[code] OTS logfile created on: 9/7/2010 11:22:13 AM - Run 1 OTS by OldTimer - Version 3.1.36.0 Folder = C:\Users\Krystine\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free 12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581.52 Gb Total Space | 275.26 Gb Free Space | 47.34% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KRYSTINE-PC Current User Name: Krystine Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Krystine\Desktop\OTS.exe -> [2010/09/07 11:18:06 | 000,641,024 | ---- | M] (OldTimer Tools) avgemc.exe -> C:\Program Files (x86)\AVG\AVG9\avgemc.exe -> [2010/07/21 08:01:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) avgtray.exe -> C:\Program Files (x86)\AVG\AVG9\avgtray.exe -> [2010/07/16 08:30:20 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -> [2010/07/16 08:30:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe -> [2010/07/16 08:29:53 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) divxupdate.exe -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe -> [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) dtlite.exe -> C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -> [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) tabtip32.exe -> C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe -> [2009/07/13 21:14:42 | 000,010,240 | ---- | M] (Microsoft Corporation) teatimer.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe -> [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) [Modules - Safe List] ots.exe -> C:\Users\Krystine\Desktop\OTS.exe -> [2010/09/07 11:18:06 | 000,641,024 | ---- | M] (OldTimer Tools) tiptsf.dll -> C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll -> [2009/07/13 21:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(WTouchService) [Auto | Running] -> C:\Program Files\WTouch\WTouchService.exe -> [2009/11/23 16:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) 64bit-(TabletServicePen) [Auto | Running] -> C:\Windows\SysNative\Pen_Tablet.exe -> [2009/11/23 16:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) 64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009/08/18 03:36:20 | 000,203,264 | ---- | M] (AMD) 64bit-(UmRdpService) [On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) 64bit-(PeerDistSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\PeerDistSvc.dll -> [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) 64bit-(WinDefend) [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) 64bit-(CscService) [Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) 64bit-(AppMgmt) [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) (avg9emc) AVG Free E-mail Scanner [Auto | Running] -> C:\Program Files (x86)\AVG\AVG9\avgemc.exe -> [2010/07/21 08:01:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) (avg9wd) AVG Free WatchDog [Auto | Running] -> C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -> [2010/07/16 08:30:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) (Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) (Microsoft SharePoint Workspace Audit Service) Microsoft SharePoint Workspace Audit Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -> [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] 64bit-(AvgTdiA) AVG Free Network Redirector x64 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgtdia.sys -> [2010/07/16 08:30:19 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) 64bit-(AvgLdx64) AVG Free AVI Loader Driver x64 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgldx64.sys -> [2010/07/16 08:29:54 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) 64bit-(AvgMfx64) AVG Free On-access Scanner Minifilter Driver x64 [File_System | System | Running] -> C:\Windows\SysNative\drivers\avgmfx64.sys -> [2010/06/03 08:22:09 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) 64bit-(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\sptd.sys -> [2009/12/04 19:11:36 | 000,834,544 | ---- | M] () 64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) 64bit-(wacmoumonitor) Wacom Mode Helper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\wacmoumonitor.sys -> [2009/08/27 16:06:34 | 000,018,216 | ---- | M] (Wacom Technology) 64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2009/08/18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) 64bit-(vmbus) Virtual Machine Bus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vmbus.sys -> [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) 64bit-(storflt) Disk Virtual Machine Bus Acceleration Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\vmstorfl.sys -> [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) 64bit-(storvsc) storvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\storvsc.sys -> [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rootmdm.sys -> [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) 64bit-(s3cap) s3cap [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vms3cap.sys -> [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) 64bit-(VMBusHID) VMBusHID [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VMBusHID.sys -> [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) 64bit-(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\csc.sys -> [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) 64bit-(rt70x64) RT2500 USB Wireless LAN Driver for Vista [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\netr7064.sys -> [2009/06/19 13:47:52 | 000,382,464 | ---- | M] (Ralink