[code] OTS logfile created on: 9/12/2010 10:11:58 PM - Run 1 OTS by OldTimer - Version 3.1.37.0 Folder = C:\Users\Marcus\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 63.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 295.41 Gb Total Space | 247.44 Gb Free Space | 83.76% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARCUS-PC Current User Name: Marcus Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Marcus\Desktop\OTS.exe -> [2010/09/12 22:08:55 | 000,642,048 | ---- | M] (OldTimer Tools) acrotray.exe -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe -> [2010/06/19 12:36:46 | 000,640,440 | ---- | M] (Adobe Systems Inc.) applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) nmindexstoresvr.exe -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe -> [2008/01/22 11:13:32 | 001,201,448 | ---- | M] (Nero AG) nmbgmonitor.exe -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe -> [2008/01/22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) dellwmgr.exe -> C:\Program Files (x86)\DELL\DELL Webcam Manager\DellWMgr.exe -> [2007/06/07 11:14:36 | 000,118,784 | ---- | M] (Creative Technology Ltd.) oem02mon.exe -> C:\Windows\OEM02Mon.exe -> [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) ioctlsvc.exe -> C:\Windows\SysWOW64\IoctlSvc.exe -> [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) e_s30rp1.exe -> C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -> [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) mdm.exe -> C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Modules - Safe List] ots.exe -> C:\Users\Marcus\Desktop\OTS.exe -> [2010/09/12 22:08:55 | 000,642,048 | ---- | M] (OldTimer Tools) sfc_os.dll -> C:\Windows\SysWOW64\sfc_os.dll -> [2009/07/13 21:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) msi.dll -> C:\Windows\SysWOW64\msi.dll -> [2009/07/13 21:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) msiltcfg.dll -> C:\Windows\SysWOW64\msiltcfg.dll -> [2009/07/13 21:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) sfc.dll -> C:\Windows\SysWOW64\sfc.dll -> [2009/07/13 21:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(FLEXnet Licensing Service 64) [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2010/06/21 15:56:32 | 001,038,088 | ---- | M] (Acresso Software Inc.) 64bit-(MsMpSvc) [Auto | Running] -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) 64bit-(WinDefend) [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2010/06/21 15:34:52 | 000,655,624 | ---- | M] (Acresso Software Inc.) (Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) (clr_optimization_v4.0.30319_64) Microsoft .NET Framework NGEN v4.0.30319_X64 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Auto | Running] -> C:\Windows\SysWOW64\IoctlSvc.exe -> [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [Auto | Running] -> C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -> [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) (MDM) Machine Debug Manager [Auto | Running] -> C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] 64bit-(ApfiltrService) Alps Touch Pad Filter Driver for Windows x64 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Apfiltr.sys -> [2010/01/22 16:38:52 | 000,284,720 | ---- | M] (Alps Electric Co., Ltd.) 64bit-(sdbus) sdbus [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2009/10/09 22:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) 64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\BCMWL664.SYS -> [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) 64bit-(SrvHsfV92) SrvHsfV92 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\VSTDPV6.SYS -> [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) 64bit-(SrvHsfWinac) SrvHsfWinac [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\VSTCNXT6.SYS -> [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) 64bit-(SrvHsfHDA) SrvHsfHDA [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\VSTAZL6.SYS -> [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) 64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () 64bit-(bcm44amd64) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\b44amd64.sys -> [2009/06/10 16:34:35 | 000,087,552 | ---- | M] (Broadcom Corporation) 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) 64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) 64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\PxHlpa64.sys -> [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) 64bit-(OEM02Dev) Creative Camera OEM002 Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\OEM02Dev.sys -> [2007/10/10 17:03:00 | 000,266,624 | ---- | M] (Creative Technology Ltd.) 64bit-(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\rixdpx64.sys -> [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) 64bit-(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\rimspx64.sys -> [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) 64bit-(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\rimmpx64.sys -> [2007/03/19 12:09:36 | 000,055,808 | ---- | M] (REDC) 64bit-(OEM02Vfx) Creative Camera OEM002 Video VFX Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\OEM02Vfx.sys -> [2007/03/05 10:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) (adfs) adfs [Kernel | Auto | Running] -> C:\Windows\SysWow64\drivers\adfs.sys -> [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Registry - All] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 64bit-HKEY_USERS\S-1-5-19\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysNative\ieframe.dll [Microsoft Url Search Hook] -> [2010/06/30 03:11:35 | 012,364,800 | ---- | M] (Microsoft Corporation) HKEY_USERS\S-1-5-19\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysWOW64\ieframe.dll [Microsoft Url Search Hook] -> [2010/06/30 02:21:46 | 010,985,472 | ---- | M] (Microsoft Corporation) < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 64bit-HKEY_USERS\S-1-5-20\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysNative\ieframe.dll [Microsoft Url Search Hook] -> [2010/06/30 03:11:35 | 012,364,800 | ---- | M] (Microsoft Corporation) HKEY_USERS\S-1-5-20\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysWOW64\ieframe.dll [Microsoft Url Search Hook] -> [2010/06/30 02:21:46 | 010,985,472 | ---- | M] (Microsoft Corporation) < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\] > -> -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 97 6B 30 E4 72 3D CB 01 [binary data] -> 64bit-HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysNative\ieframe.dll [Microsoft Url Search Hook] -> [2010/06/30 03:11:35 | 012,364,800 | ---- | M] (Microsoft Corporation) HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysWOW64\ieframe.dll [Microsoft Url Search Hook] -> [2010/06/30 02:21:46 | 010,985,472 | ---- | M] (Microsoft Corporation) HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\: "ProxyOverride" -> *.local -> < FireFox Settings [Prefs.js] > -> C:\Users\Marcus\AppData\Roaming\Mozilla\FireFox\Profiles\t9cuscl3.default\prefs.js -> browser.startup.homepage -> "www.msn.com" -> extensions.enabledItems -> {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.5 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 -> extensions.enabledItems -> mp4downloader@jeff.net:1.2.12 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9 -> extensions.enabledItems -> {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/09/08 19:46:05 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/09/08 19:46:05 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Marcus\AppData\Roaming\Mozilla\Extensions -> [2010/06/21 09:50:47 | 000,000,000 | ---D | M] No name found -> C:\Users\Marcus\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2010/06/21 09:50:47 | 000,000,000 | ---D | M] -> C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\t9cuscl3.default\extensions -> [2010/09/12 12:19:53 | 000,000,000 | ---D | M] Old Location Bar -> C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\t9cuscl3.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} -> [2010/07/13 13:59:59 | 000,000,000 | ---D | M] AmbientFox -> C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\t9cuscl3.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} -> [2010/06/21 10:17:20 | 000,000,000 | ---D | M] -> C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\t9cuscl3.default\extensions\mp4downloader@jeff.net -> [2010/08/21 22:15:38 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/09/12 12:19:53 | 000,000,000 | ---D | M] Default -> C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2010/09/08 19:46:05 | 000,000,000 | ---D | M] Java Console -> C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/06/21 10:25:17 | 000,000,000 | ---D | M] Java Console -> C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/29 19:56:32 | 000,000,000 | ---D | M] < HOSTS File > ([2010/06/21 12:15:36 | 000,000,852 | ---- | M] - 22 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts 127.0.0.1 activate.adobe.com < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2010/06/19 12:29:34 | 000,075,200 | ---- | M] (Adobe Systems Incorporated) {AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2010/08/04 15:37:18 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.) {F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\] > -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Apoint" -> C:\Program Files\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> [2010/01/25 14:29:12 | 000,369,152 | ---- | M] (Alps Electric Co., Ltd.) "HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2009/09/23 19:30:44 | 000,385,560 | ---- | M] (Intel Corporation) "IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2009/09/23 19:30:44 | 000,165,912 | ---- | M] (Intel Corporation) "MSSE" -> c:\Program Files\Microsoft Security Essentials\msseces.exe ["c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey] -> [2010/06/01 15:49:42 | 001,446,504 | ---- | M] (Microsoft Corporation) "Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2009/09/23 19:30:44 | 000,363,544 | ---- | M] (Intel Corporation) "QuickSet" -> C:\Program Files\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\QuickSet.exe] -> [2010/04/01 20:16:24 | 003,217,056 | ---- | M] (Dell Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "" -> [] -> File not found "Acrobat Assistant 8.0" -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ["C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"] -> [2010/06/19 12:36:46 | 000,640,440 | ---- | M] (Adobe Systems Inc.) "Adobe Acrobat Speed Launcher" -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe ["C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2010/06/19 19:04:31 | 000,038,840 | ---- | M] (Adobe Systems Incorporated) "Adobe