[code] OTS logfile created on: 3/18/2011 7:44:27 PM - Run 1 OTS by OldTimer - Version 3.1.42.0 Folder = C:\Users\Miriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4F25NLC 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.99 Gb Total Space | 240.89 Gb Free Space | 84.23% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PINK-PC Current User Name: Miriam Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] atibtmon.exe -> -> File not found ots[1].exe -> C:\Users\Miriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4F25NLC\OTS[1].exe -> [2011/03/18 19:39:52 | 000,645,632 | ---- | M] (OldTimer Tools) avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) dsiwmis.exe -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) lmanager.exe -> C:\Program Files (x86)\Launch Manager\LManager.exe -> [2009/08/18 05:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) mwlservice.exe -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe -> [2009/08/06 13:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) mwldaemon.exe -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe -> [2009/08/06 13:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) egisupdate.exe -> C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe -> [2009/08/04 01:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) updaterservice.exe -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) greghsrw.exe -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) pdvd8serv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe -> [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) [Modules - Safe List] ots[1].exe -> C:\Users\Miriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4F25NLC\OTS[1].exe -> [2011/03/18 19:39:52 | 000,645,632 | ---- | M] (OldTimer Tools) snxhk.dll -> C:\Program Files\Alwil Software\Avast5\snxhk.dll -> [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(avast! Antivirus) [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) 64bit-(ePowerSvc) [Auto | Running] -> C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -> [2009/08/06 00:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) 64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009/08/05 00:44:56 | 000,203,264 | ---- | M] (AMD) 64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) 64bit-(Updater Service) [Auto | Running] -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (HPSLPSVC) HP Network Devices Support [Auto | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -> [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) (DsiWMIService) Dritek WMI Service [Auto | Running] -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) (MWLService) MyWinLocker Service [Auto | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -> [2009/08/06 13:18:54 | 000,311,592 | ---- | M] () (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) (Greg_Service) GRegService [Auto | Running] -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) (GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -> [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Driver Services - Safe List] 64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2011/02/23 09:55:05 | 000,064,344 | ---- | M] (AVAST Software) 64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\athrx.sys -> [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) 64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) 64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2009/08/05 01:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\serscan.sys -> [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) 64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) 64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) 64bit-(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -> [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) 64bit-(mwlPSDFilter) mwlPSDFilter [File_System | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDFilter.sys -> [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) 64bit-(mwlPSDNServ) mwlPSDNServ [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDNserv.sys -> [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) 64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) 