This topic is locked
I seem to have contracted the dreaded google redirect malware and I think there's a possible rootkit floating around too.
This nasty little tacker basically stops me from running any anti malware programs and since running OTC and ComboFix last night I seem to have gotten rid of the google redirect however the malware that removes any downloaded files from the temp folder and doesn't let me run pretty much any downloaded exe or zip file.
Before it got really bad I was able to download combofix and OTC although I think that has been removed recently. I did get an OTC log though which I'll post below.
I have attempted to uninstall my AVG free 8.5.409 however it's not removing correctly, and I can't repair or install any other virus scanners in the interim because of the malware. I did successfully run the September Microsoft Malware program but that didn't find anything.
Thanks heaps in advance for any assistance you can provide. Very much appreciated.
Here's the OTS log from last night.
OTS logfile created on: 9/13/2009 8:08:30 PM - Run 1
OTS by OldTimer - Version 3.0.12.1 Folder = C:\Users\brenton
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.33% Memory free
4.00 Gb Paging File | 2.70 Gb Available in Paging File | 67.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 8.67 Gb Free Space | 22.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1358.18 Gb Total Space | 900.51 Gb Free Space | 66.30% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 979.53 Mb Total Space | 659.64 Mb Free Space | 67.34% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Computer Name: FERRARI
Current User Name: brenton
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
alg.exe -> C:\Users\brenton\alg.exe -> [2009/09/13 20:07:10 | 00,514,560 | ---- | M] (OldTimer Tools)
alg.exe -> H:\alg.exe -> [2009/09/13 19:56:38 | 00,731,136 | R--- | M] ()
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/08/20 18:31:22 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/08/20 18:31:24 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/08/20 18:31:18 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/20 18:31:16 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
bluesoleilcs.exe -> C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -> [2009/04/20 10:13:30 | 00,840,192 | ---- | M] ()
bshelpcs.exe -> C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -> [2009/02/27 16:42:20 | 00,098,407 | ---- | M] ()
bsmobilecs.exe -> C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -> [2009/02/27 16:40:48 | 00,143,467 | ---- | M] ()
bttray.exe -> C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe -> [2009/02/27 16:44:34 | 00,315,478 | ---- | M] ()
daemon.exe -> C:\Program Files\DAEMON Tools Lite\daemon.exe -> [2008/08/08 20:11:12 | 00,490,952 | ---- | M] (DT Soft Ltd)
ehmsas.exe -> C:\Windows\ehome\ehmsas.exe -> [2008/01/21 10:23:22 | 00,037,376 | ---- | M] (Microsoft Corporation)
ehtray.exe -> C:\Windows\ehome\ehtray.exe -> [2008/01/21 10:23:22 | 00,125,952 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\Explorer.EXE -> [2009/04/11 14:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
flashutil9f.exe -> C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe -> [2008/03/25 10:32:44 | 00,218,496 | R--- | M] (Adobe Systems, Inc.)
hqtray.exe -> C:\Program Files\VMware\VMware Player\hqtray.exe -> [2008/10/28 22:00:50 | 00,064,048 | ---- | M] (VMware, Inc.)
iexplore.exe -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/07/22 05:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/07/22 05:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/07/22 05:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/07/22 05:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/07/22 05:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
ioctlsvc.exe -> C:\Windows\System32\IoctlSvc.exe -> [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
lmiguardian.exe -> C:\Program Files\LogMeIn\x86\LMIGuardian.exe -> [2008/10/16 20:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.)
logmeinsystray.exe -> C:\Program Files\LogMeIn\x86\LogMeInSystray.exe -> [2008/07/24 18:46:10 | 00,063,048 | ---- | M] (LogMeIn, Inc.)
nbservice.exe -> C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -> [2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG)
nvvsvc.exe -> C:\Windows\System32\nvvsvc.exe -> [2009/03/28 00:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation)
sidebar.exe -> C:\Program Files\Windows Sidebar\sidebar.exe -> [2009/04/11 14:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
sidebar.exe -> C:\Program Files\Windows Sidebar\sidebar.exe -> [2009/04/11 14:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
skype.exe -> C:\Program Files\Skype\Phone\Skype.exe -> [2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
skypepm.exe -> C:\Program Files\Skype\Plugin Manager\skypePM.exe -> [2008/05/30 15:54:16 | 00,076,744 | R--- | M] (Skype Technologies)
vmnat.exe -> C:\Windows\System32\vmnat.exe -> [2008/10/28 22:00:08 | 00,399,920 | ---- | M] (VMware, Inc.)
vmnetdhcp.exe -> C:\Windows\System32\vmnetdhcp.exe -> [2008/10/28 22:01:22 | 00,326,192 | ---- | M] (VMware, Inc.)
vmware-authd.exe -> C:\Program Files\VMware\VMware Player\vmware-authd.exe -> [2008/10/28 22:00:40 | 00,113,200 | ---- | M] (VMware, Inc.)