ARM" -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2010/06/09 04:06:33 | 000,976,832 | ---- | M] (Adobe Systems Incorporated) "Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) "AdobeCS4ServiceManager" -> C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe ["C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin] -> [2008/08/14 07:58:34 | 000,611,712 | ---- | M] (Adobe Systems Incorporated) "iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"] -> [2010/06/15 16:33:44 | 000,141,624 | ---- | M] (Apple Inc.) "OEM02Mon.exe" -> C:\Windows\OEM02Mon.exe [C:\Windows\OEM02Mon.exe] -> [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) "QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2010/03/18 22:16:10 | 000,421,888 | ---- | M] (Apple Inc.) "SunJavaUpdateSched" -> C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ["C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"] -> [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\] > -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> [2008/01/22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) "DELL Webcam Manager" -> C:\Program Files (x86)\DELL\DELL Webcam Manager\DellWMgr.exe ["C:\Program Files (x86)\DELL\DELL Webcam Manager\DellWMgr.exe" /s] -> [2007/06/07 11:14:36 | 000,118,784 | ---- | M] (Creative Technology Ltd.) "EPSON Stylus Photo R380 Series" -> C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBOA.EXE [C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBOA.EXE /FU "C:\Windows\TEMP\E_S6854.tmp" /EF "HKCU"] -> File not found "Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2009/07/13 21:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found \\"NoActiveDesktopChanges" -> [1] -> File not found \\"ForceActiveDesktopOn" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [0] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found \\"EnableInstallerDetection" -> [1] -> File not found \\"EnableLUA" -> [0] -> File not found \\"EnableSecureUIAPaths" -> [1] -> File not found \\"EnableUIADesktopToggle" -> [0] -> File not found \\"EnableVirtualization" -> [1] -> File not found \\"PromptOnSecureDesktop" -> [0] -> File not found \\"ValidateAdminCodeSignatures" -> [0] -> File not found \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"scforceoption" -> [0] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"FilterAdministratorToken" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats \UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001] > -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < 64bit-Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2010/06/23 17:14:32 | 010,354,000 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2010/06/23 17:14:32 | 010,354,000 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2010/06/23 17:14:32 | 010,354,000 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2010/06/23 17:14:32 | 010,354,000 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\] > -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> Append Link Target to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) Append to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) Convert Link Target to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) Convert to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2010/06/23 17:14:32 | 010,354,000 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\] > -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> Append Link Target to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) Append to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) Convert Link Target to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) Convert to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2010/06/19 12:34:30 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2010/06/23 17:14:32 | 010,354,000 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\] > -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\] > -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1475447339-35499569-840062006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/sites/production/ieawsdc32.cab [Microsoft Office Template and Media Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.0.1 165.166.142.42 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {B5047FE0-25CE-4561-8A93-5AB7D26076CE}\\DhcpNameServer -> 192.168.0.1 165.166.142.42 (Dell Wireless 1395 WLAN Mini-Card) -> < 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> acaptuser64.dll -> C:\Windows\SysNative\acaptuser64.dll -> [2008/06/11 23:36:06 | 000,119,160 | ---- | M] (Adobe Systems, Inc.) *MultiFile Done* -> -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> acaptuser32.dll -> C:\Windows\SysWow64\acaptuser32.dll -> [2010/06/19 13:12:04 | 000,112,056 | ---- | M] (Adobe Systems Incorporated) *MultiFile Done* -> -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 21:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> userinit.exe -> C:\Windows\SysWow64\userinit.exe -> [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2009/09/23 18:52:58 | 000,261,120 | ---- | M] (Intel Corporation) < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> credssp.dll -> C:\Windows\SysNative\credssp.dll -> [2009/07/13 21:40:23 | 000,020,480 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> credssp.dll -> C:\Windows\SysWow64\credssp.dll -> [2009/07/13 21:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 64bit-*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> C:\Windows\SysNative\msv1_0.dll -> [2009/09/10 02:28:22 | 000,311,808 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> C:\Windows\SysWow64\msv1_0.dll -> [2009/09/10 01:52:05 | 000,257,024 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> C:\Windows\SysNative\kerberos.dll -> [2009/07/13 21:41:13 | 000,714,240 | ---- | M] (Microsoft Corporation) msv1_0 -> C:\Windows\SysNative\msv1_0.dll -> [2009/09/10 02:28:22 | 000,311,808 | ---- | M] (Microsoft Corporation) schannel -> C:\Windows\SysNative\schannel.dll -> [2010/06/16 02:11:10 | 000,340,992 | ---- | M] (Microsoft Corporation) wdigest -> C:\Windows\SysNative\wdigest.dll -> [2009/07/13 21:41:56 | 000,210,432 | ---- | M] (Microsoft Corporation) tspkg -> C:\Windows\SysNative\tspkg.dll -> [2009/07/13 21:41:55 | 000,086,016 | ---- | M] (Microsoft Corporation) pku2u -> C:\Windows\SysNative\pku2u.dll -> [2009/07/13 21:41:53 | 000,240,640 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> C:\Windows\SysWow64\kerberos.dll -> [2009/07/13 21:15:35 | 000,541,184 | ---- | M] (Microsoft Corporation) msv1_0 -> C:\Windows\SysWow64\msv1_0.dll -> [2009/09/10 01:52:05 | 000,257,024 | ---- | M] (Microsoft Corporation) schannel -> C:\Windows\SysWow64\schannel.dll -> [2010/06/16 01:48:35 | 000,224,256 | ---- | M] (Microsoft Corporation) wdigest -> C:\Windows\SysWow64\wdigest.dll -> [2009/07/13 21:16:18 | 000,171,520 | ---- | M] (Microsoft Corporation) tspkg -> C:\Windows\SysWow64\tspkg.dll -> [2009/07/13 21:16:16 | 000,065,024 | ---- | M] (Microsoft Corporation) pku2u -> C:\Windows\SysWow64\pku2u.dll -> [2009/07/13 21:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {00E0E5E0-35FA-468C-B247-7A66212440EF} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {02BA07A4-8022-459C-B42A-51B0886B507B} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {04F351D8-A94F-4E1A-8705-54656B93DFCE} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {05196EE1-9F4C-4881-BF0B-CF864A5F78E7} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {09FBECF9-76BA-4246-9770-CEB2D1944C1A} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {18A953B7-EB10-4616-A597-17F137A9F004} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {1D321FC2-745B-47B8-85F4-EB38C0F6F3DD} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {33E02E05-D722-4CDB-8C04-51179653DDAC} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {3B7835B1-2035-4A9E-8CFE-F5803C913291} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {52098767-951B-4496-A614-1C58F4B0D728} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {572E1482-CEE8-485B-A466-665C18C30EB3} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {63FAC3CC-9F28-42E4-A380-70C8DFC9130A} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {7C3EF24D-88DC-4172-8375-16FF0592B0EE} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {7E2920E8-A604-49E8-986A-4175B43B33EB} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {97BD3DEF-6B8B-4940-85C3-A4981F2D779A} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {9DEBBBDA-1583-41E5-B463-04869D74963B} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {A330D20A-4F6B-4607-80AD-19619BF7129B} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {A840C234-EDA6-4CA4-B475-B56B64673EF2} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {AFF3C7CB-AB1B-4352-867C-609CE8FC148D} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {B4E3760C-BE38-4D39-9A1F-2EB17268216E} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {C2A982E2-C87C-4417-8B10-5A6ADC65396F} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {CABC946E-B2E1-4115-AE27-D17B77988C9C} -> lport=5353 | profile=private | protocol=6 | dir=in | action=allow | name=adobe csi cs4 | {E2FE5A64-8D83-4B0A-8647-BCB7EFBE84B4} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {EDAB1DA5-56EC-4AFE-923E-BAB28B475E6C} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {0121AC82-2E2F-4F60-8F2C-493B0E0A5E12} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {02AE2524-2BAE-4919-8EA4-4B2288B15823} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {10AA9B33-7F91-4565-B641-B23AF5491128} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {1BC133F8-A8CE-4EC7-A47E-43B4A9C495EE} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {1F9D3C93-A9D5-4E0A-8FB4-1937272C6DAA} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {2A548EF6-C637-49BF-B3AA-7956ABB95F53} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {4547721E-3A81-4074-9D82-72DB1AC62A87} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {5FB5D5BA-0E25-496F-83FE-3B3C7F799278} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {7EA40E8A-9BDA-4C2D-B40C-2E56E756DF46} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {82974FD4-83DF-44A2-9D8E-DBF9A9E090B3} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {94141324-CF68-4F7B-93C9-302E4ED25260} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {9C33404F-B8F4-45ED-B5C4-85B9F77E441F} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {ACB1F6BF-0D56-42CB-9D5C-9C9306241B96} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {B21AFB2E-DD4E-4FDE-816B-F7F303A3DEB7} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {BA85F189-399F-47A6-A425-906C99B5717C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {BEF5E7C4-787E-41C5-89D9-11C56BBE6389} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {C710DBAF-E5FB-4B38-B790-179FE03F824E} -> profile=private | protocol=6 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | {C72124BC-E202-46E8-AC63-F682F5D94F9B} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {C87C5D22-CB22-482D-AFE4-83E8497FEEB5} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {C94A4DA2-059C-4E68-8BD7-996D82387D8F} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {D07CF972-AAE4-4CD1-9F56-C8D127059739} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {D3BB17A4-B0B5-498F-8538-A7F62D57CC0E} -> profile=private | protocol=17 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | {DAC93A18-A49E-4320-ADD5-C63D4F12969A} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {E9199D36-3D02-4606-A853-3973BE1285CD} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {FF8E8F75-E2FA-43C1-A9BD-222C7C426943} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \E HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell \E\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\AutoRun\command \E\shell\AutoRun\command\\"" -> E:\WD SmartWare.exe ["E:\WD SmartWare.exe" autoplay=true] -> File not found \{0040a80f-7cb8-11df-9048-0021706bef7b} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0040a80f-7cb8-11df-9048-0021706bef7b}\shell \{0040a80f-7cb8-11df-9048-0021706bef7b}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0040a80f-7cb8-11df-9048-0021706bef7b}\shell\AutoRun\command \{0040a80f-7cb8-11df-9048-0021706bef7b}\shell\AutoRun\command\\"" -> E:\WD SmartWare.exe ["E:\WD SmartWare.exe" autoplay=true] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* -> File not found 64bit-cmdfile [open] -> "%1" %* -> File not found 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found 64bit-htmlfile [edit] -> "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 14:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation) 64bit-htmlfile [print] -> "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2007/04/19 14:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation) 64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 21:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/06/30 02:22:34 | 005,971,456 | ---- | M] (Microsoft Corporation) 64bit-piffile [open] -> "%1" %* -> File not found 64bit-scrfile [config] -> "%1" -> File not found 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 21:38:51 | 000,130,048 | ---- | M] (Microsoft Corporation) 64bit-scrfile [open] -> "%1" /S -> File not found 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found 64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 21:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation) 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 21:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> htmlfile [edit] -> "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 14:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation) htmlfile [print] -> "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2007/04/19 14:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation) inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 21:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation) InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/06/30 02:22:34 | 005,971,456 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 21:14:08 | 000,128,000 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 21:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) < 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {295CFB7C-A57E-4313-93E7-68E7CE1D0332} -> Adobe WinSoft Linguistics Plugin x64 {2D74E972-5A85-44DC-9193-8A302BA8C181} -> Photoshop Camera Raw_x64 {328CC232-CFDC-468B-A214-2E21300E4CB5} -> Apple Mobile Device Support {53529DAD-F7C9-476E-87CC-1547C4E3E821} -> iTunes {6631325A-9B1B-4EE7-8E64-8CC4A6F10643} -> Adobe Fonts All x64 {75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb -> Adobe Audition 3.0 Vista Compatibility {87CF757E-C1F1-4D22-865C-00C6950B5258} -> Quickset64 {8875A1C0-6308-4790-8CF6-D34E89880052} -> Adobe Linguistics CS4 x64 {887797BF-37A5-4199-B0C9-0D38D6196E9A} -> Adobe Anchor Service x64 CS4 {8C8D673B-20FB-43E6-BCB7-9B3F78F2E762} -> Adobe Type Support x64 CS4 {8DAA31EB-6830-4006-A99F-4DF8AB24714F} -> Adobe CSI CS4 x64 {90BA8112-80B3-4617-A3C1-BD2771B60F74} -> Adobe CMaps x64 CS4 {95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D} -> Microsoft Security Essentials {9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} -> Dell Touchpad {A3454894-144A-4D80-B605-C128FE0D7329} -> Adobe Drive CS4 x64 {AC76BA86-1033-0000-0064-0003D0000004} -> Adobe Acrobat 9 Pro Extended 64-bit Add-On {B91110FB-33B4-468B-90C2-4D5E8AE3FAE1} -> Bonjour {D40172D6-CE2D-4B72-BF5F-26A04A900B7B} -> Adobe Photoshop CS4 (64 Bit) {DFFABE78-8173-4E97-9C5C-22FB26192FC5} -> Adobe PDF Library Files x64 CS4 {E62A1F01-07B7-4541-A835-EE5B0BF064C2} -> Microsoft Antimalware {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} -> Microsoft .NET Framework 4 Client Profile Creative OEM002 -> Laptop Integrated Webcam Driver (1.04.01.1011) EPSON Printer and Utilities -> EPSON Printer Software HDMI -> Intel(R) Graphics Media Accelerator Driver Microsoft .NET Framework 4 Client Profile -> Microsoft .NET Framework 4 Client Profile Microsoft Security Essentials -> Microsoft Security Essentials < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {00ADFB20-AE75-46F4-AD2C-F48B15AC3100} -> Adobe Color NA Recommended Settings CS4 {05308C4E-7285-4066-BAE3-6B50DA6ED755} -> Adobe Update Manager CS4 {054EFA56-2AC1-48F4-A883-0AB89874B972} -> Adobe Extension Manager CS4 {098727E1-775A-4450-B573-3F441F1CA243} -> kuler {0D6013AB-A0C7-41DC-973C-E93129C9A29F} -> Adobe Color JA Extra Settings CS4 {0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23} -> Adobe Setup {0F723FC1-7606-4867-866C-CE80AD292DAF} -> Adobe CSI CS4 {1618734A-3957-4ADD-8199-F973763109A8} -> Adobe Anchor Service CS4 {16E16F01-2E2D-4248-A42F-76261C147B6C} -> Adobe Drive CS4 {16E6D2C1-7C90-4309-8EC4-D2212690AAA4} -> AdobeColorCommonSetRGB {1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995} -> Live! Cam Avatar v1.0 {26A24AE4-039D-4CA4-87B4-2F83216020FF} -> Java(TM) 6 Update 21 {297190A1-4B0D-4CD6-8B9F-3907F15C3FD8} -> Adobe CS4 American English Speech Analysis Models {35D94F92-1D3A-43C5-8605-EA268B1A7BD9} -> PDF Settings CS4 {39F6E2B4-CFE8-C30A-66E8-489651F0F34C} -> Adobe Media Player {3A4E8896-C2E7-4084-A4A4-B8FD1894E739} -> Adobe XMP Panels CS4 {3D2C9DE6-9ADE-4252-A241-E43723B0CE02} -> Adobe Color - Photoshop Specific CS4 {3D9892BB-A751-4E48-ADC8-E4289956CE1D} -> QuickTime {45A66726-69BC-466B-A7A4-12FCBA4883D7} -> HiJackThis {4943EFF5-229F-435D-BEA9-BE3CAEA783A7} -> Adobe Service Manager Extension {4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater {4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1 -> SureThing CD Labeler Deluxe 5 {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8} -> Adobe Audition 3.0 {5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} -> Adobe Color EU Extra Settings CS4 {561968FD-56A1-49FD-9ED0-F55482C7C5BC} -> Adobe Media Encoder CS4 Exporter {566BB41D-F006-4956-A5D3-94D8DFFA7F51} -> Adobe Setup {56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml {59F6A514-9813-47A3-948C-8A155460CC2A} -> RICOH R5C83x/84x Media Driver Ver.3.53.02 {5EAD5443-7194-46CC-A055-428E6ABB1BAF} -> Adobe Encore CS4 {60DB5894-B5A1-4B62-B0F3-669A22C0EE5D} -> Adobe Dynamiclink Support {63C24A08-70F3-4C8E-B9FB-9F21A903801D} -> Adobe Color Video Profiles CS CS4 {63E5CDBF-8214-4F03-84F8-CD3CE48639AD} -> Adobe Photoshop CS4 Support {65D0C510-D7B6-4438-9FC8-E6B91115AB0D} -> Live! Cam Avatar Creator {67F0E67A-8E93-4C2C-B29D-47C48262738A} -> Adobe Device Central CS4 {68243FF8-83CA-466B-B2B8-9F99DA5479C4} -> AdobeColorCommonSetCMYK {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} -> Windows Media Player Firefox Plugin {7406DF60-016D-476B-A2C7-55D997592047} -> Adobe OnLocation CS4 {8186FF34-D389-4B7E-9A2F-C197585BCFBD} -> Adobe Media Encoder CS4 Importer {820D3F45-F6EE-4AAF-81EF-CE21FF21D230} -> Adobe Type Support CS4 {83877DB1-8B77-45BC-AB43-2BAC22E093E0} -> Adobe Bridge CS4 {842B4B72-9E8F-4962-B3C1-1C422A5C4434} -> Suite Shared Configuration CS4 {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight {91110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 {94D398EB-D2FD-4FD1-B8C4-592635E8A191} -> Adobe CMaps CS4 {98EFD8F0-08DE-48DB-B922-A2EBAB711033} -> Nero 7 Essentials {9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 {AC76BA86-1033-F400-7761-000000000004} -> Adobe Acrobat 9 Pro Extended - English, Français, Deutsch {AC76BA86-1033-F400-7761-000000000004}_934 -> Adobe Acrobat 9.3.4 - CPSID_83708 {AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004} -> Adobe Acrobat 9 Pro Extended - English, Français, Deutsch {AC76BA86-7AD7-1033-7B44-A93000000001} -> Adobe Reader 9.3 {B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7} -> Adobe Premiere Pro CS4 Functional Content {B194272D-1F92-46DF-99EB-8D5CE91CB4EC} -> Adobe AIR {B29AD377-CC12-490A-A480-1452337C618D} -> Connect {B2D328BE-45AD-4D92-96F9-2151490A203E} -> Apple Application Support {BB4E33EC-8181-4685-96F7-8554293DEC6A} -> Adobe Output Module {BE9CEAAA-F069-4331-BF2F-8D350F6504F4} -> Adobe Media Encoder CS4 Additional Exporter {C41300B9-185D-475E-BFEC-39EF732F19B1} -> Apple Software Update {C52E3EC1-048C-45E1-8D53-10B0C6509683} -> Adobe Default Language CS4 {C938BE91-3BB5-4B84-9EF6-88F0505D0038} -> Adobe Premiere Pro CS4 Third Party Content {CC75AB5C-2110-4A7F-AF52-708680D22FE8} -> Photoshop Camera Raw {D499F8DE-3F31-4900-9157-61061613704B} -> Adobe Premiere Pro CS4 {DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9} -> Adobe Premiere Pro CS4 {DEB90B8E-0DCB-48CE-B90E-8842A2BD643E} -> Adobe Media Encoder CS4 {E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4} -> Corel Paint Shop Pro Photo XI {E4848436-0345-47E2-B648-8B522FCDA623} -> Adobe Photoshop CS4 {EE353798-E875-42E0-B58D-7E6696182EA8} -> Adobe Media Encoder CS4 Dolby {F0E64E2E-3A60-40D8-A55D-92F6831875DA} -> Adobe Search for Help {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver {F8131A35-47FD-27AD-116D-0E79AF5DE5EE} -> Acrobat.com {F8EF2B3F-C345-4F20-8FE4-791A20333CD5} -> Adobe ExtendScript Toolkit CS4 {F93C84A6-0DC6-42AF-89FA-776F7C377353} -> Adobe PDF Library Files CS4 {FB2A5FCC-B81B-48C2-A009-7804694D83E9} -> Adobe Encore CS4 Codecs {FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} -> Adobe Fonts All {FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4} -> EPSON Print CD Adobe AIR -> Adobe AIR Adobe Audition 3.0 -> Adobe Audition 3.0 Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin Adobe Shockwave