/26 15:54:16 | 00,139,776 | ---- | M] ()
ResizeNTFS.dll -> %SystemRoot%\System32\ResizeNTFS.dll -> [2008/11/26 15:52:06 | 00,086,016 | ---- | M] ()
FatResizeMove.dll -> %SystemRoot%\System32\FatResizeMove.dll -> [2008/11/26 15:51:48 | 00,061,952 | ---- | M] ()
FileSystemCheck.dll -> %SystemRoot%\System32\FileSystemCheck.dll -> [2008/11/26 15:51:28 | 00,045,568 | ---- | M] ()
Partition.dll -> %SystemRoot%\System32\Partition.dll -> [2008/11/26 15:51:12 | 00,093,184 | ---- | M] ()
DeviceManager.dll -> %SystemRoot%\System32\DeviceManager.dll -> [2008/11/26 15:50:30 | 00,180,736 | ---- | M] ()
FatFormat.dll -> %SystemRoot%\System32\FatFormat.dll -> [2008/11/26 15:49:34 | 00,022,016 | ---- | M] ()
NTFSLib.dll -> %SystemRoot%\System32\NTFSLib.dll -> [2008/11/26 15:49:26 | 00,086,528 | ---- | M] ()
FatLib.dll -> %SystemRoot%\System32\FatLib.dll -> [2008/11/26 15:49:02 | 00,031,744 | ---- | M] ()
DeviceAdapter.dll -> %SystemRoot%\System32\DeviceAdapter.dll -> [2008/11/26 15:48:52 | 00,010,752 | ---- | M] ()
CallbackOperator.dll -> %SystemRoot%\System32\CallbackOperator.dll -> [2008/11/26 15:48:46 | 00,006,656 | ---- | M] ()
Device.dll -> %SystemRoot%\System32\Device.dll -> [2008/11/26 15:48:40 | 00,068,096 | ---- | M] ()
Fixup.dll -> %SystemRoot%\System32\Fixup.dll -> [2008/11/26 15:48:24 | 00,021,504 | ---- | M] ()
FileSystemAnalyser.dll -> %SystemRoot%\System32\FileSystemAnalyser.dll -> [2008/11/26 15:48:14 | 00,014,848 | ---- | M] ()
NTFSFileSystemAnalyser.dll -> %SystemRoot%\System32\NTFSFileSystemAnalyser.dll -> [2008/11/26 15:48:04 | 00,024,576 | ---- | M] ()
FATFileSystemAnalyser.dll -> %SystemRoot%\System32\FATFileSystemAnalyser.dll -> [2008/11/26 15:47:32 | 00,025,088 | ---- | M] ()
epmntdrv.sys -> %SystemRoot%\System32\epmntdrv.sys -> [2008/11/25 17:18:26 | 00,008,704 | ---- | M] ()
setupempdrv03.exe -> %SystemRoot%\System32\setupempdrv03.exe -> [2008/11/25 17:18:22 | 00,086,408 | ---- | M] ()
EuGdiDrv.sys -> %SystemRoot%\System32\EuGdiDrv.sys -> [2008/11/25 17:18:22 | 00,003,072 | ---- | M] ()
EuEpmGdi.dll -> %SystemRoot%\System32\EuEpmGdi.dll -> [2008/11/25 17:18:02 | 00,014,848 | ---- | M] ()
imageCache7.db -> %UserProfile%\Local Settings\Application Data\imageCache7.db -> [2008/11/23 14:46:18 | 00,000,000 | ---- | M] ()
DSC_1337ttgg.jpg -> %UserProfile%\My Documents\DSC_1337ttgg.jpg -> [2008/11/22 13:14:41 | 00,674,708 | ---- | M] ()
DSC_1341aqs.jpg -> %UserProfile%\My Documents\DSC_1341aqs.jpg -> [2008/11/22 13:14:20 | 00,557,471 | ---- | M] ()
Pcouffin.sys -> %SystemRoot%\System32\drivers\Pcouffin.sys -> [2008/11/21 21:49:26 | 00,047,360 | ---- | M] (VSO Software)
Magic DVD Copier.lnk -> %UserProfile%\Desktop\Magic DVD Copier.lnk -> [2008/11/21 21:49:25 | 00,000,701 | ---- | M] ()
Adobe Gamma Loader.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> [2008/11/18 06:39:56 | 00,001,183 | ---- | M] ()
Shortcut to Photoshop.lnk -> %UserProfile%\Desktop\Shortcut to Photoshop.lnk -> [2008/11/17 17:43:00 | 00,000,966 | ---- | M] ()
FLV-Media Player.lnk -> %UserProfile%\Desktop\FLV-Media Player.lnk -> [2008/11/15 23:28:13 | 00,000,407 | ---- | M] ()
Scan20005web.jpg -> %UserProfile%\My Documents\Scan20005web.jpg -> [2008/11/15 22:24:16 | 00,128,030 | ---- | M] ()
capicom.dll -> %SystemRoot%\System32\capicom.dll -> [2008/11/13 17:04:24 | 00,511,328 | ---- | M] (Microsoft Corporation)
Load Advanced AI in SandBox2.lnk -> %UserProfile%\Desktop\Load Advanced AI in SandBox2.lnk -> [2008/11/11 22:26:13 | 00,001,799 | ---- | M] ()
Play Advanced AI.lnk -> %UserProfile%\Desktop\Play Advanced AI.lnk -> [2008/11/11 22:26:12 | 00,001,781 | ---- | M] ()
patchw32.dll -> %SystemRoot%\patchw32.dll -> [2008/11/11 18:09:31 | 00,215,144 | ---- | M] ()
GameShadow.lnk -> %UserProfile%\Desktop\GameShadow.lnk -> [2008/11/08 20:47:22 | 00,001,895 | ---- | M] ()
wrap_oal.dll -> %SystemRoot%\System32\wrap_oal.dll -> [2008/11/08 20:31:02 | 00,418,480 | ---- | M] (Creative Labs)
OpenAL32.dll -> %SystemRoot%\System32\OpenAL32.dll -> [2008/11/08 20:31:02 | 00,115,432 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