wmiprvse.exe -> C:\Windows\System32\wbem\wmiprvse.exe -> [2009/04/11 14:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation)
wmplayer.exe -> C:\Program Files\Windows Media Player\wmplayer.exe -> [2009/07/15 20:39:31 | 00,168,960 | ---- | M] (Microsoft Corporation)
wmpnetwk.exe -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/21 10:23:48 | 00,896,512 | ---- | M] (Microsoft Corporation)
wmpnscfg.exe -> C:\Program Files\Windows Media Player\wmpnscfg.exe -> [2008/01/21 10:23:48 | 00,202,240 | ---- | M] (Microsoft Corporation)
wudfhost.exe -> C:\Windows\System32\WUDFHost.exe -> [2008/01/21 10:23:09 | 00,142,336 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2009/03/30 12:42:10 | 00,031,048 | ---- | M] (Microsoft Corporation)
(avg8emc) AVG Free8 E-mail Scanner [Win32_Own | Auto | Stopped] -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/08/20 18:31:20 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/20 18:31:16 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BlueSoleilCS) BlueSoleilCS [Win32_Shared | Auto | Running] -> C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -> [2009/04/20 10:13:30 | 00,840,192 | ---- | M] ()
(BsHelpCS) BsHelpCS [Win32_Own | On_Demand | Running] -> C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -> [2009/02/27 16:42:20 | 00,098,407 | ---- | M] ()
(BsMobileCS) BsMobileCS [Win32_Own | Auto | Running] -> C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -> [2009/02/27 16:40:48 | 00,143,467 | ---- | M] ()
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/03/30 12:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/21 10:23:20 | 00,292,352 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006/11/02 20:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 20:34:14 | 00,013,312 | ---- | M] (Microsoft Corporation)
(Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> C:\Windows\System32\wevtsvc.dll -> [2009/04/11 14:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2009/02/19 02:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2009/02/19 02:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation)
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Disabled | Stopped] -> C:\Program Files\LogMeIn\x86\RaMaint.exe -> [2008/10/16 20:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.)
(LogMeIn) LogMeIn [Win32_Own | Disabled | Stopped] -> C:\Program Files\LogMeIn\x86\LogMeIn.exe -> [2008/07/24 18:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.)
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -> [2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2009/02/19 02:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -> [2008/06/24 16:05:56 | 00,537,896 | ---- | M] (Nero AG)
(nvsvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\Windows\System32\nvvsvc.exe -> [2009/03/28 00:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation)
(OpenVPNService) OpenVPN Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\OpenVPN\bin\openvpnserv.exe -> [2008/11/20 02:22:20 | 00,015,872 | ---- | M] ()
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Win32_Own | Auto | Running] -> C:\Windows\System32\IoctlSvc.exe -> [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.)
(ufad-ws60) VMware Agent Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\VMware\VMware Player\vmware-ufad.exe -> [2008/10/02 17:25:42 | 00,191,024 | ---- | M] (VMware, Inc.)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
(VMAuthdService) VMware Authorization Service [Win32_Own | Auto | Running] -> C:\Program Files\VMware\VMware Player\vmware-authd.exe -> [2008/10/28 22:00:40 | 00,113,200 | ---- | M] (VMware, Inc.)
(VMnetDHCP) VMware DHCP Service [Win32_Own | Auto | Running] -> C:\Windows\System32\vmnetdhcp.exe -> [2008/10/28 22:01:22 | 00,326,192 | ---- | M] (VMware, Inc.)
(vmserverdWin32) VMware Registration Service [Win32_Own | Auto | Stopped] -> -> File not found
(VMware NAT Service) VMware NAT Service [Win32_Own | Auto | Running] -> C:\Windows\System32\vmnat.exe -> [2008/10/28 22:00:08 | 00,399,920 | ---- | M] (VMware, Inc.)
(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/21 10:21:41 | 00,272,952 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Auto | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/21 10:23:48 | 00,896,512 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2008/01/21 10:21:29 | 00,422,968 | ---- | M] (Adaptec, Inc.)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2008/01/21 10:21:33 | 00,300,600 | ---- | M] (Adaptec, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2008/01/21 10:21:34 | 00,101,432 | ---- | M] (Adaptec, Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2008/01/21 10:21:35 | 00,149,560 | ---- | M] (Adaptec, Inc.)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 17:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2008/01/21 10:21:09 | 00,017,464 | ---- | M] (Acer Laboratories Inc.)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2008/01/21 10:21:32 | 00,079,416 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2008/01/21 10:21:32 | 00,079,928 | ---- | M] (Adaptec, Inc.)
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\athr.sys -> [2009/01/13 08:45:00 | 00,954,368 | ---- | M] (Atheros Communications, Inc.)
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgldx86.sys -> [2009/08/20 18:31:24 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\Windows\System32\Drivers\avgmfx86.sys -> [2009/08/20 18:31:24 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG8 Network Redirector [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgtdix.sys -> [2009/05/02 12:44:51 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 16:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 16:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 16:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 16:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 16:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 16:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(BT) Bluetooth PAN Network Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\btnetdrv.sys -> [2008/12/07 12:44:50 | 00,017,928 | ---- | M] (IVT Corporation.)
(Btcsrusb) Bluetooth USB For Bluetooth Service [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\btcusb.sys -> [2009/01/03 16:40:12 | 00,039,304 | ---- | M] (IVT Corporation.)
(BtHidBus) Bluetooth HID Bus Service [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\BtHidBus.sys -> [2009/01/07 23:39:36 | 00,020,744 | ---- | M] (IVT Corporation.)