Technology Corp.) 64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () 64bit-(e1yexpress) Intel(R) Gigabit Network Connections Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\e1y60x64.sys -> [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) 64bit-(wacomvhid) Wacom Virtual Hid Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\wacomvhid.sys -> [2009/05/20 12:54:06 | 000,015,656 | ---- | M] (Wacom Technology) 64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) 64bit-(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -> [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) 64bit-(RimUsb) BlackBerry Smartphone [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -> [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) 64bit-(wacommousefilter) Wacom Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\wacommousefilter.sys -> [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) (speedfan) speedfan [Kernel | Boot | Running] -> C:\Windows\SysWOW64\speedfan.sys -> [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\] > -> -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\: Main\\"Start Page Redirect Cache" -> http://ca.msn.com/iat/us_ca.aspx -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> BA FA 5E 9C 22 4E CB 01 [binary data] -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\: "ProxyOverride" -> *.local -> < FireFox Settings [Prefs.js] > -> C:\Users\Krystine\AppData\Roaming\Mozilla\FireFox\Profiles\y53eic8b.default\prefs.js -> browser.startup.homepage -> "http://www.google.ca/" -> extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 -> extensions.enabledItems -> {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10 -> extensions.enabledItems -> {9f94fab0-58a2-11dd-ae16-0800200c9a66}:3.0.26 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/09/06 20:22:43 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/09/06 20:22:42 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Krystine\AppData\Roaming\Mozilla\Extensions -> [2009/12/04 16:19:21 | 000,000,000 | ---D | M] -> C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions -> [2010/09/07 00:09:24 | 000,000,000 | ---D | M] Blue Fox -> C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{241aae70-0022-11de-87af-0800200c9a66} -> [2010/03/25 22:46:11 | 000,000,000 | ---D | M] AvantGarde Rosepetal -> C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66} -> [2010/03/25 22:47:45 | 000,000,000 | ---D | M] Adblock Plus -> C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/09/06 19:32:48 | 000,000,000 | ---D | M] No name found -> C:\Users\Krystine\AppData\Roaming\Mozilla\Firefox\Profiles\y53eic8b.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}\mozapps\extensions -> [2010/03/25 22:47:45 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/09/06 20:22:42 | 000,000,000 | ---D | M] Java Console -> C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/09/04 17:02:51 | 000,000,000 | ---D | M] < HOSTS File > ([2010/08/28 13:19:39 | 000,000,098 | ---- | M] - 2 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost ::1 localhost < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG9\avgssiea.dll [AVG Safe Search] -> [2010/07/21 08:01:56 | 002,326,368 | ---- | M] (AVG Technologies CZ, s.r.o.) {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2010/01/21 18:13:58 | 006,723,984 | ---- | M] (Microsoft Corporation) {B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/01/16 08:59:40 | 000,688,528 | ---- | M] (Microsoft Corporation) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2010/07/21 08:01:56 | 001,619,296 | ---- | M] (AVG Technologies CZ, s.r.o.) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 16:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2010/01/21 17:51:12 | 004,222,864 | ---- | M] (Microsoft Corporation) {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype add-on for Internet Explorer] -> [2010/02/08 13:28:14 | 000,804,136 | ---- | M] (Skype Technologies S.A.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AVG9_TRAY" -> C:\Program Files (x86)\AVG\AVG9\avgtray.exe [C:\PROGRA~2\AVG\AVG9\avgtray.exe] -> [2010/07/16 08:30:20 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) "BCSSync" -> C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe ["C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices] -> [2010/01/21 17:22:24 | 000,091,520 | ---- | M] (Microsoft Corporation) "DivXUpdate" -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ["C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW] -> [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () "StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2009/11/04 10:52:02 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\] > -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DAEMON Tools Lite" -> C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe ["C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun] -> [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) "ISUSPM" -> C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> File not found "msnmsgr" -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) "SpybotSD TeaTimer" -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found \\"NoActiveDesktopChanges" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [0] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found \\"EnableLUA" -> [0] -> File not found \\"PromptOnSecureDesktop" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001] > -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001] > -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\] > -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> Se&nd to OneNote -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105] -> [2010/01/19 02:23:04 | 000,643,472 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\] > -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> Se&nd to OneNote -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105] -> [2010/01/19 02:23:04 | 000,643,472 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [Button: Send to OneNote] -> [2010/01/19 02:23:04 | 000,643,472 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2010/01/19 02:23:04 | 000,643,472 | ---- | M] (Microsoft Corporation) {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2010/01/19 02:23:04 | 000,496,528 | ---- | M] (Microsoft Corporation) {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2010/01/19 02:23:04 | 000,496,528 | ---- | M] (Microsoft Corporation) {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype add-on for Internet Explorer] -> [2010/02/08 13:28:14 | 000,804,136 | ---- | M] (Skype Technologies S.A.) {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype add-on for Internet Explorer] -> [2010/02/08 13:28:14 | 000,804,136 | ---- | M] (Skype Technologies S.A.) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 16:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6433 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6433 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6433 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6433 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\] > -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6433 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\] > -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3969533455-2505683156-2406357703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.0.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {4C6353C3-3D59-4B3F-BE1B-CAED1BFBB507}\\DhcpNameServer -> 192.168.0.1 (RT2500 USB Wireless LAN Card) -> {72B5DE34-F39A-4EF6-B01A-8D412C817851}\\DhcpNameServer -> 192.168.0.1 (Intel(R) 82567V-2 Gigabit Network Connection) -> {72B5DE34-F39A-4EF6-B01A-8D412C817851}\\NameServer -> 93.188.162.234,93.188.161.234 (Intel(R) 82567V-2 Gigabit Network Connection) -> {E39CD003-0F32-4AEB-82C9-0000B1580326}\\DhcpNameServer -> 192.168.0.1 (RT2500 USB Wireless LAN Card) -> {E39CD003-0F32-4AEB-82C9-0000B1580326}\\NameServer -> 93.188.162.234,93.188.161.234 (RT2500 USB Wireless LAN Card) -> {EADD080F-832D-4811-AB03-52D9E8852EE5}\\DhcpNameServer -> 192.168.0.1 (RT2500 USB Wireless LAN Card) -> < 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrssta.dll -> C:\Windows\SysNative\avgrssta.dll -> [2010/07/16 08:30:19 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) *MultiFile Done* -> -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 21:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2010/01/21 18:13:58 | 006,723,984 | ---- | M] (Microsoft Corporation) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2010/01/21 17:51:12 | 004,222,864 | ---- | M] (Microsoft Corporation) < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {08169A23-33E9-4C29-AA38-D7BFB87007B8} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {0C3FA44A-D2FE-4029-849D-E5829296381D} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | {332C870D-F685-41F3-AC39-6DC7CF69B79F} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {3A32254C-1669-40E5-B858-80396D43D66D} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {48DE4B0B-698B-4F98-B484-83001CBAA7DE} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {4AB00689-DE5A-442F-AD7D-AF3FC83992E3} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {4D307A01-3089-47A4-906B-7AE6C325FC81} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {527361AC-6611-4785-9931-D5EF480499C6} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {62FB771A-FA29-43C1-9996-B1593CD40A9E} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {631B8B16-53AC-41C7-9BA2-B7C9C55DD76B} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {68FDB64C-FE9D-4CFA-99C2-B8368C2DA8C0} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {69EABA5A-C3A0-4B69-B6A1-2D7E7AD12C1C} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {74922B92-6048-4AB5-A2D3-46565C9D156F} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {8E00341F-3F3F-448E-BFBE-78C875EAAAAB} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {9319370C-FDDD-4E75-B18F-0AC8C23274F2} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {934D36BC-4F01-42D8-B985-CA4C07B91176} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {949AED44-B544-4F67-85A3-2FF51279F214} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | {9713D6DD-70C3-43BA-960D-E8A5FC385B74} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {AFDE0C84-32AE-4875-B6BF-2B7C44FD0B33} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {B8ADD023-4C95-45D6-AB31-5F2BE9D6D23B} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | {C29BDC28-EECB-4B16-A03E-70E70126DC3B} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {CAEA1DB9-7985-4D78-B6FF-5FBD7C7CA59E} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {DE813A01-5E3E-4577-95FE-9A7AEFD0EF94} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {DFDFAE5D-9F8A-4D6E-9833-2F0208DA8153} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {021B6967-27F7-4E05-869A-4C1F9FEC6517} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {037C7FD5-0439-45B4-B7F1-60C0DF45CC0D} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {08443476-611C-4756-9BAE-43CC62D2CBD1} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | {0CAE740E-0E1D-4FA0-9FEE-68A5E0E4DD96} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {0EF4AF1C-8655-48CD-96FF-642B89D950EF} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {11D2B758-B5C8-452E-BAA2-EC92F8B92B87} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {147F485C-7EE2-4D7A-99E1-997274B17D86} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {188E23A5-1CFB-4900-BF2B-45B41AD65D77} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {1BC781E1-C816-462C-BE68-D74C93C4CF0A} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {1C8D0CAD-D915-4495-AC52-5F9D43072062} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {20B86CD6-3D59-41D7-A342-801BA9C22BB6} -> profile=domain | dir=in | action=allow | name=skype extras manager | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | {29AB4B79-0222-428D-BE43-ED9CDFA65C1A} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {2D49F241-4EDD-455C-9875-53D3333025E0} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {360D8468-76CF-41E7-8A02-BA862605854E} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {3632E7BA-429C-4961-A05B-C85D8D3FF46A} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {3962D79B-7B6D-4DF5-9217-F8C89C0E783C} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {3D9C148F-5543-43B2-A798-DAD46BCBE684} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {41B61A7D-747F-49CD-8C4D-0F2C8BEF0376} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {46FB25AB-11DB-4F1B-B439-036A27F8D0ED} -> profile=private | dir=in | action=allow | name=avgnsa.exe | app=c:\program files (x86)\avg\avg9\avgnsa.exe | {470AB35A-FACB-4B21-8D7C-45056B4F8B50} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {4A1828E3-02B9-439C-823F-BB8E068D6175} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {4F144A2E-B3F6-43E1-B808-EF145E57086C} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {4F3B9C54-9F21-4915-9EFD-668DC94E55CB} -> profile=private | protocol=6 | dir=in | action=allow | name=google talk plugin | app=c:\users\krystine\appdata\local\google\google talk plugin\googletalkplugin.exe | {4F8132E1-7169-4969-BA61-50677388DA68} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {510CC93F-FBA9-49CE-BE74-8A5480AE107F} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {51C8A76F-EAC2-4DA5-BBF7-5597D7E8FD50} -> profile=private | dir=in | action=allow | name=avgupd.exe | app=c:\program files (x86)\avg\avg9\avgupd.exe | {5254D158-90F6-46E0-9AD4-89F5D5D320D2} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {56B84304-8280-4C76-8DCC-42C454BB933A} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {596C2826-A95D-486C-AE8F-45D12469CB05} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {5DEC5C5E-3DD9-44A7-900B-AD6FA741E828} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {5EF65540-3875-481E-94BF-50A7DA8DF44D} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {66734ECC-69D8-4008-9128-DC6653D62EE3} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | {69D71410-5A4F-4D82-9D87-FDDC41D67FD8} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {7E4F9A51-6E0B-4F1B-92BE-56AFC56ED49E} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {7EAEBEF9-CDFA-4958-8E0E-57CC2FAF8B1C} -> profile=private | dir=in | action=allow | name=avgemc.exe | app=c:\program files (x86)\avg\avg9\avgemc.exe | {831A231C-32B7-45C6-B1C5-DB95DA0DC351} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | {854D7EA2-08B7-478B-A47E-47BD7F9314AD} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {8C8B81EF-B6D0-44FC-A579-64FA7355C267} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {9215B73E-0A04-41BC-82C4-44D6CA04F4A5} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {A050E44F-D996-45E8-8EBA-701807BE5250} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {A17141FE-16CD-46B6-AF9E-D50EB4ED5896} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {A83FC584-A3B7-45D0-B830-D4BDBC31D27A} -> profile=private | protocol=17 | dir=in | action=allow | name=google talk plugin | app=c:\users\krystine\appdata\local\google\google talk plugin\googletalkplugin.exe | {AB676A75-0890-493A-BC34-FA2D5298E817} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {AD2F716C-0721-4083-9C4C-2222349EBBE2} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {AEDB013B-8316-48B1-B8B6-C1BD59018F1D} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {B439CBEC-E4D5-4B33-A9F3-312EE2544EDC} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {C203AC24-FC09-47D2-9975-C907E07876CF} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {C89DFECC-0350-4E67-8DF3-8C3E94FF2F15} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {D3ED8A01-C3D3-4821-BCC5-6E24F4A49A7D} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {D5AEB436-BA48-44A2-9C69-73BA96B1DA37} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {D5BA6166-24C9-40CC-BA67-AD5C02EE6E82} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {D640A6A5-1AF7-48CC-88FC-921CD4E4F2B8} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {D6553EC1-3351-4D4C-B684-921954AAB385} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {DFFB5F9B-FC51-42A1-B653-1E24E9296FFD} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {E0854664-B84D-4219-B766-5BA5778E824E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {E687574E-6214-4BF9-9064-80EBC9308BA6} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {E74FB9B3-3120-4334-80A9-031EF3A33852} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | {F6BFEAE1-7327-4EE6-8989-0D2D6C01BAE6} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {F6ED09A3-FF1F-4905-950F-9BC5EA19FA2F} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {FC272CC5-005B-47AC-A0AE-B01FA802207A} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {FFDC1697-E607-4B12-9FCE-F5EDEC93DF76} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | TCP