[code] OTS logfile created on: 12/10/2010 3:56:57 PM - Run 3 OTS by OldTimer - Version 3.1.38.1 Folder = C:\Users\Sean\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 86.00% Memory free 16.00 Gb Paging File | 15.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 431.13 Gb Free Space | 92.56% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive S: | 1397.26 Gb Total Space | 450.81 Gb Free Space | 32.26% Space Free | Partition Type: NTFS Computer Name: CAIDE Current User Name: Sean Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Sean\Desktop\OTS.exe -> [2010/10/10 15:45:21 | 000,642,048 | ---- | M] (OldTimer Tools) avastui.exe -> C:\Program Files\Avast Antivirus\AvastUI.exe -> [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) avastsvc.exe -> C:\Program Files\Avast Antivirus\AvastSvc.exe -> [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Modules - Safe List] ots.exe -> C:\Users\Sean\Desktop\OTS.exe -> [2010/10/10 15:45:21 | 000,642,048 | ---- | M] (OldTimer Tools) guard32.dll -> C:\Windows\SysWOW64\guard32.dll -> [2010/09/28 15:47:48 | 000,285,480 | ---- | M] (COMODO) fltlib.dll -> C:\Windows\SysWOW64\fltLib.dll -> [2009/07/13 21:15:21 | 000,014,848 | ---- | M] (Microsoft Corporation) msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(cmdAgent) [Auto | Running] -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -> [2010/09/28 15:45:15 | 002,528,856 | ---- | M] (COMODO) 64bit-(avast! Web Scanner) [On_Demand | Running] -> C:\Program Files\Avast Antivirus\AvastSvc.exe -> [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) 64bit-(avast! Mail Scanner) [On_Demand | Running] -> C:\Program Files\Avast Antivirus\AvastSvc.exe -> [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) 64bit-(avast! Antivirus) [Auto | Running] -> C:\Program Files\Avast Antivirus\AvastSvc.exe -> [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) 64bit-(WinDefend) [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) (Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2010/08/29 13:48:06 | 000,407,336 | ---- | M] (Valve Corporation) (Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) (clr_optimization_v4.0.30319_64) Microsoft .NET Framework NGEN v4.0.30319_X64 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] 64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) 64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) 64bit-(yukonw7) NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\yk62x64.sys -> [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () 64bit-(pbfilter) pbfilter [Kernel | On_Demand | Stopped] -> C:\Program Files\PeerBlock\pbfilter.sys -> [2009/09/28 02:02:38 | 000,019,544 | ---- | M] () 64bit-(VClone) VClone [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VClone.sys -> [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\athrx.sys -> [2009/07/09 00:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) 64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) 64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) 64bit-(VaneFltr) Lachesis Mouse Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Lachesis.sys -> [2007/08/17 07:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\] > -> -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\: Main\\"Start Page Redirect Cache" -> http://ca.msn.com/?lang=en-ca&OCID=iehp -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-ca -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 11 0E A7 A2 0F 64 CB 01 [binary data] -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\: "ProxyOverride" -> *.local -> < FireFox Settings [Prefs.js] > -> C:\Users\Sean\AppData\Roaming\Mozilla\FireFox\Profiles\3y6181va.default\prefs.js -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 -> < FireFox Settings [User.js] > -> C:\Users\Sean\AppData\Roaming\Mozilla\FireFox\Profiles\3y6181va.