64bit-(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NTIDrvr.sys -> [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) 64bit-(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UBHelper.sys -> [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) 64bit-(AtiPcie) AMD PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AtiPcie.sys -> [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) 64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a615l0374z1h5t48m2a25o -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a615l0374z1h5t48m2a25o -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a615l0374z1h5t48m2a25o -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a615l0374z1h5t48m2a25o -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\__aswSnx private storage\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\] > -> -> HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a615l0374z1h5t48m2a25o -> HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 06:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.) HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\: "ProxyEnable" -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files (x86)\HP\Digital Imaging\smart web printing\MozillaAddOn3 [C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/03/14 22:32:58 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> < HOSTS File > ([2009/06/10 17:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> [McAfee SiteAdvisor BHO] -> File not found < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 06:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.) {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [avast! WebRep] -> [2011/02/23 10:04:16 | 000,814,160 | ---- | M] () {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 06:47:42 | 000,160,496 | ---- | M] (Yahoo! Inc) < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> [McAfee SiteAdvisor Toolbar] -> File not found "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [avast! WebRep] -> [2011/02/23 10:04:16 | 000,814,160 | ---- | M] () "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 06:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.) "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Acer ePower Management" -> C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe] -> [2009/08/06 00:30:58 | 000,828,960 | ---- | M] (Acer Incorporated) "mwlDaemon" -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe] -> [2009/08/06 13:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) "RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/07/06 05:52:00 | 007,940,128 | ---- | M] (Realtek Semiconductor) "Skytel" -> C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [C:\Program Files\Realtek\Audio\HDA\Skytel.exe] -> [2009/07/06 05:52:54 | 001,833,504 | ---- | M] (Realtek Semiconductor Corp.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Acer Assist Launcher" -> C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [C:\Program Files (x86)\Acer\Acer Assist\launcher.exe] -> [2007/11/19 18:17:40 | 001,261,568 | ---- | M] () "avast5" -> C:\Program Files\Alwil Software\Avast5\avastUI.exe ["C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui] -> [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) "EgisTecLiveUpdate" -> C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe ["C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"] -> [2009/08/04 01:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) "LManager" -> C:\Program Files (x86)\Launch Manager\LManager.exe [C:\Program Files (x86)\Launch Manager\LManager.exe] -> [2009/08/18 05:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) "PDVD8LanguageShortcut" -> C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ["C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"] -> [2009/04/16 00:54:44 | 000,050,472 | ---- | M] (CyberLink Corp.) "RemoteControl8" -> C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ["C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"] -> [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) "StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2009/08/04 23:17:16 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found \\"NoActiveDesktopChanges" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001] > -> HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\] > -> HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> Google Sidewiki... -> [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html] -> File not found < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\__aswSnx private storage\] > -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\__aswSnx private storage\] > -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\] > -> HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\] > -> HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-4102186348-2860062882-3561880376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Symantec RuFSI Utility Class] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.2.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {625BCA5A-ACF9-4E59-804C-00F5106A270A}\\DhcpNameServer -> 192.168.2.1 (Atheros AR5B93 Wireless Network Adapter) -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 21:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {11920936-47FB-4497-B0AB-4BEBEE2D8A0F} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {11FF1D16-DF2C-41AF-ABA7-98F3DBD60056} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {15BD40F4-9583-4D60-B0CB-0384AAE4025E} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {244FA13F-BEDF-45BD-A8BC-107176C1268E} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {256652F3-8F3C-4843-8736-F9202EFC587B} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {2C76E817-9F9A-4F58-B232-AA90401B1C76} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {3C424690-5602-4128-AD36-3DA446FAE39C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | {45E39D19-D01D-454C-8E49-6A58B3929183} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {4D71708D-411D-4338-A1A5-18A2CBBE9415} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {53909C6B-F754-401E-9644-4AE5233544C3} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {5AD67B4D-BD0A-4632-A856-3E1A8FEA8623} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {6B3703F8-E06E-4552-B329-AB3F70EB59CB} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {71070E87-05DB-4C77-A737-DE19F418D69E} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {85EA570D-E6F2-4E3E-A087-C969F1A57887} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {85FC90C2-491C-4AAE-8936-E97F516F1291} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {97D8D837-E232-49EE-8671-508439386C09} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {9C48974F-BBA1-4C18-A120-C072528E6413} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {9EA4DA90-E746-4425-97CC-59B422E61624} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {A10691AB-ABC8-45AE-80D4-9F8684129ED8} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {B5193DB0-8955-4B88-95DF-65EFB14389DC} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {B6574891-960E-4915-A547-F8B4C26529AE} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {CD49BF0E-F0A4-445A-8D3D-3B618C259653} -> rport=427 | protocol=17 | dir=in | action=allow | name=slp_service | app=c:\windows\system32\svchost.exe | svc=hpslpsvc | {CE3D72C5-D0B1-46AF-994E-FCB560E2ACF6} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | {E867FACB-A644-481A-A341-68C534234290} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {F122F56B-90A2-4520-AB95-7156350DE3D9} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {F82E63CC-9E8A-4FC0-AD15-1C45C88AE018} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {016C7768-1AE5-4A56-ACC0-54B7876E3826} -> dir=in | action=allow | name=hpwucli.exe | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | {035916F3-5371-4FCB-AAD2-ABF9F49177A8} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | {1F307836-EB85-4E41-958F-9B8576DA404C} -> dir=in | action=allow | name=hpqste08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | {2867F456-D6D5-4624-B843-8BA50FC910A3} -> profile=public | protocol=6 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | {29A4A291-921C-474C-B95E-5DE9C5AB9FB6} -> dir=in | action=allow | name=hpznui40.exe | app=d:\setup\hpznui40.exe | {2A6C6008-D691-4176-B43F-FBA54E89F704} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {3573B74D-D8FB-4187-8A0C-8B94861CB3E6} -> dir=in | action=allow | name=hpqgpc01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | {3B503B0A-A742-4CFF-8922-F7DCFD3621BF} -> dir=in | action=allow | name=hpqkygrp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | {3BD28CDA-AEF9-4FD1-970B-302A83497439} -> dir=in | action=allow | name=hposid01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | {3DC4B102-3951-4675-839B-07988A960510} -> dir=in | action=allow | name=smartwebprintexe.exe | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | {50220106-F2D2-46C8-B913-35F4B2852DD8} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {5158D75A-6D20-4E16-85A6-398287FF5016} -> dir=in | action=allow | name=hpfccopy.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | {52F70010-E62A-48E8-9A7C-296446F9C7CB} -> profile=public | protocol=17 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | {53474344-6DA8-400A-A657-9FF3B8B5AE3F} -> profile=public | protocol=17 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | {58056167-9F2E-49EF-A664-390024F24667} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {5BFB2FE4-8DC1-457E-AC2E-2AB37C0D8724} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {5E2D1E19-BAAE-4F68-AA96-31884AB76D73} -> dir=in | action=allow | name=hpqusgh.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | {6140B9BD-7D8A-416C-AD0D-EB261A9AAB7A} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {67ABF8EC-6F4E-44EC-ADCE-8C24FF63045E} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {69208DE8-F71E-4461-915F-2BDF6EE05070} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {6C1BADE9-E673-4F21-98E0-6AD494030112} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {7594B1F5-9548-47A6-87DA-CF2A751A955C} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {8252CAD1-A687-42B7-89EB-D222DDE07BC3} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {83C030B3-7F5B-45C4-BAE4-F8C37C5C66E7} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {890033F9-5E60-4D72-BBAB-5531DDC80C51} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {8B340FDD-84E9-4722-88AB-91C975984196} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | {8FDC658C-125C-43F2-A3FB-FCDE038F1D33} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {92D9D498-791D-421D-8F1A-BB42D631E32A} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {939A464F-FC43-48CA-8728-D4649D1E50CF} -> profile=domain | dir=in | action=allow | name=mcafee network agent | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | {9426BC1B-8F1C-4499-A03E-2D2EE2C985B8} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {94574363-DCB5-4861-922A-EB19548FAA2E} -> dir=in | action=allow | name=hpqgplgtupl.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | {984E18B1-684F-4FC8-A20F-A7F8712F590E} -> dir=in | action=allow | name=cyberlink powerdvd 8.0 | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | {9C13B29E-1862-4770-910C-F8E7B0517793} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {9FF9E113-F0B2-4B4F-B86C-B4725E9E0C53} -> profile=public | protocol=6 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | {A0377D9E-6075-4E2E-84D7-5FDEE8303A1D} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {AC1C37D2-0728-46DD-B664-DCABEB54C6AF} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {ACC51706-2CC2-47A0-89BE-705954117490} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {BADB6ABE-6D1F-42FB-A65A-869181D13682} -> dir=in | action=allow | name=hpqphotocrm.exe | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | {DE733B1C-7B27-4253-B66C-1583EC7183B6} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {E0B8F988-96C5-4DB4-A5B8-9F79E051A6B1} -> dir=in | action=allow | name=hpqusgm.