Frontlines - Fuel of War.lnk -> %AllUsersProfile%\Desktop\Frontlines - Fuel of War.lnk -> [2008/11/08 13:40:42 | 00,001,838 | ---- | M] ()
Shortcut to CrysisLauncher.lnk -> %UserProfile%\Desktop\Shortcut to CrysisLauncher.lnk -> [2008/11/08 09:33:04 | 00,000,809 | ---- | M] ()
EndItAll.lnk -> %UserProfile%\Desktop\EndItAll.lnk -> [2008/11/08 00:31:09 | 00,000,641 | ---- | M] ()
ProcessTamer.lnk -> %UserProfile%\Start Menu\Programs\Startup\ProcessTamer.lnk -> [2008/11/06 19:12:53 | 00,000,775 | ---- | M] ()
DonationCoder_processtamer_InstallInfo.dat -> %UserProfile%\Local Settings\Application Data\DonationCoder_processtamer_InstallInfo.dat -> [2008/11/06 17:11:27 | 00,000,046 | ---- | M] ()
DonationCoder_processtamer_InstallInfo.dat -> %SystemRoot%\System32\DonationCoder_processtamer_InstallInfo.dat -> [2008/11/06 17:11:27 | 00,000,046 | ---- | M] ()
xpsyspad.ini -> %SystemRoot%\xpsyspad.ini -> [2008/11/06 17:06:52 | 00,000,068 | ---- | M] ()
DSC_1337ttggd.jpg -> %UserProfile%\My Documents\DSC_1337ttggd.jpg -> [2008/11/04 07:27:05 | 00,624,186 | ---- | M] ()
avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> [2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH)
Crysis_devmode.lnk -> %UserProfile%\Desktop\Crysis_devmode.lnk -> [2008/10/28 21:37:54 | 00,001,008 | ---- | M] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2008/10/27 20:15:52 | 00,138,866 | ---- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/10/27 19:50:43 | 00,265,030 | -H-- | M] ()
Corel Paint Shop Pro Photo X2.lnk -> %AllUsersProfile%\Desktop\Corel Paint Shop Pro Photo X2.lnk -> [2008/10/27 18:28:15 | 00,002,068 | ---- | M] ()
daas_s.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> [2008/01/11 14:45:50 | 00,495,616 | ---- | M] (F-Secure Corporation)
CalMRU.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\CalMRU.dat -> [2007/01/02 12:11:23 | 00,000,012 | ---- | M] ()
hhcolreg.dat -> %AllUsersProfile%\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2006/10/27 00:18:14 | 00,001,310 | ---- | M] ()
wklntsk1.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk1.dat -> [2006/09/24 15:59:20 | 00,190,202 | ---- | M] ()
wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2006/09/24 15:56:28 | 00,016,384 | ---- | M] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %AllUsersProfile%\Application Data\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %AllUsersProfile%\Desktop\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %CommonProgramFiles%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %ProgramFiles%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxpxstoitt.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\systemroot\system32\drivers\msqpdxpxstoitt.sys"
"msqpdxl"="\systemroot\system32\msqpdxmtvearxx.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxpxstoitt.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\systemroot\system32\drivers\msqpdxpxstoitt.sys"
"msqpdxl"="\systemroot\system32\msqpdxmtvearxx.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxpxstoitt.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\systemroot\system32\drivers\msqpdxpxstoitt.sys"
"msqpdxl"="\systemroot\system32\msqpdxmtvearxx.dll"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 8
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 120 bytes
C:\Documents and Settings\HP_Administrator\Favorites\eBay Australia Shop - cameratique  Category 1.url:favicon 1406 bytes
C:\Documents and Settings\HP_Administrator\Favorites\IELTS Forum.url:favicon 3638 bytes
C:\Documents and Settings\HP_Administrator\Favorites\If you have infection issues start here first.. - Dev Shed.url:favicon 894 bytes
C:\Documents and Settings\HP_Administrator\Favorites\Lens Lust - NikonCafe.com.url:favicon 894 bytes
C:\Documents and Settings\HP_Administrator\Favorites\Photography\Nikon 75-300mm f-4.5-5.6 AF Zoom Nikkor.url:favicon 1406 bytes
C:\Documents and Settings\HP_Administrator\Favorites\Regarding Occupational English Test.url:favicon 3638 bytes
scan completed successfully
hidden files: 187
 