Player -> Adobe Shockwave Player 11.5 Adobe_26b63376f4efc354dae41af6b5e3343 -> Adobe Premiere Pro CS4 Adobe_faf656ef605427ee2f42989c3ad31b8 -> Adobe Photoshop CS4 Advanced Audio FX Engine -> Advanced Audio FX Engine Advanced Video FX Engine -> Advanced Video FX Engine CCleaner -> CCleaner com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Adobe Media Player com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com DELL Webcam Center -> DELL Webcam Center DELL Webcam Manager -> DELL Webcam Manager FileZilla Client -> FileZilla Client 3.3.4 ImTOO MPEG Encoder -> ImTOO MPEG Encoder Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware Mozilla Firefox (3.6.9) -> Mozilla Firefox (3.6.9) Notepad++ -> Notepad++ Silent Package Run-Time Sample -> EPSON Stylus Photo R380 User's Guide < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 8/31/2010 4:56:06 PM Computer Name = Marcus-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 2028 Application [ Error ] 8/31/2010 4:56:06 PM Computer Name = Marcus-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 2028 Application [ Error ] 8/31/2010 4:56:07 PM Computer Name = Marcus-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 8/31/2010 4:56:07 PM Computer Name = Marcus-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 3182 Application [ Error ] 8/31/2010 4:56:07 PM Computer Name = Marcus-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 3182 Application [ Error ] 8/31/2010 5:05:27 PM Computer Name = Marcus-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 8/31/2010 5:05:27 PM Computer Name = Marcus-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 563335 Application [ Error ] 8/31/2010 5:05:27 PM Computer Name = Marcus-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 563335 Application [ Error ] 9/1/2010 10:17:38 AM Computer Name = Marcus-PC | Source = Customer Experience Improvement Program | ID = 1008 -> Description = Application [ Error ] 9/1/2010 10:59:45 AM Computer Name = Marcus-PC | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. System [ Error ] 8/11/2010 1:10:25 PM Computer Name = Marcus-PC | Source = DCOM | ID = 10010 -> Description = System [ Error ] 8/13/2010 2:31:39 PM Computer Name = Marcus-PC | Source = DCOM | ID = 10010 -> Description = System [ Error ] 8/13/2010 6:20:29 PM Computer Name = Marcus-PC | Source = WMPNetworkSvc | ID = 866300 -> Description = System [ Error ] 8/16/2010 8:42:48 AM Computer Name = Marcus-PC | Source = DCOM | ID = 10010 -> Description = System [ Error ] 8/28/2010 9:23:18 PM Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7011 -> Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. System [ Error ] 9/6/2010 9:49:56 PM Computer Name = Marcus-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 9:47:48 PM on ?9/?6/?2010 was unexpected. System [ Error ] 9/7/2010 12:11:38 AM Computer Name = Marcus-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 12:10:00 AM on ?9/?7/?2010 was unexpected. System [ Error ] 9/7/2010 12:11:47 AM Computer Name = Marcus-PC | Source = BugCheck | ID = 1001 -> Description = System [ Error ] 9/7/2010 11:06:09 PM Computer Name = Marcus-PC | Source = Microsoft Antimalware | ID = 5008 -> Description = %%861 engine has been terminated due to an unexpected error. Failure Type: %%830 Exception code: 0xc0000005 Resource: file:\Device\HarddiskVolume3\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\mscorlib.dll System [ Error ] 9/7/2010 11:06:12 PM Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7031 -> Description = The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Marcus\Desktop\OTS.exe -> [2010/09/12 22:08:41 | 000,642,048 | ---- | C] (OldTimer Tools) AntiPuper.exe -> C:\Users\Marcus\Desktop\AntiPuper.exe -> [2010/09/12 18:26:04 | 000,186,946 | ---- | C] (Business Information Solutions) KillBox.exe -> C:\Users\Marcus\Desktop\KillBox.exe -> [2010/09/12 18:25:47 | 000,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) HijackThis -> C:\HijackThis -> [2010/09/12 18:21:54 | 000,000,000 | ---D | C] Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2010/09/12 18:20:11 | 000,000,000 | ---D | C] Spyware Doctor -> C:\Program Files (x86)\Spyware Doctor -> [2010/09/12 17:36:16 | 000,000,000 | ---D | C] PC Tools -> C:\Program Files (x86)\Common Files\PC Tools -> [2010/09/12 17:36:16 | 000,000,000 | ---D | C] TEMP -> C:\ProgramData\TEMP -> [2010/09/12 17:35:57 | 000,000,000 | ---D | C] 7.0.0.543e-sdsetup-Revenue(207).exe -> C:\Users\Marcus\Desktop\7.0.0.543e-sdsetup-Revenue(207).exe -> [2010/09/12 17:27:12 | 036,317,320 | ---- | C] (PC Tools ) tdsskiller.exe -> C:\Users\Marcus\Desktop\tdsskiller.exe -> [2010/09/12 17:25:38 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) 781227 -> C:\781227 -> [2010/09/07 00:17:45 | 000,000,000 | ---D | C] Microsoft Games -> C:\Users\Marcus\AppData\Local\Microsoft Games -> [2010/08/31 20:17:36 | 000,000,000 | ---D | C] Psychology -> C:\Users\Marcus\Desktop\Psychology -> [2010/08/30 16:30:33 | 000,000,000 | ---D | C] Java -> C:\Program Files (x86)\Common Files\Java -> [2010/08/29 19:56:49 | 000,000,000 | ---D | C] javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2010/08/29 19:56:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2010/08/29 19:56:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) java.exe -> C:\Windows\SysWow64\java.exe -> [2010/08/29 