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | {E88827EA-AB0B-4D86-8CE4-DCF03583106F} -> dir=in | action=allow | name=hpiscnapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | {EB6B8544-5193-484A-901A-C432855DCA35} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {ECC9A1ED-4C04-4C73-A8E6-B447D920AD99} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {ED9C44CE-CF14-44B5-95C5-3BC0D7588FCA} -> dir=in | action=allow | name=hpoews01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | {F23C8495-5C0A-4D2A-B976-2FF345B30AD0} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {F9EB21A8-FAB3-4781-992D-976D854F5D0E} -> dir=in | action=allow | name=hpqtra08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | {FDED7CDC-EA45-4A01-96E9-4E828E3A15C4} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \E HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell \E\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\AutoRun\command \E\shell\AutoRun\command\\"" -> [E:\LaunchU3.exe -a] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < 64bit-Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.l3acm" -> C:\Windows\SysNative\l3codeca.acm [C:\Windows\System32\l3codeca.acm] -> [2009/07/13 21:38:53 | 000,081,408 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) < Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.l3acm" -> C:\Windows\SysWOW64\l3codeca.acm [C:\Windows\SysWOW64\l3codeca.acm] -> [2009/07/13 21:14:10 | 000,064,000 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "vidc.cvid" -> C:\Windows\SysWow64\iccvid.dll [iccvid.dll] -> [2010/07/29 02:30:34 | 000,082,944 | ---- | M] (Radius Inc.) < 64bit-SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices {D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices AppMgmt -> Service Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> Service MCODS -> Reg Error: Value error. NTDS -> 32bit -> File not found PCI Configuration -> Driver Group PNP Filter -> Driver Group Primary disk -> Driver Group sacsvr -> Service SCSI Class -> Driver Group System Bus Extender -> Driver Group TrustedInstaller -> 32bit -> File not found vmms -> Service WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices {D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices AppInfo -> 64bit -> File not found AppMgmt -> Service Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group DcomLaunch -> 64bit -> File not found EFS -> 64bit -> File not found EventLog -> 64bit -> File not found File system -> Driver Group Filter -> Driver Group HelpSvc -> Service KeyIso -> 64bit -> File not found MCODS -> Reg Error: Value error. Netlogon -> 64bit -> File not found NTDS -> 64bit -> File not found PCI Configuration -> Driver Group PlugPlay -> 64bit -> File not found PNP Filter -> Driver Group Power -> 64bit -> File not found Primary disk -> Driver Group ProfSvc -> 64bit -> File not found RpcEptMapper -> 64bit -> File not found RpcSs -> 64bit -> File not found sacsvr -> Service SCSI Class -> Driver Group sermouse.sys -> 64bit -> File not found SWPRV -> 64bit -> File not found System Bus Extender -> Driver Group TabletInputService -> 64bit -> File not found TBS -> 64bit -> File not found VDS -> 64bit -> File not found vga.sys -> 64bit -> File not found vgasave.sys -> 64bit -> File not found vmms -> Service volmgr.sys -> 64bit -> File not found volmgrx.sys -> 64bit -> File not found WinDefend -> 64bit -> File not found WinMgmt -> 64bit -> File not found WudfPf -> 64bit -> File not found WudfRd -> 64bit -> File not found WudfSvc -> 64bit -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* -> File not found 64bit-cmdfile [open] -> "%1" %* -> File not found 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found 64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 21:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-piffile [open] -> "%1" %* -> File not found 64bit-scrfile [config] -> "%1" -> File not found 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> File not found 64bit-scrfile [open] -> "%1" /S -> File not found 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found 64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 21:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation) 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 21:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 21:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 21:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! [Files/Folders - Created Within 30 Days] cmd.execf -> C:\Windows\SysWow64\cmd.execf -> [2011/03/18 12:08:03 | 000,301,568 | ---- | C] (Microsoft Corporation) 32788R22FWJFW -> C:\32788R22FWJFW -> [2011/03/18 12:07:43 | 000,000,000 | ---D | C] CyberLink PowerDVD 8 -> C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 -> [2011/03/18 11:46:47 | 000,000,000 | R--D | C] aswSnx.sys -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2011/03/18 10:43:23 | 000,505,176 | ---- | C] (AVAST Software) Malwarebytes -> C:\Users\Miriam\AppData\Roaming\Malwarebytes -> [2011/03/18 10:02:50 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2011/03/18 10:02:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/03/18 10:02:44 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/03/18 10:02:43 | 000,000,000 | ---D | C] mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/03/18 10:02:40 | 000,024,152 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2011/03/18 10:02:40 | 000,000,000 | ---D | C] XAudio2_5.dll -> C:\Windows\SysWow64\XAudio2_5.dll -> [2011/03/17 21:50:34 | 000,515,416 | ---- | C] (Microsoft Corporation) XAPOFX1_3.dll -> C:\Windows\SysWow64\XAPOFX1_3.dll -> [2011/03/17 21:50:34 | 000,069,464 | ---- | C] (Microsoft Corporation) d3dx10_42.dll -> C:\Windows\SysNative\d3dx10_42.dll -> [2011/03/17 21:50:33 | 000,523,088 | ---- | C] (Microsoft Corporation) d3dx10_42.dll -> C:\Windows\SysWow64\d3dx10_42.dll -> [2011/03/17 21:50:33 | 000,453,456 | ---- | C] (Microsoft Corporation) Windows Live -> C:\Users\Miriam\AppData\Local\Windows Live -> [2011/03/17 21:42:37 | 000,000,000 | ---D | C] mstscax.dll -> C:\Windows\SysNative\mstscax.dll -> [2011/03/17 21:37:53 | 003,138,048 | ---- | C] (Microsoft Corporation) mstscax.dll -> C:\Windows\SysWow64\mstscax.dll -> [2011/03/17 21:37:53 | 002,690,560 | ---- | C] (Microsoft Corporation) mstsc.exe -> C:\Windows\SysNative\mstsc.exe -> [2011/03/17 21:37:52 | 001,097,216 | ---- | C] (Microsoft Corporation) mstsc.exe -> C:\Windows\SysWow64\mstsc.exe -> [2011/03/17 21:37:52 | 001,034,240 | ---- | C] (Microsoft Corporation) mfc40.dll -> C:\Windows\SysWow64\mfc40.dll -> [2011/03/06 19:27:25 | 000,954,752 | ---- | C] (Microsoft Corporation) mfc40u.dll -> C:\Windows\SysWow64\mfc40u.dll -> [2011/03/06 19:27:25 | 000,954,288 | ---- | C] (Microsoft Corporation) XpsPrint.dll -> C:\Windows\SysNative\XpsPrint.dll -> [2011/03/06 19:25:31 | 000,662,528 | ---- | C] (Microsoft Corporation) XpsPrint.dll -> C:\Windows\SysWow64\XpsPrint.dll -> [2011/03/06 19:25:31 | 000,442,880 | ---- | C] (Microsoft Corporation) XpsGdiConverter.dll -> C:\Windows\SysNative\XpsGdiConverter.dll -> [2011/03/06 19:25:30 | 000,475,648 | ---- | C] (Microsoft Corporation) XpsGdiConverter.dll -> C:\Windows\SysWow64\XpsGdiConverter.dll -> [2011/03/06 19:25:30 | 000,288,256 | ---- | C] (Microsoft Corporation) d3d10warp.dll -> C:\Windows\SysNative\d3d10warp.dll -> [2011/03/06 19:24:49 | 001,837,568 | ---- | C] (Microsoft Corporation) d3d10warp.dll -> C:\Windows\SysWow64\d3d10warp.dll -> [2011/03/06 19:24:49 | 001,170,944 | ---- | C] (Microsoft Corporation) WMVDECOD.DLL -> C:\Windows\SysNative\WMVDECOD.DLL -> [2011/03/06 19:24:48 | 001,888,256 | ---- | C] (Microsoft Corporation) DWrite.dll -> C:\Windows\SysNative\DWrite.dll -> [2011/03/06 19:24:48 | 001,540,608 | ---- | C] (Microsoft Corporation) d2d1.dll -> C:\Windows\SysNative\d2d1.dll -> [2011/03/06 19:24:48 | 000,902,656 | ---- | C] (Microsoft Corporation) d2d1.dll -> C:\Windows\SysWow64\d2d1.dll -> [2011/03/06 19:24:48 | 000,739,840 | ---- | C] (Microsoft Corporation) mf.dll -> C:\Windows\SysNative\mf.dll -> [2011/03/06 19:24:47 | 004,068,864 | ---- | C] (Microsoft Corporation) mf.dll -> C:\Windows\SysWow64\mf.dll -> [2011/03/06 19:24:46 | 003,181,568 | ---- | C] (Microsoft Corporation) DWrite.dll -> C:\Windows\SysWow64\DWrite.dll -> [2011/03/06 19:24:46 | 001,074,176 | ---- | C] (Microsoft Corporation) ExplorerFrame.dll -> C:\Windows\SysNative\ExplorerFrame.dll -> [2011/03/06 19:24:45 | 001,863,680 | ---- | C] (Microsoft Corporation) d3d10_1core.dll -> C:\Windows\SysNative\d3d10_1core.dll -> [2011/03/06 19:24:45 | 000,320,512 | ---- | C] (Microsoft Corporation) WMVDECOD.DLL -> C:\Windows\SysWow64\WMVDECOD.DLL -> [2011/03/06 19:24:44 | 001,619,456 | ---- | C] (Microsoft Corporation) ExplorerFrame.dll -> C:\Windows\SysWow64\ExplorerFrame.dll -> [2011/03/06 19:24:44 | 001,495,040 | ---- | C] (Microsoft Corporation) mfreadwrite.dll -> C:\Windows\SysNative\mfreadwrite.dll -> [2011/03/06 19:24:44 | 000,257,024 | ---- | C] (Microsoft