(btnetBUs) Bluetooth PAN Bus Service [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\btnetBus.sys -> [2008/12/07 12:44:54 | 00,030,088 | ---- | M] ()
(BTNetFilter) Bluetooth Network Filter [Kernel | On_Demand | Stopped] -> C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys -> [2006/11/22 13:41:18 | 00,022,416 | ---- | M] (IVT Corporation.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2008/01/21 10:21:09 | 00,019,000 | ---- | M] (CMD Technology, Inc.)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\E1G60I32.sys -> [2008/01/21 10:21:33 | 00,118,784 | ---- | M] (Intel Corporation)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2008/01/21 10:21:30 | 00,342,584 | ---- | M] (Emulex)
(gdrv) gdrv [Kernel | On_Demand | Stopped] -> C:\Windows\gdrv.sys -> [2008/07/27 21:25:39 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider)
(hcmon) VMware hcmon [Kernel | Auto | Running] -> C:\Windows\System32\Drivers\hcmon.sys -> [2008/10/28 22:01:28 | 00,032,304 | ---- | M] (VMware, Inc.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2008/01/21 10:21:34 | 00,040,504 | ---- | M] (Hewlett-Packard Company)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2008/01/21 10:21:31 | 00,235,064 | ---- | M] (Intel Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 17:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 17:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 17:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(IvtBtBUs) IVT Bluetooth Bus Service [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\IvtBtBus.sys -> [2008/07/02 14:58:48 | 00,026,248 | ---- | M] (IVT Corporation.)
(JRAID) JRAID [Kernel | Boot | Running] -> C:\Windows\system32\drivers\jraid.sys -> [2009/08/13 16:10:36 | 00,096,368 | ---- | M] (JMicron Technology Corp.)
(LMIInfo) LogMeIn Kernel Information Provider [Kernel | Auto | Running] -> C:\Program Files\LogMeIn\x86\RaInfo.sys -> [2008/07/24 18:46:12 | 00,012,856 | ---- | M] (LogMeIn, Inc.)
(lmimirr) lmimirr [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\lmimirr.sys -> [2008/07/24 18:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.)
(LMIRfsClientNP) LMIRfsClientNP [File_System | Disabled | Stopped] -> C:\Windows\System32\LMIRfsClientNP.dll -> [2008/10/16 20:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.)
(LMIRfsDriver) LogMeIn Remote File System Driver [File_System | Auto | Running] -> C:\Windows\System32\drivers\LMIRfsDriver.sys -> [2008/07/24 18:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2008/01/21 10:21:31 | 00,096,312 | ---- | M] (LSI Logic)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2008/01/21 10:21:33 | 00,089,656 | ---- | M] (LSI Logic)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2008/01/21 10:21:31 | 00,096,312 | ---- | M] (LSI Logic)
(massfilter) ZTE Mass Storage Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\massfilter.sys -> [2008/08/12 09:11:36 | 00,007,168 | R--- | M] (ZTE Incorporated)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2008/01/21 10:21:35 | 00,031,288 | ---- | M] (LSI Corporation)
(MegaSR) MegaSR [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasr.sys -> [2008/01/21 10:21:35 | 00,386,616 | ---- | M] (LSI Corporation, Inc.)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 17:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 17:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 15:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\nvlddmkm.sys -> [2009/03/28 00:03:00 | 07,738,816 | ---- | M] (NVIDIA Corporation)
(nvraid) NVIDIA nForce RAID Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2008/01/21 10:21:29 | 00,102,968 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2008/01/21 10:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation)
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\pcouffin.sys -> [2008/06/11 19:35:01 | 00,047,360 | ---- | M] (VSO Software)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2008/01/21 10:21:33 | 01,122,360 | ---- | M] (QLogic Corporation)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 17:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\atikmdag.sys -> [2007/01/19 00:03:24 | 02,314,752 | ---- | M] (ATI Technologies Inc.)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\RootMdm.sys -> [2008/01/21 10:22:59 | 00,008,192 | ---- | M] (Microsoft Corporation)
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\Rtlh86.sys -> [2009/05/25 06:50:44 | 00,164,864 | ---- | M] (Realtek )
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 14:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2008/01/21 10:21:34 | 00,074,808 | ---- | M] (Silicon Integrated Systems)
(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\sptd.sys -> [2008/10/24 21:56:28 | 00,717,296 | ---- | M] ()
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 17:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 17:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 17:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(tap0901) TAP-Win32 Adapter V9 [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\tap0901.sys -> [2008/11/20 02:22:36 | 00,025,216 | ---- | M] (The OpenVPN Project)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2008/01/21 10:21:28 | 00,238,648 | ---- | M] (ULi Electronics Inc.)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 17:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2008/01/21 10:21:31 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(UMPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\umpass.sys -> [2008/01/21 10:21:57 | 00,007,680 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbaudio.sys -> [2009/04/11 12:42:54 | 00,073,216 | ---- | M] (Microsoft Corporation)
(VComm) Virtual Serial port driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\VComm.sys -> [2008/01/21 19:27:50 | 00,014,856 | ---- | M] (IVT Corporation.)
(VcommMgr) Bluetooth VComm Manager Service [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\VcommMgr.sys -> [2009/01/08 02:20:04 | 00,031,880 | ---- | M] (IVT Corporation.)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2008/01/21 10:21:09 | 00,020,024 | ---- | M] (VIA Technologies, Inc.)
(vmci) VMware vmci [Kernel | Auto | Running] -> C:\Windows\System32\Drivers\vmci.sys -> [2008/10/28 22:01:34 | 00,054,960 | ---- | M] (VMware, Inc.)
(vmkbd) VMware kbd [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VMkbd.sys -> [2008/10/28 22:01:32 | 00,023,216 | ---- | M] (VMware, Inc.)
(VMnetAdapter) VMware Virtual Ethernet Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\vmnetadapter.sys -> [2008/10/28 16:03:28 | 00,016,560 | ---- | M] (VMware, Inc.)
(VMnetBridge) VMware Bridge Protocol [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\vmnetbridge.sys -> [2008/10/28 16:03:28 | 00,031,280 | R--- | M] (VMware, Inc.)
