Edgecrusher
2009-12-31, 14:30
done it. i was already logged on as administrator.
OTS logfile created on: 12/31/2009 12:21:39 PM - Run 1
OTS by OldTimer - Version 3.1.14.1 Folder = C:\Documents and Settings\philip\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.00 Mb Total Physical Memory | 589.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 22.16 Gb Free Space | 29.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PHIL
Current User Name: philip
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\philip\Desktop\OTS.exe -> [2009/12/30 17:41:47 | 00,599,040 | ---- | M] (OldTimer Tools)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2009/09/18 09:26:53 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
groovemonitor.exe -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe -> [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
brs.exe -> C:\Program Files\CyberLink\Shared Files\brs.exe -> [2007/11/16 19:20:26 | 00,091,432 | ---- | M] (cyberlink)
richvideo.exe -> C:\Program Files\CyberLink\Shared Files\RichVideo.exe -> [2007/10/15 20:46:08 | 00,243,056 | ---- | M] ()
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\philip\Desktop\OTS.exe -> [2009/12/30 17:41:47 | 00,599,040 | ---- | M] (OldTimer Tools)
framedyn.dll -> C:\WINDOWS\system32\framedyn.dll -> [2006/05/03 22:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [On_Demand | Stopped] -> -> File not found
(iPod Service) iPod Service [On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH)
(Bonjour Service) Bonjour Service [Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Auto | Running] -> C:\Program Files\CyberLink\Shared Files\RichVideo.exe -> [2007/10/15 20:46:08 | 00,243,056 | ---- | M] ()
(MSCSPTISRV) MSCSPTISRV [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -> [2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation)
(SPTISRV) Sony SPTI Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -> [2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation)
(PACSPTISVR) PACSPTISVR [On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -> [2006/12/14 00:46:16 | 00,057,344 | ---- | M] ()
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
[Driver Services - Safe List]
(Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Pcouffin.sys -> [2009/12/11 12:24:15 | 00,047,360 | ---- | M] (VSO Software)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/12/07 21:22:15 | 00,056,816 | ---- | M] (Avira GmbH)
(Aspi32) Aspi32 [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ASPI32.SYS -> [2009/11/25 05:49:14 | 00,016,512 | ---- | M] (Adaptec)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH)
(StarOpen) StarOpen [File_System | System | Running] -> C:\WINDOWS\system32\drivers\StarOpen.sys -> [2009/01/14 22:22:38 | 00,005,632 | ---- | M] ()
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/13 16:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(ss_mdm) SAMSUNG Mobile USB Modem 1.0 Drivers [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_mdm.sys -> [2007/05/02 11:11:18 | 00,109,704 | ---- | M] (MCCI Corporation)
(ss_mdfl) SAMSUNG Mobile USB Modem 1.0 Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_mdfl.sys -> [2007/05/02 11:11:18 | 00,015,112 | ---- | M] (MCCI Corporation)
(ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_bus.sys -> [2007/05/02 11:11:16 | 00,083,592 | ---- | M] (MCCI Corporation)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\alcxwdm.sys -> [2006/12/29 14:48:06 | 04,026,112 | R--- | M] (Realtek Semiconductor Corp.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rootmdm.sys -> [2004/08/04 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
HKEY_USERS\.DEFAULT\: "ProxyOverride" -> *.local ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-18\: "ProxyOverride" -> *.local ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: Main\\"Default_Page_URL" -> http://uk.msn.com/ ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: Main\\"Default_Secondary_Page_URL" -> http://www.bing.com/ [binary data] ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: Main\\"SearchDefaultBranded" -> 1 ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\: "ProxyOverride" -> *.local ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\philip\Application Data\Mozilla\Extensions -> [2009/03/23 11:49:53 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\philip\Application Data\Mozilla\Extensions\mozswing@mozswing.org -> [2009/03/07 15:26:54 | 00,000,000 | ---D | M]
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2009/09/18 09:27:24 | 00,329,312 | ---- | M] (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{79a7b6cc-15f4-4598-9442-343ab84d19ce} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/11 04:17:29 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/10/11 04:17:12 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH)
"BDRegion" -> C:\Program Files\CyberLink\Shared Files\brs.exe [C:\Program Files\Cyberlink\Shared Files\brs.exe] -> [2007/11/16 19:20:26 | 00,091,432 | ---- | M] (cyberlink)
"GrooveMonitor" -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/11/10 23:08:18 | 00,417,792 | ---- | M] (Apple Inc.)