Corporation) d3d10_1core.dll -> C:\Windows\SysWow64\d3d10_1core.dll -> [2011/03/06 19:24:44 | 000,218,624 | ---- | C] (Microsoft Corporation) mfreadwrite.dll -> C:\Windows\SysWow64\mfreadwrite.dll -> [2011/03/06 19:24:44 | 000,196,608 | ---- | C] (Microsoft Corporation) dxgmms1.sys -> C:\Windows\SysNative\drivers\dxgmms1.sys -> [2011/03/06 19:24:43 | 000,265,088 | ---- | C] (Microsoft Corporation) XpsRasterService.dll -> C:\Windows\SysNative\XpsRasterService.dll -> [2011/03/06 19:24:43 | 000,229,888 | ---- | C] (Microsoft Corporation) mfps.dll -> C:\Windows\SysNative\mfps.dll -> [2011/03/06 19:24:43 | 000,206,848 | ---- | C] (Microsoft Corporation) d3d10_1.dll -> C:\Windows\SysNative\d3d10_1.dll -> [2011/03/06 19:24:43 | 000,197,120 | ---- | C] (Microsoft Corporation) d3d10_1.dll -> C:\Windows\SysWow64\d3d10_1.dll -> [2011/03/06 19:24:43 | 000,161,792 | ---- | C] (Microsoft Corporation) cdd.dll -> C:\Windows\SysNative\cdd.dll -> [2011/03/06 19:24:43 | 000,144,384 | ---- | C] (Microsoft Corporation) XpsRasterService.dll -> C:\Windows\SysWow64\XpsRasterService.dll -> [2011/03/06 19:24:43 | 000,135,168 | ---- | C] (Microsoft Corporation) odbc32.dll -> C:\Windows\SysNative\odbc32.dll -> [2011/03/06 19:23:58 | 000,720,896 | ---- | C] (Microsoft Corporation) odbc32.dll -> C:\Windows\SysWow64\odbc32.dll -> [2011/03/06 19:23:58 | 000,573,440 | ---- | C] (Microsoft Corporation) jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2011/03/06 19:23:30 | 000,852,480 | ---- | C] (Microsoft Corporation) jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2011/03/06 19:23:30 | 000,716,800 | ---- | C] (Microsoft Corporation) vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2011/03/06 19:23:30 | 000,612,352 | ---- | C] (Microsoft Corporation) ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2011/03/06 19:23:17 | 005,510,528 | ---- | C] (Microsoft Corporation) ntdll.dll -> C:\Windows\SysNative\ntdll.dll -> [2011/03/06 19:23:17 | 001,739,176 | ---- | C] (Microsoft Corporation) ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2011/03/06 19:23:16 | 003,957,120 | ---- | C] (Microsoft Corporation) ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2011/03/06 19:23:16 | 003,901,824 | ---- | C] (Microsoft Corporation) wmp.dll -> C:\Windows\SysNative\wmp.dll -> [2011/03/06 19:23:04 | 014,627,840 | ---- | C] (Microsoft Corporation) wmp.dll -> C:\Windows\SysWow64\wmp.dll -> [2011/03/06 19:23:02 | 011,406,848 | ---- | C] (Microsoft Corporation) wmploc.DLL -> C:\Windows\SysWow64\wmploc.DLL -> [2011/03/06 19:22:55 | 012,625,408 | ---- | C] (Microsoft Corporation) wmploc.DLL -> C:\Windows\SysNative\wmploc.DLL -> [2011/03/06 19:22:54 | 012,625,920 | ---- | C] (Microsoft Corporation) sscore.dll -> C:\Windows\SysWow64\sscore.dll -> [2011/03/06 19:22:19 | 000,009,728 | ---- | C] (Microsoft Corporation) atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2011/03/06 19:22:18 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2011/03/06 19:22:18 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2011/03/06 19:22:18 | 000,046,080 | ---- | C] (Adobe Systems) atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2011/03/06 19:22:18 | 000,034,304 | ---- | C] (Adobe Systems) wmpmde.dll -> C:\Windows\SysNative\wmpmde.dll -> [2011/03/06 19:21:50 | 001,024,512 | ---- | C] (Microsoft Corporation) wmpmde.dll -> C:\Windows\SysWow64\wmpmde.dll -> [2011/03/06 19:21:50 | 000,738,816 | ---- | C] (Microsoft Corporation) oleaut32.dll -> C:\Windows\SysNative\oleaut32.dll -> [2011/03/06 19:21:47 | 000,861,184 | ---- | C] (Microsoft Corporation) webio.dll -> C:\Windows\SysNative\webio.dll -> [2011/03/06 19:21:42 | 000,395,776 | ---- | C] (Microsoft Corporation) webio.dll -> C:\Windows\SysWow64\webio.dll -> [2011/03/06 19:21:42 | 000,314,368 | ---- | C] (Microsoft Corporation) winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2011/03/06 19:21:41 | 000,214,016 | ---- | C] (Microsoft Corporation) consent.exe -> C:\Windows\SysNative\consent.exe -> [2011/03/06 19:21:40 | 000,112,000 | ---- | C] (Microsoft Corporation) Diskdump.sys -> C:\Windows\SysNative\drivers\Diskdump.sys -> [2011/03/06 19:21:39 | 000,027,008 | ---- | C] (Microsoft Corporation) [Files/Folders - Modified