19:56:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) oleaut32.dll -> C:\Windows\SysNative\oleaut32.dll -> [2010/08/25 06:19:09 | 000,861,184 | ---- | C] (Microsoft Corporation) AdobePDFUI.dll -> C:\Windows\SysNative\AdobePDFUI.dll -> [2010/08/22 19:44:45 | 000,024,416 | R--- | C] (Adobe Systems Inc.) acaptuser32.dll -> C:\Windows\SysWow64\acaptuser32.dll -> [2010/08/22 19:43:28 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) ImTOO -> C:\Program Files (x86)\ImTOO -> [2010/08/21 22:02:32 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] NTUSER.DAT -> C:\Users\Marcus\NTUSER.DAT -> [2010/09/12 22:13:55 | 002,097,152 | -HS- | M] () OTS.exe -> C:\Users\Marcus\Desktop\OTS.exe -> [2010/09/12 22:08:55 | 000,642,048 | ---- | M] (OldTimer Tools) AntiPuper.exe -> C:\Users\Marcus\Desktop\AntiPuper.exe -> [2010/09/12 18:26:06 | 000,186,946 | ---- | M] (Business Information Solutions) KillBox.exe -> C:\Users\Marcus\Desktop\KillBox.exe -> [2010/09/12 18:25:50 | 000,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) HiJackThis.lnk -> C:\Users\Marcus\Desktop\HiJackThis.lnk -> [2010/09/12 18:20:12 | 000,002,981 | ---- | M] () HiJackThis.msi -> C:\Users\Marcus\Desktop\HiJackThis.msi -> [2010/09/12 18:19:05 | 001,402,880 | ---- | M] () 7.0.0.543e-sdsetup-Revenue(207).exe -> C:\Users\Marcus\Desktop\7.0.0.543e-sdsetup-Revenue(207).exe -> [2010/09/12 17:35:46 | 036,317,320 | ---- | M] (PC Tools ) tdsskiller.exe -> C:\Users\Marcus\Desktop\tdsskiller.exe -> [2010/09/12 17:26:04 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/09/12 12:15:55 | 000,013,440 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/09/12 12:15:55 | 000,013,440 | -H-- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/09/12 12:08:42 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/09/12 12:08:35 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/09/12 12:08:24 | 3213,393,920 | -HS- | M] () IconCache.db -> C:\Users\Marcus\AppData\Local\IconCache.db -> [2010/09/12 09:41:43 | 002,438,975 | -H-- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/09/08 10:22:35 | 000,730,320 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/09/08 10:22:35 | 000,627,082 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/09/08 10:22:35 | 000,107,366 | ---- | M] () KGyGaAvL.sys -> C:\Windows\SysWow64\KGyGaAvL.sys -> [2010/08/22 16:23:15 | 000,000,952 | -HS- | M] () ImTOO MPEG Encoder 3.lnk -> C:\Users\Marcus\Desktop\ImTOO MPEG Encoder 3.lnk -> [2010/08/21 22:02:35 | 000,001,151 | ---- | M] () Studio Equipment Quote.pdf -> C:\Users\Marcus\Desktop\Studio Equipment Quote.pdf -> [2010/08/21 21:36:37 | 000,005,651 | ---- | M] () [Files - No Company Name] HiJackThis.lnk -> C:\Users\Marcus\Desktop\HiJackThis.lnk -> [2010/09/12 18:20:12 | 000,002,981 | ---- | C] () HiJackThis.msi -> C:\Users\Marcus\Desktop\HiJackThis.msi -> [2010/09/12 18:18:39 | 001,402,880 | ---- | C] () ImTOO MPEG Encoder 3.lnk -> C:\Users\Marcus\Desktop\ImTOO MPEG Encoder 3.lnk -> [2010/08/21 22:02:35 | 000,001,151 | ---- | C] () Studio Equipment Quote.pdf -> C:\Users\Marcus\Desktop\Studio Equipment Quote.pdf -> [2010/08/21 21:36:35 | 000,005,651 | ---- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010/07/31 16:23:48 | 000,743,534 | ---- | C] () IconCache.db -> C:\Users\Marcus\AppData\Local\IconCache.db -> [2010/06/21 17:56:29 | 002,438,975 | -H-- | C] () EPSONCD.INI -> C:\Windows\EPSONCD.INI -> [2010/06/21 16:47:12 | 000,000,071 | ---- | C] () GDIPFONTCACHEV1.DAT -> C:\Users\Marcus\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/06/21 16:38:41 | 000,136,848 | ---- | C] () PICSDK.ini -> C:\Windows\SysWow64\PICSDK.ini -> [2010/06/21 13:06:57 | 000,000,097 | ---- | C] () EP_SPR380.ini -> C:\Windows\EP_SPR380.ini -> [2010/06/21 13:04:02 | 000,000,044 | ---- | C] () ODBC.INI -> C:\Windows\ODBC.INI -> [2010/06/21 12:05:45 | 000,000,376 | ---- | C] () KGyGaAvL.sys -> C:\Windows\SysWow64\KGyGaAvL.sys -> [2010/06/21 11:23:51 | 000,000,952 | -HS- | C] () hdd.ini -> C:\Windows\hdd.ini -> [2010/06/20 18:17:00 | 000,000,036 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/14 01:32:39 | 000,043,318 | ---- | C] () GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,029,779 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,026,489 | ---- | C] () GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/14 01:32:39 | 000,026,040 | ---- | C] () desktop.ini -> C:\Program Files\desktop.ini -> [2009/07/14 00:54:24 | 000,000,174 | -HS- | C] () desktop.ini -> C:\Program Files (x86)\desktop.ini -> [2009/07/14 00:54:24 | 000,000,174 | -HS- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () OUTLPERF.INI -> C:\Windows\SysWow64\OUTLPERF.INI -> [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () [File - Lop Check] FileZilla -> C:\Users\Marcus\AppData\Roaming\FileZilla -> [2010/08/13 19:57:36 | 000,000,000 | ---D | M] Leadertech -> C:\Users\Marcus\AppData\Roaming\Leadertech -> [2010/06/21 13:08:48 | 000,000,000 | ---D | M] Notepad++ -> C:\Users\Marcus\AppData\Roaming\Notepad++ -> [2010/08/09 22:13:21 | 000,000,000 | ---D | M] R-Wipe&Clean -> C:\Users\Marcus\AppData\Roaming\R-Wipe&Clean -> [2010/06/21 18:02:08 | 000,000,000 | ---D | M] SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/09/10 09:15:58 | 000,032,562 | ---- | M] () [File - Purity Scan] [Alternate Data Streams] @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > [/code]