(VMnetuserif) VMware Network Application Interface [Kernel | Auto | Running] -> C:\Windows\System32\drivers\vmnetuserif.sys -> [2008/10/28 22:01:32 | 00,026,288 | ---- | M] (VMware, Inc.)
(VMparport) VMware VMparport [Kernel | Auto | Running] -> C:\Windows\System32\Drivers\VMparport.sys -> [2008/10/28 22:01:20 | 00,014,896 | ---- | M] (VMware, Inc.)
(vmx86) VMware vmx86 [Kernel | Auto | Running] -> C:\Windows\System32\Drivers\vmx86.sys -> [2008/10/28 22:01:30 | 00,857,392 | ---- | M] (VMware, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2008/01/21 10:21:32 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd)
(vstor2-ws60) Vstor2 WS60 Virtual Storage Driver [Kernel | Auto | Running] -> C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -> [2008/10/02 17:24:48 | 00,022,448 | ---- | M] (VMware, Inc.)
(ZTEusbmdm6k) ZTE Proprietary USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys -> [2008/04/19 05:05:22 | 00,103,936 | ---- | M] (ZTE Incorporated)
(ZTEusbnmea) ZTE NMEA Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ZTEusbnmea.sys -> [2008/04/19 05:05:22 | 00,103,936 | ---- | M] (ZTE Incorporated)
(ZTEusbser6k) ZTE Diagnostic Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ZTEusbser6k.sys -> [2008/04/19 05:05:22 | 00,103,936 | ---- | M] (ZTE Incorporated)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\] > -> ->
HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\: Main\\"Page_Transitions" -> 1 ->
HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\: Main\\"Start Page" -> http://www.google.com.au/ ->
HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ ->
HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us ->
HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 5C E8 15 4A 42 34 CA 01 [binary data] ->
HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\: "ProxyOverride" -> <local> ->
< FireFox Settings [Prefs.js] > -> C:\Users\brenton\AppData\Roaming\Mozilla\FireFox\Profiles\fy02zwzy.default\prefs.js ->
browser.startup.homepage -> "http://www.facebook.com/home.php?|http://mail.google.com/mail/#inbox|http://finance.yahoo.com/|http://www.kitcometals.com/|http://www.anz.com/" ->
extensions.enabledItems -> {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.5 ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 ->
extensions.enabledItems -> {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.99 ->
extensions.enabledItems -> {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 ->
extensions.enabledItems -> [email protected]:1.0.0.407 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {FFA36170-80B1-4535-B0E3-A4569E497DD0}:2.0.3 ->
extensions.enabledItems -> [email protected]:2 ->
extensions.enabledItems -> 4 ->
extensions.enabledItems -> 7 ->
extensions.enabledItems -> 2 ->
extensions.enabledItems -> [email protected]:2.6.1 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/06/29 11:38:24 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/06/28 15:30:53 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/09/12 01:07:49 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/09/12 01:07:49 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\brenton\AppData\Roaming\mozilla\Extensions -> [2008/08/26 16:22:20 | 00,000,000 | ---D | M]
-> C:\Users\brenton\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/08/26 16:22:20 | 00,000,000 | ---D | M]
-> C:\Users\brenton\AppData\Roaming\mozilla\Firefox\Profiles\fy02zwzy.default\extensions -> [2009/09/12 01:08:00 | 00,097,924 | ---- | M] ()
-> C:\Users\brenton\AppData\Roaming\mozilla\Firefox\Profiles\fy02zwzy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/12 01:08:00 | 00,097,924 | ---- | M] ()
-> C:\Users\brenton\AppData\Roaming\mozilla\Firefox\Profiles\fy02zwzy.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} -> [2009/09/12 01:08:00 | 00,097,924 | ---- | M] ()
-> C:\Users\brenton\AppData\Roaming\mozilla\Firefox\Profiles\fy02zwzy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/09/12 01:08:00 | 00,097,924 | ---- | M] ()
-> C:\Users\brenton\AppData\Roaming\mozilla\Firefox\Profiles\fy02zwzy.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648} -> [2009/09/12 01:08:00 | 00,097,924 | ---- | M] ()
-> C:\Users\brenton\AppData\Roaming\mozilla\Firefox\Profiles\fy02zwzy.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} -> [2009/09/12 01:08:00 | 00,097,924 | ---- | M] ()
-> C:\Users\brenton\AppData\Roaming\mozilla\Firefox\Profiles\fy02zwzy.default\extensions\[email protected] -> [2009/09/12 01:08:00 | 00,097,924 | ---- | M] ()
-> C:\Users\brenton\AppData\Roaming\mozilla\Firefox\Profiles\fy02zwzy.default\extensions\[email protected] -> [2009/09/12 01:08:00 | 00,097,924 | ---- | M] ()
-> C:\Users\brenton\AppData\Roaming\mozilla\Firefox\Profiles\fy02zwzy.default\extensions\[email protected] -> [2009/09/12 01:08:00 | 00,097,924 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/09/12 01:07:49 | 09,767,928 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11} -> [2009/09/12 01:07:49 | 09,767,928 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/09/12 01:07:49 | 09,767,928 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} -> [2009/09/12 01:07:49 | 09,767,928 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2009/09/12 01:07:49 | 09,767,928 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -> [2009/09/12 01:07:49 | 09,767,928 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/09/12 01:07:49 | 09,767,928 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -> [2009/09/12 01:07:49 | 09,767,928 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/09/12 01:07:49 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/09/12 01:07:48 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/09/12 01:07:48 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/09/12 01:07:49 | 00,000,000 | ---D | M]
np-mswmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
np32dsw.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np32dsw.dll -> [2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.)