Within 30 Days] bootstat.dat -> C:\Windows\bootstat.dat -> [2011/03/18 19:21:30 | 000,067,584 | --S- | M] () cmd.execf -> C:\Windows\SysWow64\cmd.execf -> [2011/03/18 12:08:03 | 000,301,568 | ---- | M] (Microsoft Corporation) 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/03/18 11:53:28 | 000,009,920 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/03/18 11:53:28 | 000,009,920 | -H-- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/03/18 11:53:05 | 000,726,316 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/03/18 11:53:05 | 000,624,178 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/03/18 11:53:05 | 000,106,522 | ---- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/03/18 11:45:30 | 3016,790,016 | -HS- | M] () config.nt -> C:\Windows\SysWow64\config.nt -> [2011/03/18 10:43:23 | 000,000,000 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/03/18 10:02:44 | 000,001,117 | ---- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/03/07 00:28:35 | 000,343,576 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Miriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/02/25 16:21:37 | 000,022,016 | ---- | M] () Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2011/02/25 01:41:21 | 000,002,018 | ---- | M] () avastSS.scr -> C:\Windows\avastSS.scr -> [2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2011/02/23 10:04:17 | 000,190,016 | ---- | M] (AVAST Software) aswBoot.exe -> C:\Windows\SysNative\aswBoot.exe -> [2011/02/23 10:04:07 | 000,238,968 | ---- | M] (AVAST Software) aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2011/02/23 09:57:04 | 000,280,408 | ---- | M] (AVAST Software) aswSnx.sys -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2011/02/23 09:57:01 | 000,505,176 | ---- | M] (AVAST Software) aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2011/02/23 09:55:53 | 000,053,592 | ---- | M] (AVAST Software) aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2011/02/23 09:55:13 | 000,031,064 | ---- | M] (AVAST Software) aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2011/02/23 09:55:05 | 000,064,344 | ---- | M] (AVAST Software) aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2011/02/23 09:54:58 | 000,022,360 | ---- | M] (AVAST Software) 1580 C:\Users\Miriam\AppData\Local\Temp\*.tmp files -> C:\Users\Miriam\AppData\Local\Temp\*.tmp -> [Files - No Company Name] Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/03/18 10:02:44 | 000,001,117 | ---- | C] () wh2robo.dll -> C:\Windows\SysWow64\wh2robo.dll -> [2010/07/28 15:38:43 | 000,040,960 | ---- | C] () hpqins15.dat -> C:\Windows\hpqins15.dat -> [2010/03/14 22:32:17 | 000,023,143 | ---- | C] () hpoins40.dat -> C:\Windows\hpoins40.dat -> [2010/03/07 18:21:36 | 000,201,770 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Miriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/24 18:32:31 | 000,022,016 | ---- | C] () ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2009/08/27 16:36:57 | 000,000,000 | ---- | C] () bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () mib.bin -> C:\Windows\mib.bin -> [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () hpomdl40.dat -> C:\Windows\hpomdl40.dat -> [2009/06/11 05:51:05 | 000,000,992 | ---- | C] () mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () [File - Lop Check] Acer -> C:\Users\Miriam\AppData\Roaming\Acer -> [2009/12/30 23:13:33 | 000,000,000 | ---D | M] Costco Photo Viewer US -> C:\Users\Miriam\AppData\Roaming\Costco Photo Viewer US -> [2010/04/18 19:01:47 | 000,000,000 | ---D | M] Gamelab -> C:\Users\Miriam\AppData\Roaming\Gamelab -> [2010/12/27 17:01:45 | 000,000,000 | ---D | M] HotSync -> C:\Users\Miriam\AppData\Roaming\HotSync -> [2010/05/23 21:09:28 | 000,000,000 | ---D | M] Leadertech -> C:\Users\Miriam\AppData\Roaming\Leadertech -> [2009/12/30 23:13:32 | 000,000,000 | ---D | M] WildTangent -> C:\Users\Miriam\AppData\Roaming\WildTangent -> [2010/08/15 19:35:59 | 000,000,000 | ---D | M] WildTangentv1002 -> C:\Users\Miriam\AppData\Roaming\WildTangentv1002 -> [2010/12/27 17:47:03 | 000,000,000 | ---D | M] SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/03/03 16:00:54 | 000,032,636 | ---- | M] () [File - Purity Scan] < End of report > [/code]