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/10/10 17:18:15 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/10/10 17:18:22 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Sean\AppData\Roaming\Mozilla\Extensions -> [2010/08/29 15:15:33 | 000,000,000 | ---D | M] -> C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\3y6181va.default\extensions -> [2010/08/29 15:15:33 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/10/10 18:16:27 | 000,000,000 | ---D | M] Java Console -> C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/09/07 10:09:16 | 000,000,000 | ---D | M] < HOSTS File > ([2010/10/01 17:46:36 | 000,000,938 | R--- | M] - 23 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "COMODO Internet Security" -> C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ["C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h] -> [2010/09/28 15:45:46 | 008,892,360 | ---- | M] (COMODO) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "avast5" -> C:\Program Files\Avast Antivirus\avastUI.exe ["C:\Program Files\Avast Antivirus\avastUI.exe" /nogui] -> [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) "GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\] > -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "googletalk" -> C:\Users\Sean\AppData\Roaming\Google\Google Talk\googletalk.exe [C:\Users\Sean\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart] -> [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found \\"NoActiveDesktopChanges" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [0] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found \\"EnableLUA" -> [0] -> File not found \\"PromptOnSecureDesktop" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001] > -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 70 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 70 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 70 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 70 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\] > -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 70 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\] > -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2374376679-3596025906-644372535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 172.16.0.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {58973D1C-D051-49E0-A3F7-4E0FF2C8051C}\\DhcpNameServer -> 172.16.0.1 (Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller) -> {58973D1C-D051-49E0-A3F7-4E0FF2C8051C}\\NameServer -> 156.154.70.22,156.154.71.22 (Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller) -> {F96C5F0B-800E-4A15-8F3B-1772F6A94BB1}\\NameServer -> 156.154.70.22,156.154.71.22 (D-Link WDA-2320 Desktop Adapter) -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 21:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {04A82E5C-BCA9-4838-B8EB-D1B0108D4B8B} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {052F8A84-5AC5-49AC-B8CD-543723D8298B} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe | {12C71428-B92B-40AD-939E-FBD0FBF95F58} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {18AE6871-034B-45FC-A076-A3E90BB0B261} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {1AA4740C-7AF7-4063-81F0-7A913D1EDA76} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {1CB93B3E-2831-4FB9-9A57-51EE4740D458} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {2D585C27-4A40-48DC-9759-938B7938EC88} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {3A17B413-3D01-4F8E-A05D-A5DB3BD5F761} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {4B50885B-E433-44EB-8002-9AFA481B1169} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {5584F8D3-A05E-4093-BE6E-0738A3C64A4A} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {598AD405-86CB-4977-8CAA-76AE16CC9751} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | {5B818FF9-B98A-4A24-B83C-769422CF60C8} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {77BAB886-697F-49F1-8189-EDA0FF6A4B83} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {8880DD90-0B73-41D9-BDB2-DB4D9D2FFC28} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {A4626981-E737-4E8C-978D-B8D00FC3171C} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {A99EB052-CD51-4D26-8A2C-838875890BE3} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {AE6D228E-4D08-4FB7-BFE7-751B9CF3C4FC} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {B43C7AB5-8804-4239-9B01-2F9BA49A1776} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | {C9B0822C-1935-488F-A15F-3CEB55947316} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {CC6FA8B0-0EF4-4BF5-8F2B-4C8F1D6AEB86} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {CE6B5D5A-E8E5-48F2-A617-6CD9CFD8995C} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {DF272753-233D-4511-AF08-B91E23F8628B} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {E4FD5ACF-556F-46C8-BF7E-E05CCA27C19F} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {F2469822-AEDD-4375-A0A8-35C0FC3A479A} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {082996B1-74C6-4475-A66C-B29E75383A58} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {134438B9-2054-46EF-83C3-53C644D0D4FB} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {2365F636-3596-4AFC-8B63-72B49172397E} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | {23958961-D731-4D70-AD95-46050807AE01} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {267FA875-1CE2-44F1-B9A1-07FCA7C1DE4F} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {27C580B0-6BCF-42E3-A724-E0402B59DAC8} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {42F8566E-97A6-4768-9699-078F2EE57FEE} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {442226DE-CC39-4E71-9045-D56D8570BC37} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {450A91FE-DD24-4B60-B626-11E02E08C539} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {489EB32D-83D7-4E77-B0C1-6BE7B705D35C} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {48E44964-B49D-4C83-BD52-23E90626C2E3} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {4EEF63A1-4896-458A-B6DC-A7B2D6AC7DAC} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | {5086DD63-4AD8-4716-8B90-EE22EFDB3E69} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {55EF7974-830E-4DC2-A734-AC52E85F4B49} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {5E689BE9-07A0-481B-BF34-329BA3E4E207} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {607E6007-C2F0-44CC-8338-756FD2FF4D3F} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {6E75C5BE-7790-40CA-9042-911CDD3406CD} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {7C92A3B6-7E47-4D6B-9E72-474E643B3A46} -> profile=private | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | {82229358-069C-4D05-993A-95AE84D29778} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe | {87F929EE-51DA-4B09-85BD-BF69472A6EAE} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {8BD88058-6230-404A-A818-574D1E0AC40A} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {8C9E7E38-3535-4796-B859-0E674FD94C2F} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {92186C93-7599-4BC4-9333-71B37DFD2092} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | {A5086669-01DE-481F-846B-E388D59FD62C} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | {A607BD81-EF98-420D-A631-DC35263489A2} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {B1BC1D65-B486-48EB-8D8B-DE8D81032EA7} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {BD47A822-4B15-4613-A61E-D97C3FB2E9C3} -> profile=private | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe | {C8D8FE22-42E0-40B1-B9BA-3C83BB78ED3D} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {CF6EB33D-EA5C-468A-8DDE-784BD494D8F6} -> profile=private | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | {D09A4CEC-B559-4212-B475-77CDF078A083} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {D359D867-9022-4BD5-B15C-1047A6710D45} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {DB6C4BD1-5F3B-41DC-BFB3-6D0D45308088} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {E99D8F42-BB79-483B-BC6A-3C43E3FA676B} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {EA6217CA-06E6-4549-A67B-EE5E7F79B63E} -> profile=private | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | {EDCE7E9C-8593-4A6C-814C-AB666AFCF5BE} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {EE9A0951-E77F-4B62-A53F-E718F05FAC22} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {F2ED9C91-97F5-4105-BBCB-3673462C6F05} -> profile=private | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | TCP Query User{7809A438-4F6A-47B1-BCE7-BB1FCD5253A1}C:\program files (x86)\mirc\mirc.exe -> profile=private | protocol=6 | dir=in | action=allow | name=mirc | app=c:\program files (x86)\mirc\mirc.exe | TCP Query User{94B746F6-F961-470B-84AF-B5CACCE56838}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe -> profile=private | protocol=6 | dir=in | action=allow | name=crawler spyware terminator | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | TCP Query User{CBAD2B2C-139B-44D6-85C5-31F0C2124C4A}C:\program files (x86)\soulseek\slsk.exe -> profile=private | protocol=6 | dir=in | action=allow | name=soulseek | app=c:\program files (x86)\soulseek\slsk.exe | TCP Query User{CE82544A-91BA-4224-923C-69E7860A94A2}C:\program files (x86)\mirc\mirc.exe -> profile=public | protocol=6 | dir=in | action=allow | name=mirc | app=c:\program files (x86)\mirc\mirc.exe | TCP Query User{D5A01CF5-7013-4B88-A1D2-C0657CDA2219}C:\program files (x86)\heroes of newerth\hon.exe -> profile=private | protocol=6 | dir=in | action=allow | name=heroes of newerth | app=c:\program files (x86)\heroes of newerth\hon.exe | UDP Query User{48E36E6F-8F9E-429F-93E0-925F46CB6B5F}C:\program files (x86)\mirc\mirc.exe -> profile=private | protocol=17 | dir=in | action=allow | name=mirc | app=c:\program files (x86)\mirc\mirc.exe | UDP Query User{597C5B89-9DA7-4A8B-B170-CCB08A73A785}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe -> profile=private | protocol=17 | dir=in | action=allow | name=crawler spyware terminator | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | UDP Query User{756D7858-4132-449A-A42F-336658643141}C:\program files (x86)\mirc\mirc.exe -> profile=public | protocol=17 | dir=in | action=allow | name=mirc | app=c:\program files (x86)\mirc\mirc.exe | UDP Query User{87C0B9D4-886F-4209-94FF-A5CF3E919E0F}C:\program files (x86)\soulseek\slsk.exe -> profile=private | protocol=17 | dir=in | action=allow | name=soulseek | app=c:\program files (x86)\soulseek\slsk.exe | UDP Query User{FA5FF764-FC2A-4FA0-B67C-9FFC8CACDBA9}C:\program files (x86)\heroes of newerth\hon.exe -> profile=private | protocol=17 | dir=in | action=allow | name=heroes of newerth | app=c:\program files (x86)\heroes of newerth\hon.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{24a56b3b-b367-11df-87d7-806e6f6e6963} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24a56b3b-b367-11df-87d7-806e6f6e6963}\shell \{24a56b3b-b367-11df-87d7-806e6f6e6963}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24a56b3b-b367-11df-87d7-806e6f6e6963}\shell\AutoRun\command \{24a56b3b-b367-11df-87d7-806e6f6e6963}\shell\AutoRun\command\\"" -> D:\SETUP.EXE [D:\SETUP.EXE] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24a56b3b-b367-11df-87d7-806e6f6e6963}\shell\configure\command \{24a56b3b-b367-11df-87d7-806e6f6e6963}\shell\configure\command\\"" -> D:\SETUP.EXE [D:\SETUP.EXE] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24a56b3b-b367-11df-87d7-806e6f6e6963}\shell\install\command \{24a56b3b-b367-11df-87d7-806e6f6e6963}\shell\install\command\\"" -> D:\SETUP.EXE [D:\SETUP.EXE] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* -> File not found 64bit-cmdfile [open] -> "%1" %* -> File not found 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found 64bit-htmlfile [edit] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) 64bit-htmlfile [print] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) 64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 21:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/06/30 02:22:34 | 005,971,456 | ---- | M] (Microsoft Corporation) 64bit-piffile [open] -> "%1" %* -> File not found 64bit-scrfile [config] -> "%1" -> File not found 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 21:38:51 | 000,130,048 | ---- | M] (Microsoft Corporation) 64bit-scrfile [open] -> "%1" /S -> File not found 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found 64bit-Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/08/26 19:34:22 | 000,107,008 | ---- | M] () 64bit-Directory [Browse with FastStone] -> "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" -> [2010/04/29 17:26:26 | 001,731,072 | ---- | M] () 64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 21:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation) 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Directory [OneNote.Open] -> C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation) 64bit-Directory [PlayWithVLC] -> "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/08/26 19:34:22 | 000,107,008 | ---- | M] () 64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 21:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> htmlfile [edit] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) htmlfile [print] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 21:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation) InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/06/30 