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/09/12 01:07:48 | 00,065,528 | ---- | M] (mozilla.org)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008/10/14 20:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/07/05 18:08:30 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/07/05 18:08:30 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/07/05 18:08:30 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/07/05 18:08:30 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/07/05 18:08:30 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/07/05 18:08:30 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/07/05 18:08:30 | 00,143,360 | ---- | M] (Apple Inc.)
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/07/05 18:08:30 | 00,004,208 | ---- | M] ()
ShockwavePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ShockwavePlugin.cla -> [2008/08/06 15:33:20 | 00,001,144 | ---- | M] ()
WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007/03/30 10:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007/03/30 10:43:58 | 00,003,352 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/07/26 14:05:10 | 00,000,000 | ---D | M]
amazon-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazon-en-GB.xml -> [2009/07/26 14:05:08 | 00,001,538 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/07/26 14:05:08 | 00,002,193 | ---- | M] ()
chambers-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\chambers-en-GB.xml -> [2009/07/26 14:05:08 | 00,000,947 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/07/26 14:05:08 | 00,001,534 | ---- | M] ()
eBay-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay-en-GB.xml -> [2009/07/26 14:05:08 | 00,000,759 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/07/26 14:05:08 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/07/26 14:05:08 | 00,001,178 | ---- | M] ()
yahoo-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo-en-GB.xml -> [2009/07/26 14:05:08 | 00,000,831 | ---- | M] ()
< HOSTS File > (0 bytes and 0 lines) -> C:\Windows\System32\drivers\etc\Hosts ->
Reset Hosts
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2008/05/30 15:54:16 | 01,410,344 | ---- | M] (Skype Technologies S.A.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/08/20 18:31:20 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{54445830-1BDA-41E6-9E4B-87305FED3DCF} [HKLM] -> C:\Windows\vanwxemggdr.dll [QXK Olive] -> File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/02/17 15:11:04 | 00,408,440 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/07/25 05:23:03 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{D0F811AD-FA98-436A-B4CE-B43F178537BE}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 00:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/08/20 18:31:18 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
"BtTray" -> C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ["C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"] -> [2009/02/27 16:44:34 | 00,315,478 | ---- | M] ()
"EPSON Stylus CX4700 Series" -> C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE [C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /F "C:\Windows\TEMP\E_SD0B6.tmp" /EF "HKLM"] -> [2005/02/02 04:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
"JMB36X IDE Setup" -> C:\Windows\RaidTool\xInsIDE.exe [C:\Windows\RaidTool\xInsIDE.exe] -> [2007/03/20 14:36:18 | 00,036,864 | ---- | M] ()
"LogMeIn GUI" -> C:\Program Files\LogMeIn\x86\LogMeInSystray.exe ["C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> [2008/07/24 18:46:10 | 00,063,048 | ---- | M] (LogMeIn, Inc.)
"NvCplDaemon" -> C:\Windows\System32\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2009/03/28 00:03:00 | 13,687,328 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\Windows\System32\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2009/03/28 00:03:00 | 00,092,704 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"VMware hqtray" -> C:\Program Files\VMware\VMware Player\hqtray.exe ["C:\Program Files\VMware\VMware Player\hqtray.exe"] -> [2008/10/28 22:00:50 | 00,064,048 | ---- | M] (VMware, Inc.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 14:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 14:28:23 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 14:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 14:28:23 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\] > -> HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DAEMON Tools Lite" -> C:\Program Files\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> [2008/08/08 20:11:12 | 00,490,952 | ---- | M] (DT Soft Ltd)
"ehTray.exe" -> C:\Windows\ehome\ehTray.exe [C:\Windows\ehome\ehTray.exe] -> [2008/01/21 10:23:22 | 00,125,952 | ---- | M] (Microsoft Corporation)
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2009/04/11 14:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
"Skype" -> C:\Program Files\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"WMPNSCFG" -> C:\Program Files\Windows Media Player\WMPNSCFG.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2008/01/21 10:23:48 | 00,202,240 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [255] -> File not found
\\"BindDirectlyToPropertySetStorage" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [1] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
\\"EnableUIADesktopToggle" -> [0] -> File not found
\\"DisableRegistryTools" -> [1] -> File not found
\\"DisableTaskMgr" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000] > -> HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2008/05/30 15:54:16 | 01,410,344 | ---- | M] (Skype Technologies S.A.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\] > -> HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\] > -> HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2663051174-626813573-3717304182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab [Java Plug-in 1.6.0_06] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{68C8324E-2162-4CA3-956A-1B5971B17194}\\DhcpNameServer -> 192.168.2.1 (Realtek PCIe GBE Family Controller) ->
{68C8324E-2162-4CA3-956A-1B5971B17194}\\NameServer -> 203.21.20.20,203.10.1.9 (Realtek PCIe GBE Family Controller) ->