< End of report >

by **peku006** » January 24th, 2009, 4:15 am

Hi Peter

You have some items in your Outlook that are infected
Remove all those Emails shown in the F-Secure log

the computer looks clean, is problem away ?
Thanks peku006

by **Peterm1** » January 24th, 2009, 7:06 pm

Hi and thank you very much for your help.

Touch wood I think it looks to be working OK now. I have removed the emails containing the viruses as well. Although they are very old files and in effect been in in archive for many years so hopefully they have not done too much. No other anti malware suite apart from F secure has even found them despite running perhaps 6 different suites since being infected by a trojan. But in other respects it does not appear to ge functioning fully as I had a lot of trouble downloading then running it. Also after you asked me to get rid of the files with viruses in them I decided to re run the software and point it as the Documents and Settings folder as I knew this is where all the infected emails were. It seemed to ignore this setting and still started a complete system scan. If its a Beta issue maybe you can give this feedback to the developers.

thanks again.

Peter

by **peku006** » January 25th, 2009, 3:07 am

Hi Peter

Congratulations, your log looks clean!

Delete RSIT from your desktop, also delete this folder C:\rsit.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.

Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Is your pc running slow?
Read What to do if your Computer is running slowly

Happy safe surfing! :thumbup:

by **Peterm1** » January 26th, 2009, 4:27 pm

OK and thanks again.

Normally I am pretty careful online but in this case curiosity about a file available via a bit torrent (something I normally do not do) got the better of me and I carelessly neglected to scan it before opening.

I will pick up on the advice in your last post.

regards Peter

by **NonSuch** » January 30th, 2009, 6:28 pm

As this issue is now resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

Free Malware Removal Forum

Problems with Ad Yield Manager - please help

Re: Problems with Ad Yield Manager - please help

Re: Problems with Ad Yield Manager - please help

Re: Problems with Ad Yield Manager - please help

Re: Problems with Ad Yield Manager - please help

Re: Problems with Ad Yield Manager - please help

Re: Problems with Ad Yield Manager - please help

Re: Problems with Ad Yield Manager - please help

Re: Problems with Ad Yield Manager - please help

Who is online