"SoundMan" -> C:\WINDOWS\soundman.exe [SOUNDMAN.EXE] -> [2006/11/17 05:42:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2009/09/18 09:26:53 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
< Run [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 18:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Default User.WINDOWS Startup Folder > -> C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup ->
< Phil Startup Folder > -> C:\Documents and Settings\Phil\Start Menu\Programs\Startup ->
< philip Startup Folder > -> C:\Documents and Settings\philip\Start Menu\Programs\Startup ->
C:\Documents and Settings\philip\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
< Software Policy Settings [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/08/17 22:48:08 | 18,341,216 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5347 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5347 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5347 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8885 domain(s) found. ->
55 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\] > -> HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-854245398-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab [MSN Photo Upload Tool] ->
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> Reg Error: Value error. [Shockwave Flash Object] ->
{E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab [Windows Live Hotmail Photo Upload Tool] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{DB260A07-6C3B-4B90-8798-0E4D640C2BBF}\\DhcpNameServer -> 192.168.2.1 (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> Reg Error: Value error. -> File not found
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{0074BAD5-04AC-49A8-9314-1D8B356B62FF}" [HKLM] -> C:\WINDOWS\System32\exphylla.dll [ExphyllaW32] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 11:05:30 | 01,169,224 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/11/12 16:33:04 | 10,358,048 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Spotify\spotify.exe" -> C:\Program Files\Spotify\spotify.exe [C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify] -> [2009/11/27 14:45:04 | 02,876,144 | ---- | M] (Spotify AB)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 11:05:30 | 01,169,224 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/10/15 21:59:16 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell
\E\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun
\E\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command
\E\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
\{1b0cf414-08ce-11de-b5bd-00012e0b40db}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell
\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell\AutoRun
\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell\AutoRun\command
\{1b0cf414-08ce-11de-b5bd-00012e0b40db}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\philip\Desktop\OTS.exe -> [2009/12/30 17:41:43 | 00,599,040 | ---- | C] (OldTimer Tools)
_OTM -> C:\_OTM -> [2009/12/30 15:39:21 | 00,000,000 | ---D | C]
OTM.exe -> C:\Documents and Settings\philip\Desktop\OTM.exe -> [2009/12/30 15:38:07 | 00,452,096 | ---- | C] (OldTimer Tools)
TFC.exe -> C:\Documents and Settings\philip\Desktop\TFC.exe -> [2009/12/29 19:54:19 | 00,410,624 | ---- | C] (OldTimer Tools)
philip.exe -> C:\Documents and Settings\philip\Desktop\philip.exe -> [2009/12/29 15:39:57 | 00,401,720 | ---- | C] (Trend Micro Inc.)
rsit -> C:\rsit -> [2009/12/29 15:39:55 | 00,000,000 | ---D | C]
Omniquad Total Security -> C:\WINDOWS\Omniquad Total Security -> [2009/12/27 21:59:08 | 00,000,000 | ---D | C]
ERUNT -> C:\Program Files\ERUNT -> [2009/12/26 00:19:12 | 00,000,000 | ---D | C]
RegCure -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RegCure -> [2009/12/25 20:08:54 | 00,000,000 | ---D | C]