02:22:34 | 005,971,456 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 21:14:08 | 000,128,000 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/08/26 19:34:22 | 000,107,008 | ---- | M] () Directory [Browse with FastStone] -> "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" -> [2010/04/29 17:26:26 | 001,731,072 | ---- | M] () Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 21:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Directory [OneNote.Open] -> C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation) Directory [PlayWithVLC] -> "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/08/26 19:34:22 | 000,107,008 | ---- | M] () Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 10/10/2010 5:16:03 AM Computer Name = Caide | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 9001 Application [ Error ] 10/10/2010 5:16:04 AM Computer Name = Caide | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 10/10/2010 5:16:04 AM Computer Name = Caide | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 9999 Application [ Error ] 10/10/2010 5:16:04 AM Computer Name = Caide | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 9999 Application [ Error ] 10/10/2010 11:34:39 PM Computer Name = Caide | Source = Customer Experience Improvement Program | ID = 1008 -> Description = Application [ Error ] 11/10/2010 12:59:56 AM Computer Name = Caide | Source = Customer Experience Improvement Program | ID = 1008 -> Description = Application [ Error ] 11/10/2010 4:38:08 AM Computer Name = Caide | Source = SideBySide | ID = 16842787 -> Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 11/10/2010 7:58:21 PM Computer Name = Caide | Source = Customer Experience Improvement Program | ID = 1008 -> Description = Application [ Error ] 12/10/2010 7:07:16 AM Computer Name = Caide | Source = SideBySide | ID = 16842787 -> Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 12/10/2010 2:20:06 PM Computer Name = Caide | Source = Customer Experience Improvement Program | ID = 1008 -> Description = System [ Error ] 02/10/2010 7:32:35 PM Computer Name = Caide | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 6:24:39 PM on ?02/?10/?2010 was unexpected. System [ Error ] 02/10/2010 7:32:36 PM Computer Name = CAIDE | Source = BugCheck | ID = 1001 -> Description = System [ Error ] 02/10/2010 8:13:16 PM Computer Name = Caide | Source = Service Control Manager | ID = 7034 -> Description = The Spyware Terminator Realtime Shield Service service terminated unexpectedly. It has done this 1 time(s). System [ Error ] 02/10/2010 8:34:45 PM Computer Name = Caide | Source = bowser | ID = 8003 -> Description = System [ Error ] 02/10/2010 9:41:41 PM Computer Name = Caide | Source = Microsoft-Windows-HAL | ID = 12 -> Description = The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. System [ Error ] 03/10/2010 4:25:47 AM Computer Name = Caide | Source = Microsoft-Windows-HAL | ID = 12 -> Description = The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. System [ Error ] 04/10/2010 8:50:12 AM Computer Name = Caide | Source = Microsoft-Windows-HAL | ID = 12 -> Description = The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. System [ Error ] 05/10/2010 7:28:36 PM Computer Name = Caide | Source = bowser | ID = 8003 -> Description = System [ Error ] 07/10/2010 7:26:15 AM Computer Name = Caide | Source = bowser | ID = 8003 -> Description = System [ Error ] 08/10/2010 1:09:22 AM Computer Name = Caide | Source = Microsoft-Windows-HAL | ID = 12 -> Description = The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. [Files/Folders - Created Within 30 Days] DoctorWeb -> C:\Users\Sean\DoctorWeb -> [2010/10/12 02:11:36 | 000,000,000 | ---D | C] OTS.exe -> C:\Users\Sean\Desktop\OTS.exe -> [2010/10/10 15:45:46 | 000,642,048 | ---- | C] (OldTimer Tools) Media Player Classic -> C:\Program Files (x86)\Media Player Classic -> [2010/10/10 02:28:51 | 000,000,000 | ---D | C] Media Player Classic -> C:\Users\Sean\AppData\Roaming\Media Player Classic -> [2010/10/10 02:28:42 | 000,000,000 | ---D | C] Combined Community Codec Pack -> C:\Program Files (x86)\Combined Community Codec Pack -> [2010/10/09 03:18:18 | 000,000,000 | ---D | C] Adobe -> C:\Program Files (x86)\Common Files\Adobe -> [2010/10/08 00:31:37 | 000,000,000 | ---D | C] Adobe -> C:\Program