Query User{7289CBA3-AD5E-442C-A645-FA2B705F205F}C:\program files (x86)\soulseekns\slsk.exe -> profile=private | protocol=6 | dir=in | action=allow | name=soulseek | app=c:\program files (x86)\soulseekns\slsk.exe | TCP Query User{9D36FF75-97E9-4D44-9C31-CA66369DFB83}C:\program files\world of warcraft\launcher.exe -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=c:\program files\world of warcraft\launcher.exe | TCP Query User{B12615E7-CAE7-4F1D-9E9C-83D5B79D8E5D}C:\program files (x86)\heroes of newerth\hon.exe -> profile=private | protocol=6 | dir=in | action=allow | name=heroes of newerth | app=c:\program files (x86)\heroes of newerth\hon.exe | TCP Query User{C36C1185-2821-4517-9909-D89EB8E327FB}C:\program files (x86)\soulseekns\slsk.exe -> profile=public | protocol=6 | dir=in | action=allow | name=soulseek | app=c:\program files (x86)\soulseekns\slsk.exe | UDP Query User{08CC64F6-5BE5-4E18-AE1E-F5E3D6401E67}C:\program files\world of warcraft\launcher.exe -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=c:\program files\world of warcraft\launcher.exe | UDP Query User{9908E647-4951-48FC-B04C-96240576FB55}C:\program files (x86)\heroes of newerth\hon.exe -> profile=private | protocol=17 | dir=in | action=allow | name=heroes of newerth | app=c:\program files (x86)\heroes of newerth\hon.exe | UDP Query User{C346B8D1-C6A9-473A-8531-E874E5C68FD5}C:\program files (x86)\soulseekns\slsk.exe -> profile=private | protocol=17 | dir=in | action=allow | name=soulseek | app=c:\program files (x86)\soulseekns\slsk.exe | UDP Query User{FCC74CFB-1A0F-42D9-A5A4-6FA702089D9E}C:\program files (x86)\soulseekns\slsk.exe -> profile=public | protocol=17 | dir=in | action=allow | name=soulseek | app=c:\program files (x86)\soulseekns\slsk.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 9/6/2010 6:13:59 PM Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100 -> Description = mDNSCoreReceiveResponse: Received from 192.168.0.25:5353 4 krystine-pc.local. Addr 192.168.0.25 Application [ Error ] 9/6/2010 6:13:59 PM Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100 -> Description = mDNSCoreReceiveResponse: ProbeCount 0; will rename 4 Krystine-PC.local. Addr 192.168.0.15 Application [ Error ] 9/6/2010 6:13:59 PM Computer Name = Krystine-PC | Source = Bonjour Service | ID = 100 -> Description = Local Hostname Krystine-PC.local already in use; will try Krystine-PC-2.local instead Application [ Error ] 9/7/2010 2:28:55 AM Computer Name = Krystine-PC | Source = SideBySide | ID = 16842815 -> Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Application [ Error ] 9/7/2010 4:48:49 AM Computer Name = Krystine-PC | Source = Google Update | ID = 20 -> Description = Application [ Error ] 9/7/2010 5:48:43 AM Computer Name = Krystine-PC | Source = Google Update | ID = 20 -> Description = Application [ Error ] 9/7/2010 6:48:48 AM Computer Name = Krystine-PC | Source = Google Update | ID = 20 -> Description = Application [ Error ] 9/7/2010 7:48:37 AM Computer Name = Krystine-PC | Source = Google Update | ID = 20 -> Description = Application [ Error ] 9/7/2010 8:48:37 AM Computer Name = Krystine-PC | Source = Google Update | ID = 20 -> Description = Application [ Error ] 9/7/2010 9:48:46 AM Computer Name = Krystine-PC | Source = Google Update | ID = 20 -> Description = System [ Error ] 9/4/2010 5:04:01 PM Computer Name = Krystine-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/5/2010 8:17:43 PM Computer Name = Krystine-PC | Source = atikmdag | ID = 52236 -> Description = CPLIB :: General - Invalid Parameter System [ Error ] 9/5/2010 8:17:43 PM Computer Name = Krystine-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/6/2010 8:17:59 PM Computer Name = Krystine-PC | Source = atikmdag | ID = 52236 -> Description = CPLIB :: General - Invalid Parameter System [ Error ] 9/6/2010 8:17:59 PM Computer Name = Krystine-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/7/2010 12:09:24 AM Computer Name = Krystine-PC | Source = Service Control Manager | ID = 7031 -> Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. System [ Error ] 9/7/2010 12:10:36 AM Computer Name = Krystine-PC | Source = atikmdag | ID = 52236 -> Description = CPLIB :: General - Invalid Parameter System [ Error ] 9/7/2010 12:10:36 AM Computer Name = Krystine-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/7/2010 1:22:31 AM Computer Name = Krystine-PC | Source = Application Popup | ID = 1060 -> Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. System [ Error ] 9/7/2010 1:23:11 AM Computer Name = Krystine-PC | Source = Application Popup | ID = 1060 -> Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Krystine\Desktop\OTS.exe -> [2010/09/07 11:18:06 | 000,641,024 | ---- | C] (OldTimer Tools) OTL.exe -> C:\Users\Krystine\Desktop\OTL.exe -> [2010/09/05 12:29:35 | 000,574,976 | ---- | C] (OldTimer Tools) SUPERAntiSpyware.com -> C:\Users\Krystine\AppData\Roaming\SUPERAntiSpyware.com -> [2010/09/01 18:15:46 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/09/01 18:15:46 | 000,000,000 | ---D | C] !SASCORE -> C:\ProgramData\!SASCORE -> [2010/09/01 18:15:41 | 000,000,000 | ---D | C] SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/09/01 18:15:40 | 000,000,000 | ---D | C] _OTL -> C:\_OTL -> [2010/09/01 18:08:50 | 000,000,000 | ---D | C] Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2010/08/31 17:57:10 | 000,000,000 | ---D | C] Sun -> C:\ProgramData\Sun -> [2010/08/30 18:28:44 | 000,000,000 | ---D | C] Java -> C:\Program Files (x86)\Common Files\Java -> [2010/08/30 18:28:43 | 000,000,000 | ---D | C] Google -> C:\Users\Krystine\AppData\Local\Google -> [2010/08/29 20:41:15 | 000,000,000 | ---D | C] ESET -> C:\Program Files (x86)\ESET -> [2010/08/29 17:17:44 | 000,000,000 | ---D | C] 2DBoy -> C:\ProgramData\2DBoy -> [2010/08/27 16:47:50 | 000,000,000 | ---D | C] WorldOfGoo -> C:\Program Files (x86)\WorldOfGoo -> [2010/08/27 16:47:36 | 000,000,000 | ---D | C] ERDNT -> C:\Windows\ERDNT -> [2010/08/26 16:06:42 | 000,000,000 | ---D | C] HijackThis -> C:\Program Files\HijackThis -> [2010/08/26 15:48:48 | 000,000,000 | ---D | C] Malwarebytes -> C:\Users\Krystine\AppData\Roaming\Malwarebytes -> [2010/08/26 15:24:45 | 000,000,000 | ---D | C] mbam.sys -> C:\Windows\SysWow64\drivers\mbam.sys -> [2010/08/26 15:24:44 | 000,015,504 | ---- | C] (Malwarebytes Corporation) mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/08/26 15:24:42 | 000,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/08/26 15:24:41 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/08/26 15:24:41 | 000,000,000 | ---D | C] CCleaner -> C:\Program Files (x86)\CCleaner -> [2010/08/26 15:10:58 | 000,000,000 | ---D | C] 32788R22FWJFW -> C:\32788R22FWJFW -> [2010/08/26 14:46:19 | 000,000,000 | R--D | C] TDSSKiller_Quarantine -> C:\TDSSKiller_Quarantine -> [2010/08/25 20:45:45 | 000,000,000 | ---D | C] Delta -> C:\Program Files (x86)\Delta -> [2010/08/23 17:42:22 | 000,000,000 | ---D | C] DESIGNER -> C:\Program Files (x86)\Common Files\DESIGNER -> [2010/08/12 20:32:09 | 000,000,000 | ---D | C] Microsoft Synchronization Services -> C:\Program Files (x86)\Microsoft Synchronization Services -> [2010/08/12 20:22:49 | 000,000,000 | ---D | C] PCHEALTH -> C:\Windows\PCHEALTH -> [2010/08/12 20:22:25 | 000,000,000 | ---D | C] Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2010/08/12 20:22:25 | 000,000,000 | ---D | C] Microsoft Sync Framework -> C:\Program Files (x86)\Microsoft Sync Framework -> [2010/08/12 20:22:25 | 000,000,000 | ---D | C] Microsoft SQL Server Compact Edition -> C:\Program Files (x86)\Microsoft SQL Server Compact Edition -> [2010/08/12 20:22:25 | 000,000,000 | ---D | C] Microsoft Analysis Services -> C:\Program Files (x86)\Microsoft Analysis Services -> [2010/08/12 20:16:56 | 000,000,000 | ---D | C] moonshl2 -> C:\Users\Krystine\Documents\moonshl2 -> [2010/08/08 21:17:37 | 000,000,000 | ---D | C] moonmemo -> C:\Users\Krystine\Documents\moonmemo -> [2010/08/08 21:17:37 | 000,000,000 | ---D | C] eng -> C:\Users\Krystine\Documents\eng -> [2010/08/08 20:39:21 | 000,000,000 | ---D | C] AAA DS -> C:\Users\Krystine\Documents\AAA DS -> [2010/08/08 18:20:39 | 000,000,000 | ---D | C] dvdshrink32setup.exe -> C:\Program Files (x86)\dvdshrink32setup.exe -> [2010/04/16 17:53:56 | 001,117,491 | ---- | C] (DVD Shrink ) pcouffin.sys -> C:\Users\Krystine\AppData\Roaming\pcouffin.sys -> [2009/12/16 16:47:12 | 000,082,816 | ---- | C] (VSO Software) CopyTrans.exe -> C:\Program Files\CopyTrans.exe -> [2009/12/04 17:24:58 | 003,139,840 | ---- | C] (WindSolutions) [Files/Folders - Modified Within 30 Days] ntuser.dat -> C:\Users\Krystine\ntuser.dat -> [2010/09/07 11:22:56 | 007,864,320 | -HS- | M] () OTS.exe -> C:\Users\Krystine\Desktop\OTS.exe -> [2010/09/07 11:18:06 | 000,641,024 | ---- | M] (OldTimer Tools) {22116563-108C-42c0-A7CE-60161B75E508}.job -> C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job -> [2010/09/07 11:09:03 | 000,000,298 | -H-- | M] () GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001UA.job -> [2010/09/07 10:46:00 | 000,000,920 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/09/07 09:47:27 | 000,717,892 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/09/07 09:47:27 | 000,618,026 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/09/07 09:47:27 | 000,104,340 | ---- | M] () Normandy.sys -> C:\Windows\SysWow64\drivers\Normandy.sys -> [2010/09/07 01:23:11 | 000,034,560 | ---- | M] () RKUnhookerLE.EXE -> C:\Users\Krystine\Desktop\RKUnhookerLE.EXE -> [2010/09/07 01:19:58 | 000,133,632 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/09/07 00:17:43 | 000,014,016 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/09/07 00:17:43 | 000,014,016 | -H-- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/09/07 00:10:39 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/09/07 00:10:36 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/09/07 00:10:29 | 536,195,071 | -HS- | M] () IconCache.db -> C:\Users\Krystine\AppData\Local\IconCache.db -> [2010/09/07 00:09:38 | 005,719,808 | -H-- | M] () GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001Core.job -> [2010/09/06 20:46:00 | 000,000,868 | ---- | M] () Mozilla Firefox.lnk -> C:\Users\Krystine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2010/09/06 