Dying_Fetus-Descend_Into_Depravity-2009-MTD -> C:\Documents and Settings\philip\Desktop\Dying_Fetus-Descend_Into_Depravity-2009-MTD -> [2009/12/24 15:17:29 | 00,000,000 | ---D | C]
demo- Victim -> C:\Documents and Settings\philip\Desktop\demo- Victim -> [2009/12/24 15:16:53 | 00,000,000 | ---D | C]
demo- Wisdom comes -> C:\Documents and Settings\philip\Desktop\demo- Wisdom comes -> [2009/12/24 15:16:38 | 00,000,000 | ---D | C]
demo- Saturate - V2 -> C:\Documents and Settings\philip\Desktop\demo- Saturate - V2 -> [2009/12/24 15:16:26 | 00,000,000 | ---D | C]
City Of Fire - City Of Fire (2009) Groove Metal -> C:\Documents and Settings\philip\Desktop\City Of Fire - City Of Fire (2009) Groove Metal -> [2009/12/24 15:05:19 | 00,000,000 | ---D | C]
Fear Factory - Mechanize (2010) -> C:\Documents and Settings\philip\Desktop\Fear Factory - Mechanize (2010) -> [2009/12/23 12:10:37 | 00,000,000 | ---D | C]
AE_TOTRSLIJ -> C:\Documents and Settings\philip\Desktop\AE_TOTRSLIJ -> [2009/12/17 11:51:26 | 00,000,000 | ---D | C]
Nothnegal_Abosolute_Blood_Unification -> C:\Documents and Settings\philip\Desktop\Nothnegal_Abosolute_Blood_Unification -> [2009/12/16 16:30:31 | 00,000,000 | ---D | C]
directx -> C:\Program Files\directx -> [2009/12/16 14:29:16 | 00,000,000 | ---D | C]
Rockstar Games -> C:\Program Files\Rockstar Games -> [2009/12/16 14:28:08 | 00,000,000 | ---D | C]
.dvdcss -> C:\Documents and Settings\philip\.dvdcss -> [2009/12/11 17:28:40 | 00,000,000 | ---D | C]
OutputFolder -> C:\OutputFolder -> [2009/12/11 17:27:54 | 00,000,000 | ---D | C]
Digiarty -> C:\Program Files\Digiarty -> [2009/12/11 17:27:44 | 00,000,000 | ---D | C]
lameACM.acm -> C:\WINDOWS\System32\lameACM.acm -> [2009/12/11 17:23:37 | 00,716,800 | ---- | C] (http://www.mp3dev.org/)
divxdec.ax -> C:\WINDOWS\System32\divxdec.ax -> [2009/12/11 17:23:37 | 00,577,536 | ---- | C] (DivXNetworks, Inc.)
divx.dll -> C:\WINDOWS\System32\divx.dll -> [2009/12/11 17:23:37 | 00,574,976 | ---- | C] (DivX, Inc.)
libdivx.dll -> C:\WINDOWS\System32\libdivx.dll -> [2009/12/11 17:23:36 | 01,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/)
dpuGUI11.dll -> C:\WINDOWS\System32\dpuGUI11.dll -> [2009/12/11 17:23:36 | 00,593,920 | ---- | C] (DivXNetworks)
dpu11.dll -> C:\WINDOWS\System32\dpu11.dll -> [2009/12/11 17:23:36 | 00,294,912 | ---- | C] (DivXNetworks)
ssldivx.dll -> C:\WINDOWS\System32\ssldivx.dll -> [2009/12/11 17:23:36 | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/)
dtu100.dll -> C:\WINDOWS\System32\dtu100.dll -> [2009/12/11 17:23:36 | 00,200,704 | ---- | C] (DivXNetworks)
dpl100.dll -> C:\WINDOWS\System32\dpl100.dll -> [2009/12/11 17:23:36 | 00,086,016 | ---- | C] (DivXNetworks)
dpv11.dll -> C:\WINDOWS\System32\dpv11.dll -> [2009/12/11 17:23:36 | 00,057,344 | ---- | C] (DivXNetworks)
iSofter -> C:\Program Files\iSofter -> [2009/12/11 17:23:35 | 00,000,000 | ---D | C]
unicows.dll -> C:\WINDOWS\System32\unicows.dll -> [2009/12/11 17:20:29 | 00,258,352 | ---- | C] (Microsoft Corporation)
pthreadGC2.dll -> C:\WINDOWS\System32\pthreadGC2.dll -> [2009/12/11 17:20:29 | 00,060,273 | ---- | C] (Open Source Software community project)
Cucusoft -> C:\Program Files\Cucusoft -> [2009/12/11 17:20:25 | 00,000,000 | ---D | C]
freestar -> C:\Program Files\freestar -> [2009/12/11 17:14:00 | 00,000,000 | ---D | C]
Plato DVD Ripper -> C:\Program Files\Plato DVD Ripper -> [2009/12/11 13:47:34 | 00,000,000 | ---D | C]
MagicDVDCopier -> C:\Program Files\Common Files\MagicDVDCopier -> [2009/12/11 12:24:27 | 00,000,000 | ---D | C]
Pcouffin.sys -> C:\WINDOWS\System32\drivers\Pcouffin.sys -> [2009/12/11 12:24:15 | 00,047,360 | ---- | C] (VSO Software)
Config.Msi -> C:\Config.Msi -> [2009/12/11 12:08:36 | 00,000,000 | -HSD | C]
MagicDVDRipper -> C:\Program Files\Common Files\MagicDVDRipper -> [2009/12/10 21:10:07 | 00,000,000 | ---D | C]
No1 DVD Ripper -> C:\Program Files\No1 DVD Ripper -> [2009/12/10 20:56:02 | 00,000,000 | ---D | C]