Files (x86)\Adobe -> [2010/10/08 00:31:37 | 000,000,000 | ---D | C] Config.Msi -> C:\Config.Msi -> [2010/10/08 00:31:26 | 000,000,000 | -HSD | C] NVIDIA -> C:\ProgramData\NVIDIA -> [2010/10/03 01:10:04 | 000,000,000 | ---D | C] NVIDIA Corporation -> C:\ProgramData\NVIDIA Corporation -> [2010/10/03 01:07:13 | 000,000,000 | ---D | C] NVIDIA Corporation -> C:\Program Files\NVIDIA Corporation -> [2010/10/03 01:07:09 | 000,000,000 | ---D | C] Minidump -> C:\Windows\Minidump -> [2010/10/02 19:32:32 | 000,000,000 | ---D | C] Hitman Pro -> C:\ProgramData\Hitman Pro -> [2010/10/02 16:03:31 | 000,000,000 | ---D | C] Hitman Pro 3.5 -> C:\Program Files\Hitman Pro 3.5 -> [2010/10/02 16:03:30 | 000,000,000 | ---D | C] CC Reg Backup -> C:\Users\Sean\Documents\CC Reg Backup -> [2010/10/02 11:50:05 | 000,000,000 | ---D | C] msvcp71.dll -> C:\Windows\SysWow64\msvcp71.dll -> [2010/10/02 09:02:26 | 000,499,712 | ---- | C] (Microsoft Corporation) msvcr71.dll -> C:\Windows\SysWow64\msvcr71.dll -> [2010/10/02 09:02:26 | 000,348,160 | ---- | C] (Microsoft Corporation) Real -> C:\ProgramData\Real -> [2010/10/02 09:02:24 | 000,000,000 | ---D | C] Real -> C:\Program Files (x86)\Common Files\Real -> [2010/10/02 09:02:24 | 000,000,000 | ---D | C] Real -> C:\Users\Sean\AppData\Roaming\Real -> [2010/10/02 09:02:23 | 000,000,000 | ---D | C] Microsoft Silverlight -> C:\Program Files (x86)\Microsoft Silverlight -> [2010/10/02 07:15:32 | 000,000,000 | ---D | C] Sunbelt Software -> C:\Users\Sean\AppData\Local\Sunbelt Software -> [2010/10/01 18:18:03 | 000,000,000 | ---D | C] Lavasoft -> C:\ProgramData\Lavasoft -> [2010/10/01 18:14:26 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/10/01 17:31:50 | 000,000,000 | ---D | C] QuickScan -> C:\Users\Sean\AppData\Roaming\QuickScan -> [2010/10/01 17:28:56 | 000,000,000 | ---D | C] Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2010/10/01 16:47:22 | 000,000,000 | ---D | C] Rogers Online Protection -> C:\Users\Sean\AppData\Roaming\Rogers Online Protection -> [2010/09/30 20:48:00 | 000,000,000 | ---D | C] Radialpoint -> C:\ProgramData\Radialpoint -> [2010/09/30 20:47:59 | 000,000,000 | ---D | C] Rogers Online Protection -> C:\ProgramData\Rogers Online Protection -> [2010/09/30 20:47:50 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/09/30 15:13:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/09/30 15:13:00 | 000,000,000 | ---D | C] MFAData -> C:\ProgramData\MFAData -> [2010/09/30 15:05:26 | 000,000,000 | ---D | C] ks.sys -> C:\Windows\SysNative\drivers\ks.sys -> [2010/09/29 03:00:35 | 000,243,712 | ---- | C] (Microsoft Corporation) Software Update Utility -> C:\Program Files (x86)\Common Files\Software Update Utility -> [2010/09/24 21:10:13 | 000,000,000 | ---D | C] QuickTime -> C:\Program Files (x86)\QuickTime -> [2010/09/15 16:46:15 | 000,000,000 | ---D | C] iTunes -> C:\Program Files\iTunes -> [2010/09/15 16:44:01 | 000,000,000 | ---D | C] iTunes -> C:\Program Files (x86)\iTunes -> [2010/09/15 16:44:01 | 000,000,000 | ---D | C] iPod -> C:\Program Files\iPod -> [2010/09/15 16:44:01 | 000,000,000 | ---D | C] iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2010/09/15 03:01:01 | 002,441,216 | ---- | C] (Microsoft Corporation) [Files/Folders - Modified Within 30 Days] SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/10/12 15:55:27 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/10/12 15:55:19 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/10/12 15:55:15 | 2146,836,479 | -HS- | M] () NTUSER.DAT -> C:\Users\Sean\NTUSER.DAT -> [2010/10/12 15:54:29 | 006,553,600 | -HS- | M] () IconCache.db -> C:\Users\Sean\AppData\Local\IconCache.db -> [2010/10/12 15:54:24 | 003,369,269 | -H-- | M] () GoogleUpdateTaskUserS-1-5-21-2374376679-3596025906-644372535-1001UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2374376679-3596025906-644372535-1001UA.job -> [2010/10/12 15:34:00 | 000,000,904 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-2374376679-3596025906-644372535-1001Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2374376679-3596025906-644372535-1001Core.job -> [2010/10/12 11:34:00 | 000,000,852 | ---- | M] () drweb-cureit.exe -> C:\Users\Sean\Desktop\drweb-cureit.exe -> [2010/10/10 18:09:26 | 050,569,752 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/10/10 17:27:17 | 000,019,328 