20:22:43 | 000,001,967 | ---- | M] () Launch Internet Explorer Browser.lnk -> C:\Users\Krystine\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/09/06 20:20:26 | 000,001,441 | ---- | M] () MBRCheck.exe -> C:\Users\Krystine\Desktop\MBRCheck.exe -> [2010/09/06 18:03:08 | 000,080,384 | ---- | M] () incavi.avm -> C:\Windows\SysNative\drivers\Avg\incavi.avm -> [2010/09/06 09:54:57 | 064,355,736 | ---- | M] () ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms -> [2010/09/05 20:16:46 | 000,524,288 | -HS- | M] () ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms -> [2010/09/05 20:16:46 | 000,524,288 | -HS- | M] () ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TM.blf -> C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TM.blf -> [2010/09/05 20:16:46 | 000,065,536 | -HS- | M] () OTL.exe -> C:\Users\Krystine\Desktop\OTL.exe -> [2010/09/02 00:28:38 | 000,574,976 | ---- | M] (OldTimer Tools) ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms -> [2010/09/01 21:36:21 | 000,524,288 | -HS- | M] () ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms -> [2010/09/01 21:36:21 | 000,524,288 | -HS- | M] () ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TM.blf -> C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TM.blf -> [2010/09/01 21:36:21 | 000,065,536 | -HS- | M] () otl fix.docx -> C:\Users\Public\Documents\otl fix.docx -> [2010/09/01 18:15:08 | 000,013,409 | ---- | M] () Final Schedule for real 2010-11.docx -> C:\Users\Public\Documents\Final Schedule for real 2010-11.docx -> [2010/09/01 18:04:42 | 000,016,100 | ---- | M] () Final Schedule 2010-11.doc -> C:\Users\Krystine\Documents\Final Schedule 2010-11.doc -> [2010/09/01 17:51:45 | 000,078,336 | ---- | M] () Hosts -> C:\Windows\SysNative\drivers\etc\Hosts -> [2010/08/28 13:19:39 | 000,000,098 | ---- | M] () MONOLITH.INI -> C:\Windows\MONOLITH.INI -> [2010/08/27 20:49:38 | 000,000,069 | ---- | M] () win.ini -> C:\Windows\win.ini -> [2010/08/27 20:49:33 | 000,000,622 | ---- | M] () World of Goo.lnk -> C:\Users\Public\Desktop\World of Goo.lnk -> [2010/08/27 16:47:43 | 000,001,921 | ---- | M] () OTL Extras.docx -> C:\Users\Public\Documents\OTL Extras.docx -> [2010/08/26 16:45:06 | 000,018,655 | ---- | M] () OTL.docx -> C:\Users\Public\Documents\OTL.docx -> [2010/08/26 16:44:36 | 000,024,780 | ---- | M] () first goored.docx -> C:\Users\Public\Documents\first goored.docx -> [2010/08/26 16:21:36 | 000,013,180 | ---- | M] () second OTM.docx -> C:\Users\Public\Documents\second OTM.docx -> [2010/08/26 16:19:41 | 000,013,631 | ---- | M] () first OTM.docx -> C:\Users\Public\Documents\first OTM.docx -> [2010/08/26 16:15:20 | 000,013,664 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/08/26 15:24:44 | 000,001,013 | ---- | M] () PSX emulator.lnk -> C:\Users\Krystine\Desktop\PSX emulator.lnk -> [2010/08/23 19:40:44 | 000,000,834 | ---- | M] () Resume - Krystine Hossack - rtf.rtf -> C:\Users\Krystine\Documents\Resume - Krystine Hossack - rtf.rtf -> [2010/08/23 19:28:51 | 000,060,611 | ---- | M] () Resume - Krystine Hossack.doc -> C:\Users\Krystine\Documents\Resume - Krystine Hossack.doc -> [2010/08/23 19:12:14 | 000,035,328 | ---- | M] () GDIPFONTCACHEV1.DAT -> C:\Users\Krystine\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/08/12 20:57:06 | 000,108,840 | ---- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/08/12 20:55:26 | 000,415,616 | ---- | M] () resume - old.doc -> C:\Users\Krystine\Documents\resume - old.doc -> [2010/08/11 20:58:19 | 000,032,768 | ---- | M] () cover letter outline.doc -> C:\Users\Krystine\Documents\cover letter outline.doc -> [2010/08/11 20:46:20 | 000,030,208 | ---- | M] () [Files - No Company Name] Normandy.sys -> C:\Windows\SysWow64\drivers\Normandy.sys -> [2010/09/07 01:22:31 | 000,034,560 | ---- | C] () RKUnhookerLE.EXE -> C:\Users\Krystine\Desktop\RKUnhookerLE.EXE -> [2010/09/07 01:19:57 | 000,133,632 | ---- | C] () Mozilla Firefox.lnk -> C:\Users\Krystine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2010/09/06 20:22:43 | 000,001,967 | ---- | C] () Launch Internet Explorer Browser.lnk -> C:\Users\Krystine\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/09/06 20:20:26 | 000,001,441 | ---- | C] () MBRCheck.exe -> C:\Users\Krystine\Desktop\MBRCheck.exe -> [2010/09/06 18:03:07 | 000,080,384 | ---- | C] () ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms -> [2010/09/04 17:04:18 | 000,524,288 | -HS- | C] () ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms -> [2010/09/04 17:04:18 | 000,524,288 | -HS- | C] () ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TM.blf -> C:\Users\Krystine\ntuser.dat{fe1bca48-b6b2-11df-b00f-0025113d5e33}.TM.blf -> [2010/09/04 17:04:18 | 000,065,536 | -HS- | C] () ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000002.regtrans-ms -> [2010/09/01 20:39:28 | 000,524,288 | -HS- | C] () ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TMContainer00000000000000000001.regtrans-ms -> [2010/09/01 20:39:28 | 000,524,288 | -HS- | C] () ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TM.blf -> C:\Users\Krystine\ntuser.dat{b09e2749-b625-11df-9521-0025113d5e33}.TM.blf -> [2010/09/01 20:39:28 | 000,065,536 | -HS- | C] () otl fix.docx -> C:\Users\Public\Documents\otl fix.docx -> [2010/09/01 18:15:07 | 000,013,409 | ---- | C] () Final Schedule for real 2010-11.docx -> C:\Users\Public\Documents\Final Schedule for real 2010-11.docx -> [2010/09/01 17:42:21 | 000,016,100 | ---- | C] () GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001UA.job -> [2010/08/29 20:41:17 | 000,000,920 | ---- | C] () GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969533455-2505683156-2406357703-1001Core.job -> [2010/08/29 20:41:16 | 000,000,868 | ---- | C] () MONOLITH.INI -> C:\Windows\MONOLITH.INI -> [2010/08/27 20:47:12 | 000,000,069 | ---- | C] () World of Goo.lnk -> C:\Users\Public\Desktop\World of Goo.lnk -> [2010/08/27 16:47:43 | 000,001,921 | ---- | C] () OTL Extras.docx -> C:\Users\Public\Documents\OTL Extras.docx -> [2010/08/26 16:45:05 | 000,018,655 | ---- | C] () OTL.docx -> C:\Users\Public\Documents\OTL.docx -> [2010/08/26 16:44:35 | 000,024,780 | ---- | C] () first goored.docx -> C:\Users\Public\Documents\first goored.docx -> [2010/08/26 16:21:35 | 000,013,180 | ---- | C] () second OTM.docx -> C:\Users\Public\Documents\second OTM.docx -> [2010/08/26 16:19:39 | 000,013,631 | ---- | C] () first OTM.docx -> C:\Users\Public\Documents\first OTM.docx -> [2010/08/26 16:15:18 | 000,013,664 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/08/26 15:24:44 | 000,001,013 | ---- | C] () PSX emulator.lnk -> C:\Users\Krystine\Desktop\PSX emulator.lnk -> [2010/08/23 19:40:44 | 000,000,834 | ---- | C] () {22116563-108C-42c0-A7CE-60161B75E508}.job -> C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job -> [2010/08/12 18:17:15 | 000,000,298 | -H-- | C] () cover letter outline.doc -> C:\Users\Krystine\Documents\cover letter outline.doc -> [2010/08/11 20:46:17 | 000,030,208 | ---- | C] () Resume - Krystine Hossack - rtf.rtf -> C:\Users\Krystine\Documents\Resume - Krystine Hossack - rtf.rtf -> [2010/08/10 15:07:13 | 000,060,611 | ---- | C] () Resume - Krystine Hossack.doc -> C:\Users\Krystine\Documents\Resume - Krystine Hossack.doc -> [2010/08/10 15:06:36 | 000,035,328 | ---- | C] () vso_ts_preview.xml -> C:\Users\Krystine\AppData\Roaming\vso_ts_preview.xml -> [2009/12/16 16:47:49 | 000,001,041 | ---- | C] () pcouffin.log -> C:\Users\Krystine\AppData\Roaming\pcouffin.log -> [2009/12/16 16:47:21 | 000,000,033 | ---- | C] () inst.exe -> C:\Users\Krystine\AppData\Roaming\inst.exe -> [2009/12/16 16:47:12 | 000,099,384 | ---- | C] () pcouffin.cat -> C:\Users\Krystine\AppData\Roaming\pcouffin.cat -> [2009/12/16 16:47:12 | 000,007,859 | ---- | C] () pcouffin.inf -> C:\Users\Krystine\AppData\Roaming\pcouffin.inf -> [2009/12/16 16:47:12 | 000,001,167 | ---- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2009/12/15 20:55:10 | 000,730,638 | ---- | C] () Serail & Readme.bat -> C:\Program Files\Serail & Readme.bat -> [2009/12/11 01:19:40 | 000,001,169 | ---- | C] () License Agreement.rtf -> C:\Program Files\License Agreement.rtf -> [2009/12/04 17:24:58 | 000,013,425 | ---- | C] () CopyTrans.ris -> C:\Program Files\CopyTrans.ris -> [2009/12/04 17:24:58 | 000,000,652 | ---- | C] () INSTALLATION_PROCEDURE.txt -> C:\Program Files\INSTALLATION_PROCEDURE.txt -> [2009/12/04 17:24:58 | 000,000,603 | ---- | C] () GDIPFONTCACHEV1.DAT -> C:\Users\Krystine\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/12/04 15:46:15 | 000,108,840 | ---- | C] () resmon.resmoncfg -> C:\Users\Krystine\AppData\Local\resmon.resmoncfg -> [2009/12/04 15:36:36 | 000,000,017 | ---- | C] () IconCache.db -> C:\Users\Krystine\AppData\Local\IconCache.db -> [2009/12/04 15:29:48 | 005,719,808 | -H-- | C] () GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/14 01:32:39 | 000,043,318 | ---- | C] () GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,029,779 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,026,489 | ---- | C] () GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/14 01:32:39 | 000,026,040 | ---- | C] () desktop.ini -> C:\Program Files\desktop.ini -> [2009/07/14 00:54:24 | 000,000,174 | -HS- | C] () desktop.ini -> C:\Program Files (x86)\desktop.ini -> [2009/07/14 00:54:24 | 000,000,174 | -HS- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () [Custom Scans] < drivers32 > < %SYSTEMDRIVE%\*.* > bootmgr -> C:\bootmgr -> [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/12/04 18:11:15 | 000,008,192 | RHS- | M] () deltaStartup.log -> C:\deltaStartup.log -> [2010/08/23 17:43:07 | 000,000,741 | ---- | M] () grldr -> C:\grldr -> [2009/12/04 15:46:23 | 000,203,316 | RHS- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/09/07 00:10:29 | 536,195,071 | -HS- | M] () msdia80.dll -> C:\msdia80.dll -> [2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) pagefile.sys -> C:\pagefile.sys -> [2010/09/07 00:10:34 | 2146,586,623 | -HS- | M] () TDSSKiller.2.4.1.4_01.09.2010_17.14.51_log.txt -> C:\TDSSKiller.2.4.1.4_01.09.2010_17.14.51_log.txt -> [2010/09/01 17:15:21 | 000,061,762 | ---- | M] () TDSSKiller.2.4.1.4_01.09.2010_17.15.30_log.txt -> C:\TDSSKiller.2.4.1.4_01.09.2010_17.15.30_log.txt -> [2010/09/01 17:16:36 | 000,061,762 | ---- | M] () win7ldr -> C:\win7ldr -> [2009/12/04 15:46:40 | 000,000,003 | RHS- | M] () < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x > desktop.ini -> C:\Users\Krystine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini -> [2010/09/06 20:20:26 | 000,000,221 | -HS- | M] () < %systemroot%\ADDINS\*.* > FXSEXT.ecf -> C:\Windows\addins\FXSEXT.ecf -> [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () < %PROGRAMFILES%\Mozilla Firefox\0*.exe > < %USERPROFILE%\My Documents\*.exe > < %USERPROFILE%\*.exe > < %systemroot%\AppPatch\Custom\*.* > < %systemroot%\system32\HelpFiles\*.* > < End of report > [/code]