ie8 -> C:\WINDOWS\ie8 -> [2009/12/08 10:46:36 | 00,000,000 | -H-D | C]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2008/09/04 10:56:18 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2007/11/15 21:52:58 | 00,000,000 | ---D | M]
Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2007/08/18 20:53:00 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2006/10/15 22:02:17 | 00,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2006/10/15 21:59:10 | 00,000,000 | --SD | M]
[Files/Folders - Modified Within 30 Days]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/31 11:42:04 | 00,013,646 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/12/31 11:42:04 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/31 11:42:02 | 00,002,048 | --S- | M] ()
ntuser.dat -> C:\Documents and Settings\philip\ntuser.dat -> [2009/12/31 11:40:56 | 10,747,904 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\philip\ntuser.ini -> [2009/12/31 11:40:56 | 00,000,178 | -HS- | M] ()
iTunes.lnk -> C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk -> [2009/12/31 00:05:15 | 00,002,137 | ---- | M] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2009/12/30 23:09:17 | 00,000,664 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\philip\Desktop\OTS.exe -> [2009/12/30 17:41:47 | 00,599,040 | ---- | M] (OldTimer Tools)
OTM.exe -> C:\Documents and Settings\philip\Desktop\OTM.exe -> [2009/12/30 15:38:10 | 00,452,096 | ---- | M] (OldTimer Tools)
SystemLook.exe -> C:\Documents and Settings\philip\Desktop\SystemLook.exe -> [2009/12/30 15:09:32 | 00,102,660 | ---- | M] ()
SecurityCheck.exe -> C:\Documents and Settings\philip\Desktop\SecurityCheck.exe -> [2009/12/30 12:00:38 | 00,843,187 | ---- | M] ()
TFC.exe -> C:\Documents and Settings\philip\Desktop\TFC.exe -> [2009/12/29 19:54:19 | 00,410,624 | ---- | M] (OldTimer Tools)
RSIT.exe -> C:\Documents and Settings\philip\Desktop\RSIT.exe -> [2009/12/29 15:39:43 | 00,781,909 | ---- | M] ()
test.dat -> C:\WINDOWS\test.dat -> [2009/12/27 22:10:53 | 00,000,000 | ---- | M] ()
winomnifile.dat -> C:\WINDOWS\winomnifile.dat -> [2009/12/27 21:59:14 | 00,000,076 | ---- | M] ()
ERUNT AutoBackup.lnk -> C:\Documents and Settings\philip\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/12/26 00:19:22 | 00,000,767 | ---- | M] ()
NTREGOPT.lnk -> C:\Documents and Settings\philip\Desktop\NTREGOPT.lnk -> [2009/12/26 00:19:13 | 00,000,611 | ---- | M] ()
ERUNT.lnk -> C:\Documents and Settings\philip\Desktop\ERUNT.lnk -> [2009/12/26 00:19:13 | 00,000,592 | ---- | M] ()
LauncherAccess.dt -> C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt -> [2009/12/19 18:18:04 | 00,000,000 | ---- | M] ()
Older lady looking for hung stallions (not over 30 years old Central london London sex casual relationships girls guys.mht -> C:\Documents and Settings\philip\My Documents\Older lady looking for hung stallions (not over 30 years old Central london London sex casual relationships girls guys.mht -> [2009/12/19 00:28:43 | 00,398,969 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/17 18:00:59 | 00,071,680 | ---- | M] ()
statistics.xml -> C:\statistics.xml -> [2009/12/11 17:25:48 | 00,000,014 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\philip\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/12/11 12:45:27 | 00,069,624 | ---- | M] ()
Pcouffin.sys -> C:\WINDOWS\System32\drivers\Pcouffin.sys -> [2009/12/11 12:24:15 | 00,047,360 | ---- | M] (VSO Software)
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/12/11 12:16:59 | 00,265,416 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/12/11 12:08:10 | 00,000,601 | ---- | M] ()
DVD Ripper Standard.ini -> C:\WINDOWS\DVD Ripper Standard.ini -> [2009/12/10 20:52:06 | 00,000,117 | ---- | M] ()
pro DVD Ripper Standard.ini -> C:\WINDOWS\pro DVD Ripper Standard.ini -> [2009/12/10 20:52:06 | 00,000,058 | ---- | M] ()