{6A979143-28BF-44AD-8200-ECCD33D60EDA}\\DhcpNameServer -> 192.168.15.10 192.168.59.5 192.168.59.7 () ->
{6D524227-E6D7-4B91-9549-CD0AD5C11872}\\DhcpNameServer -> 192.168.2.1 (Atheros AR5005GS Wireless Network Adapter) ->
{6D524227-E6D7-4B91-9549-CD0AD5C11872}\\NameServer -> 203.21.20.20,203.10.1.9 (Atheros AR5005GS Wireless Network Adapter) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/08/20 18:31:24 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 14:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{E31004D1-A431-41B8-826F-E902F9D95C81}" [HKLM] -> C:\Windows\System32\DreamScene.dll [Windows DreamScene] -> [2007/07/20 07:55:46 | 00,233,888 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\winav.exe" -> C:\Windows\System32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Program Files\TESTOUT\Cmi\Navigator.exe" -> C:\Program Files\TESTOUT\Cmi\Navigator.exe [C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator] -> [2005/10/28 23:09:16 | 01,115,776 | ---- | M] (TestOut Corporation)
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\autorun.exe" -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\autorun.exe [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Users\brenton\AppData\Roaming\mcrupdate.exe" -> C:\Users\brenton\AppData\Roaming\mcrupdate.exe [C:\Users\brenton\AppData\Roaming\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Users\brenton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\findfast.exe" -> C:\Users\brenton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\findfast.exe [C:\Users\brenton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Users\brenton\AppData\Roaming\printer.exe" -> C:\Users\brenton\AppData\Roaming\printer.exe [C:\Users\brenton\AppData\Roaming\printer.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Windows\shell.exe" -> C:\Windows\shell.exe [C:\Windows\shell.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Windows\system32\printer.exe" -> C:\Windows\System32\printer.exe [C:\Windows\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Windows\system32\spoolvs.exe" -> C:\Windows\System32\spoolvs.exe [C:\Windows\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\winav.exe" -> C:\Windows\System32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Program Files\TESTOUT\Cmi\Navigator.exe" -> C:\Program Files\TESTOUT\Cmi\Navigator.exe [C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator] -> [2005/10/28 23:09:16 | 01,115,776 | ---- | M] (TestOut Corporation)
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\autorun.exe" -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\autorun.exe [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Users\brenton\AppData\Roaming\mcrupdate.exe" -> C:\Users\brenton\AppData\Roaming\mcrupdate.exe [C:\Users\brenton\AppData\Roaming\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Users\brenton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\findfast.exe" -> C:\Users\brenton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\findfast.exe [C:\Users\brenton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Users\brenton\AppData\Roaming\printer.exe" -> C:\Users\brenton\AppData\Roaming\printer.exe [C:\Users\brenton\AppData\Roaming\printer.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Windows\shell.exe" -> C:\Windows\shell.exe [C:\Windows\shell.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Windows\system32\printer.exe" -> C:\Windows\System32\printer.exe [C:\Windows\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Windows\system32\spoolvs.exe" -> C:\Windows\System32\spoolvs.exe [C:\Windows\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/19 05:43:36 | 00,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{4831b296-2c9a-11dd-9c81-8460583f6139}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4831b296-2c9a-11dd-9c81-8460583f6139}\shell
\{4831b296-2c9a-11dd-9c81-8460583f6139}\shell\\"" -> [Autorun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4831b296-2c9a-11dd-9c81-8460583f6139}\shell\Open\command
\{4831b296-2c9a-11dd-9c81-8460583f6139}\shell\Open\command\\"" -> [Recycled.exe e] -> File not found
\{b0e91b9e-a1d3-11dd-a81a-005056c00008}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0e91b9e-a1d3-11dd-a81a-005056c00008}\shell
\{b0e91b9e-a1d3-11dd-a81a-005056c00008}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0e91b9e-a1d3-11dd-a81a-005056c00008}\shell\AutoRun\command
\{b0e91b9e-a1d3-11dd-a81a-005056c00008}\shell\AutoRun\command\\"" -> D:\Autorun.exe [D:\Autorun.exe] -> File not found
[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 9/13/2009 4:43:47 AM Computer Name = ferrari | Source = vmauthd | ID = 100 -> Description = SetServiceStatus error 1722
Application [ Error ] 9/13/2009 4:46:42 AM Computer Name = ferrari | Source = EventSystem | ID = 4609 -> Description =
Application [ Error ] 9/13/2009 4:47:15 AM Computer Name = ferrari | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 9/13/2009 4:50:17 AM Computer Name = ferrari | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 9/13/2009 4:51:20 AM Computer Name = ferrari | Source = EventSystem | ID = 4609 -> Description =
Application [ Error ] 9/13/2009 5:13:18 AM Computer Name = ferrari | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 9/13/2009 5:27:20 AM Computer Name = ferrari | Source = EventSystem | ID = 4609 -> Description =
Application [ Error ] 9/13/2009 5:32:08 AM Computer Name = ferrari | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 9/13/2009 5:32:16 AM Computer Name = ferrari | Source = Application Error | ID = 1000 -> Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18813, time stamp 0x4a6621ae, faulting module D49DECF2.x86.dll, version 0.0.0.0, time stamp 0x4a97f4f7, exception code 0xc0000005, fault offset 0x00004182, process id 0xf3c, application start time 0x01ca3454fce8482a.
Application [ Error ] 9/13/2009 5:32:38 AM Computer Name = ferrari | Source = Application Error | ID = 1000 -> Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18813, time stamp 0x4a6621ae, faulting module D49DECF2.x86.dll, version 0.0.0.0, time stamp 0x4a97f4f7, exception code 0xc0000005, fault offset 0x00004182, process id 0x1224, application start time 0x01ca3455162a0a8a.