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/10/10 17:27:17 | 000,019,328 | -H-- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/10/10 17:26:51 | 000,731,792 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/10/10 17:26:51 | 000,630,928 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/10/10 17:26:51 | 000,111,052 | ---- | M] () OTS.exe -> C:\Users\Sean\Desktop\OTS.exe -> [2010/10/10 15:45:21 | 000,642,048 | ---- | M] (OldTimer Tools) MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2010/10/02 19:32:28 | 503,798,248 | ---- | M] () hitmanpro35.sys -> C:\Windows\SysNative\drivers\hitmanpro35.sys -> [2010/10/02 16:06:54 | 000,019,528 | ---- | M] () msvcp71.dll -> C:\Windows\SysWow64\msvcp71.dll -> [2010/10/02 12:00:29 | 000,499,712 | ---- | M] (Microsoft Corporation) msvcr71.dll -> C:\Windows\SysWow64\msvcr71.dll -> [2010/10/02 12:00:29 | 000,348,160 | ---- | M] (Microsoft Corporation) hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2010/10/01 17:46:36 | 000,000,938 | R--- | M] () hosts.20101001-174636.backup -> C:\Windows\SysNative\drivers\etc\hosts.20101001-174636.backup -> [2010/10/01 17:02:03 | 000,420,665 | R--- | M] () Resmon.ResmonCfg -> C:\Users\Sean\AppData\Local\Resmon.ResmonCfg -> [2010/10/01 16:39:13 | 000,007,619 | ---- | M] () housecall.guid.cache -> C:\Users\Sean\AppData\Local\housecall.guid.cache -> [2010/09/30 14:58:22 | 000,000,036 | ---- | M] () guard64.dll -> C:\Windows\SysNative\guard64.dll -> [2010/09/28 15:47:49 | 000,362,784 | ---- | M] (COMODO) guard32.dll -> C:\Windows\SysWow64\guard32.dll -> [2010/09/28 15:47:48 | 000,285,480 | ---- | M] (COMODO) cmderd.sys -> C:\Windows\SysNative\drivers\cmderd.sys -> [2010/09/28 15:47:46 | 000,020,864 | ---- | M] (COMODO) PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010/09/27 02:02:22 | 000,723,790 | ---- | M] () IPH.PH -> C:\IPH.PH -> [2010/09/24 21:10:19 | 000,000,708 | -H-- | M] () AIM.lnk -> C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk -> [2010/09/24 21:10:18 | 000,001,937 | ---- | M] () 51 C:\Users\Sean\AppData\Local\Temp\*.tmp files -> C:\Users\Sean\AppData\Local\Temp\*.tmp -> [Files - No Company Name] drweb-cureit.exe -> C:\Users\Sean\Desktop\drweb-cureit.exe -> [2010/10/10 18:06:42 | 050,569,752 | ---- | C] () IconCache.db -> C:\Users\Sean\AppData\Local\IconCache.db -> [2010/10/02 20:28:55 | 003,369,269 | -H-- | C] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2010/10/02 19:32:28 | 503,798,248 | ---- | C] () hitmanpro35.sys -> C:\Windows\SysNative\drivers\hitmanpro35.sys -> [2010/10/02 16:04:46 | 000,019,528 | ---- | C] () Resmon.ResmonCfg -> C:\Users\Sean\AppData\Local\Resmon.ResmonCfg -> [2010/10/01 16:36:44 | 000,007,619 | ---- | C] () housecall.guid.cache -> C:\Users\Sean\AppData\Local\housecall.guid.cache -> [2010/09/30 14:58:22 | 000,000,036 | ---- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010/09/27 02:02:22 | 000,723,790 | ---- | C] () {EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> [2010/08/29 13:42:45 | 000,000,262 | ---- | C] () GDIPFONTCACHEV1.DAT -> C:\Users\Sean\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/08/29 11:29:00 | 000,108,840 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/14 01:32:39 | 000,043,318 | ---- | C] () GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,029,779 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,026,489 | ---- | C] () GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/14 01:32:39 | 000,026,040 | ---- | C] () desktop.ini -> C:\Program Files\desktop.ini -> [2009/07/14 00:54:24 | 000,000,174 | -HS- | C] () desktop.ini -> C:\Program Files (x86)\desktop.ini -> [2009/07/14 00:54:24 | 000,000,174 | -HS- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () [File - Lop Check] acccore -> C:\Users\Sean\AppData\Roaming\acccore -> [2010/08/29 14:51:05 | 000,000,000 | ---D | M] QuickScan -> C:\Users\Sean\AppData\Roaming\QuickScan -> [2010/10/10 19:21:18 | 000,000,000 | ---D | M] Rogers Online Protection -> C:\Users\Sean\AppData\Roaming\Rogers Online Protection -> [2010/10/01 01:30:20 | 000,000,000 | ---D | M] uTorrent -> C:\Users\Sean\AppData\Roaming\uTorrent -> [2010/10/12 02:10:53 | 000,000,000 | ---D | M] SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 01:08:49 | 000,010,216 | ---- | M] () [File - Purity Scan] < End of report > [/code]