DVD Ripper Standard.dat -> C:\WINDOWS\System32\DVD Ripper Standard.dat -> [2009/12/10 20:52:06 | 00,000,001 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/12/10 19:39:54 | 00,339,820 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/12/10 19:39:53 | 00,052,104 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/12/10 19:39:52 | 00,398,062 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/12/10 19:03:57 | 00,001,393 | ---- | M] ()
avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2009/12/07 21:22:15 | 00,056,816 | ---- | M] (Avira GmbH)
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
[Files - No Company Name]
SystemLook.exe -> C:\Documents and Settings\philip\Desktop\SystemLook.exe -> [2009/12/30 15:09:32 | 00,102,660 | ---- | C] ()
SecurityCheck.exe -> C:\Documents and Settings\philip\Desktop\SecurityCheck.exe -> [2009/12/30 12:00:36 | 00,843,187 | ---- | C] ()
RSIT.exe -> C:\Documents and Settings\philip\Desktop\RSIT.exe -> [2009/12/29 15:39:40 | 00,781,909 | ---- | C] ()
test.dat -> C:\WINDOWS\test.dat -> [2009/12/27 21:59:45 | 00,000,000 | ---- | C] ()
winomnifile.dat -> C:\WINDOWS\winomnifile.dat -> [2009/12/27 21:59:14 | 00,000,076 | ---- | C] ()
ERUNT AutoBackup.lnk -> C:\Documents and Settings\philip\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/12/26 00:19:22 | 00,000,767 | ---- | C] ()
NTREGOPT.lnk -> C:\Documents and Settings\philip\Desktop\NTREGOPT.lnk -> [2009/12/26 00:19:13 | 00,000,611 | ---- | C] ()
ERUNT.lnk -> C:\Documents and Settings\philip\Desktop\ERUNT.lnk -> [2009/12/26 00:19:13 | 00,000,592 | ---- | C] ()
Older lady looking for hung stallions (not over 30 years old Central london London sex casual relationships girls guys.mht -> C:\Documents and Settings\philip\My Documents\Older lady looking for hung stallions (not over 30 years old Central london London sex casual relationships girls guys.mht -> [2009/12/19 00:28:41 | 00,398,969 | ---- | C] ()
statistics.xml -> C:\statistics.xml -> [2009/12/11 17:25:33 | 00,000,014 | ---- | C] ()
lame_acm.xml -> C:\WINDOWS\System32\lame_acm.xml -> [2009/12/11 17:23:37 | 00,000,414 | ---- | C] ()
qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2009/12/11 17:23:36 | 03,596,288 | ---- | C] ()
actskn43.ocx -> C:\WINDOWS\System32\actskn43.ocx -> [2009/12/11 17:23:35 | 00,389,120 | ---- | C] ()
ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2009/12/11 17:20:29 | 00,057,344 | ---- | C] ()
ff_acm.acm -> C:\WINDOWS\System32\ff_acm.acm -> [2009/12/11 17:20:29 | 00,006,144 | ---- | C] ()
ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2009/12/11 17:20:29 | 00,000,547 | ---- | C] ()
DVD Ripper Standard.ini -> C:\WINDOWS\DVD Ripper Standard.ini -> [2009/12/10 20:52:06 | 00,000,117 | ---- | C] ()
pro DVD Ripper Standard.ini -> C:\WINDOWS\pro DVD Ripper Standard.ini -> [2009/12/10 20:52:06 | 00,000,058 | ---- | C] ()
DVD Ripper Standard.dat -> C:\WINDOWS\System32\DVD Ripper Standard.dat -> [2009/12/10 20:51:56 | 00,000,001 | ---- | C] ()
iTunes.lnk -> C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk -> [2009/12/07 00:13:36 | 00,002,137 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2009/06/17 20:49:28 | 00,000,075 | ---- | C] ()
StarOpen.sys -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2008/12/25 13:48:32 | 00,005,632 | ---- | C] ()
_psisdecd.dll -> C:\WINDOWS\System32\_psisdecd.dll -> [2008/11/20 20:55:29 | 00,198,144 | ---- | C] ()
RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2008/11/09 00:39:15 | 00,147,456 | ---- | C] ()
mfc45.dll -> C:\WINDOWS\System32\mfc45.dll -> [2008/11/09 00:26:20 | 00,074,703 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2007/06/28 10:54:10 | 00,180,224 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2007/06/28 10:52:18 | 00,761,856 | ---- | C] ()
[Alternate Data Streams]
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp:5C321E34
< End of report >