Media Center [ Error ] 12/5/2008 10:56:16 PM Computer Name = ferrari | Source = McrMgr | ID = 109 -> Description =
Media Center [ Error ] 1/30/2009 5:00:24 AM Computer Name = ferrari | Source = Mcx2Svc | ID = 301 -> Description =
Media Center [ Error ] 2/4/2009 9:04:42 AM Computer Name = ferrari | Source = Mcx2Svc | ID = 301 -> Description =
Media Center [ Error ] 2/4/2009 9:14:57 AM Computer Name = ferrari | Source = Mcx2Svc | ID = 301 -> Description =
Media Center [ Error ] 2/4/2009 9:15:20 AM Computer Name = ferrari | Source = Mcx2Svc | ID = 301 -> Description =
Media Center [ Error ] 2/4/2009 9:15:45 AM Computer Name = ferrari | Source = Mcx2Svc | ID = 301 -> Description =
System [ Error ] 9/13/2009 5:27:21 AM Computer Name = ferrari | Source = Service Control Manager | ID = 7001 -> Description =
System [ Error ] 9/13/2009 5:27:21 AM Computer Name = ferrari | Source = Service Control Manager | ID = 7001 -> Description =
System [ Error ] 9/13/2009 5:27:54 AM Computer Name = ferrari | Source = Service Control Manager | ID = 7001 -> Description =
System [ Error ] 9/13/2009 5:27:55 AM Computer Name = ferrari | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 9/13/2009 5:27:55 AM Computer Name = ferrari | Source = Service Control Manager | ID = 7001 -> Description =
System [ Error ] 9/13/2009 5:27:55 AM Computer Name = ferrari | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 9/13/2009 5:29:31 AM Computer Name = ferrari | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 9/13/2009 5:30:52 AM Computer Name = ferrari | Source = Microsoft-Windows-TaskScheduler | ID = 412 -> Description =
System [ Error ] 9/13/2009 5:32:08 AM Computer Name = ferrari | Source = Service Control Manager | ID = 7000 -> Description =
System [ Error ] 9/13/2009 5:32:08 AM Computer Name = ferrari | Source = Service Control Manager | ID = 7026 -> Description =
[Files/Folders - Created Within 30 Days]
alg.exe -> C:\Users\brenton\alg.exe -> [2009/09/13 20:07:07 | 00,514,560 | ---- | C] (OldTimer Tools)
Apps -> C:\Users\brenton\AppData\Local\Apps -> [2009/09/13 19:48:39 | 00,000,000 | ---D | C]
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/13 17:30:26 | 21,459,02592 | -HS- | C] ()
Test1-Malwarebytes' Anti-Malware -> C:\Program Files\Test1-Malwarebytes' Anti-Malware -> [2009/09/13 17:28:11 | 00,000,000 | ---D | C]
PIF -> C:\Windows\PIF -> [2009/09/13 16:55:01 | 00,000,000 | -H-D | C]
Test-Malwarebytes' Anti-Malware -> C:\Program Files\Test-Malwarebytes' Anti-Malware -> [2009/09/13 16:53:15 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Users\brenton\AppData\Roaming\Malwarebytes -> [2009/09/13 16:39:08 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/09/13 16:39:07 | 00,000,818 | ---- | C] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/09/13 16:39:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/09/13 16:39:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/09/13 16:39:03 | 00,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/09/13 16:39:03 | 00,000,000 | ---D | C]
torrents -> C:\Users\brenton\Documents\torrents -> [2009/09/12 09:37:47 | 00,000,000 | ---D | C]
tcpip.sys -> C:\Windows\System32\drivers\tcpip.sys -> [2009/09/09 04:47:23 | 00,904,776 | ---- | C] (Microsoft Corporation)
netiohlp.dll -> C:\Windows\System32\netiohlp.dll -> [2009/09/09 04:47:23 | 00,105,984 | ---- | C] (Microsoft Corporation)
tcpipreg.sys -> C:\Windows\System32\drivers\tcpipreg.sys -> [2009/09/09 04:47:22 | 00,030,720 | ---- | C] (Microsoft Corporation)
NETSTAT.EXE -> C:\Windows\System32\NETSTAT.EXE -> [2009/09/09 04:47:22 | 00,027,136 | ---- | C] (Microsoft Corporation)
ARP.EXE -> C:\Windows\System32\ARP.EXE -> [2009/09/09 04:47:22 | 00,019,968 | ---- | C] (Microsoft Corporation)
ROUTE.EXE -> C:\Windows\System32\ROUTE.EXE -> [2009/09/09 04:47:22 | 00,017,920 | ---- | C] (Microsoft Corporation)
netevent.dll -> C:\Windows\System32\netevent.dll -> [2009/09/09 04:47:22 | 00,017,920 | ---- | C] (Microsoft Corporation)
MRINFO.EXE -> C:\Windows\System32\MRINFO.EXE -> [2009/09/09 04:47:22 | 00,011,264 | ---- | C] (Microsoft Corporation)
finger.exe -> C:\Windows\System32\finger.exe -> [2009/09/09 04:47:22 | 00,010,240 | ---- | C] (Microsoft Corporation)
TCPSVCS.EXE -> C:\Windows\System32\TCPSVCS.EXE -> [2009/09/09 04:47:22 | 00,009,728 | ---- | C] (Microsoft Corporation)
HOSTNAME.EXE -> C:\Windows\System32\HOSTNAME.EXE -> [2009/09/09 04:47:22 | 00,008,704 | ---- | C] (Microsoft Corporation)
wlansec.dll -> C:\Windows\System32\wlansec.dll -> [2009/09/09 04:22:54 | 00,302,592 | ---- | C] (Microsoft Corporation)
wlanmsm.dll -> C:\Windows\System32\wlanmsm.dll -> [2009/09/09 04:22:54 | 00,293,376 | ---- | C] (Microsoft Corporation)
L2SecHC.dll -> C:\Windows\System32\L2SecHC.dll -> [2009/09/09 04:22:54 | 00,127,488 | ---- | C] (Microsoft Corporation)
wlan.tmf -> C:\Windows\System32\wlan.tmf -> [2009/09/09 04:22:53 | 02,501,921 | ---- | C] ()
wlansvc.dll -> C:\Windows\System32\wlansvc.dll -> [2009/09/09 04:22:53 | 00,513,536 | ---- | C] (Microsoft Corporation)
wlanapi.dll -> C:\Windows\System32\wlanapi.dll -> [2009/09/09 04:22:53 | 00,065,024 | ---- | C] (Microsoft Corporation)
mf.dll -> C:\Windows\System32\mf.dll -> [2009/09/09 04:22:48 | 02,868,224 | ---- | C] (Microsoft Corporation)
WMVCORE.DLL -> C:\Windows\System32\WMVCORE.DLL -> [2009/09/09 04:22:48 | 02,386,944 | ---- | C] (Microsoft Corporation)
jscript.dll -> C:\Windows\System32\jscript.dll -> [2009/09/09 04:22:31 | 00,726,528 | ---- | C] (Microsoft Corporation)
tax info 0809.ods -> C:\Users\brenton\Documents\tax info 0809.ods -> [2009/09/08 22:13:37 | 00,019,507 | ---- | C] ()
tzres.dll -> C:\Windows\System32\tzres.dll -> [2009/09/05 15:10:19 | 00,002,048 | ---- | C] (Microsoft Corporation)
JMB36X_WinDrv_R1.17.50_WHQL -> C:\JMB36X_WinDrv_R1.17.50_WHQL -> [2009/09/03 18:53:47 | 00,000,000 | ---D | C]
Microsoft Corporation -> C:\Users\brenton\AppData\Local\Microsoft Corporation -> [2009/09/03 17:32:36 | 00,000,000 | ---D | C]
Windows 7 Upgrade Advisor Beta.lnk -> C:\Users\brenton\Desktop\Windows 7 Upgrade Advisor Beta.lnk -> [2009/09/03 17:32:17 | 00,002,048 | ---- | C] ()
Microsoft Windows 7 Upgrade Advisor -> C:\Program Files\Microsoft Windows 7 Upgrade Advisor -> [2009/09/03 17:32:16 | 00,000,000 | ---D | C]
Apphlpdm.dll -> C:\Windows\System32\Apphlpdm.dll -> [2009/09/03 08:21:54 | 00,028,672 | ---- | C] (Microsoft Corporation)
GameUXLegacyGDFs.dll -> C:\Windows\System32\GameUXLegacyGDFs.dll -> [2009/09/03 08:21:53 | 04,240,384 | ---- | C] (Microsoft)
wa_residential_tenancy_kit -> C:\Users\brenton\Desktop\wa_residential_tenancy_kit -> [2009/08/16 19:12:37 | 00,000,000 | ---D | C]
lsasrv.dll -> C:\Windows\System32\lsasrv.dll -> [2009/08/16 11:06:29 | 01,259,008 | ---- | C] (Microsoft Corporation)
kerberos.dll -> C:\Windows\System32\kerberos.dll -> [2009/08/16 11:06:29 | 00,499,712 | ---- | C] (Microsoft Corporation)
ksecdd.sys -> C:\Windows\System32\drivers\ksecdd.sys -> [2009/08/16 11:06:29 | 00,439,864 | ---- | C] (Microsoft Corporation)
schannel.dll -> C:\Windows\System32\schannel.dll -> [2009/08/16 11:06:29 | 00,270,848 | ---- | C] (Microsoft Corporation)
msv1_0.dll -> C:\Windows\System32\msv1_0.dll -> [2009/08/16 11:06:29 | 00,218,624 | ---- | C] (Microsoft Corporation)
wdigest.dll -> C:\Windows\System32\wdigest.dll -> [2009/08/16 11:06:29 | 00,175,104 | ---- | C] (Microsoft Corporation)
secur32.dll -> C:\Windows\System32\secur32.dll -> [2009/08/16 11:06:29 | 00,072,704 | ---- | C] (Microsoft Corporation)
lsass.exe -> C:\Windows\System32\lsass.exe -> [2009/08/16 11:06:29 | 00,009,728 | ---- | C] (Microsoft Corporation)
xlive.dll.cat -> C:\Windows\System32\xlive.dll.cat -> [2009/08/07 19:51:34 | 00,178,430 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 00,403,816 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/06/28 15:53:03 | 00,117,248 | ---- | C] ()
SHORTCUT.INI -> C:\Windows\System32\SHORTCUT.INI -> [2009/06/10 21:26:44 | 00,002,235 | ---- | C] ()
REMOTEDEVICE.INI -> C:\Windows\System32\REMOTEDEVICE.INI -> [2009/06/10 21:26:22 | 00,000,132 | ---- | C] ()
LOCALSERVICE.INI -> C:\Windows\System32\LOCALSERVICE.INI -> [2009/06/10 21:25:46 | 00,006,019 | ---- | C] ()
LOCALDEVICE.INI -> C:\Windows\System32\LOCALDEVICE.INI -> [2009/06/10 21:25:39 | 00,000,099 | ---- | C] ()
BSPRINT.INI -> C:\Windows\System32\BSPRINT.INI -> [2009/06/10 21:19:51 | 00,000,000 | ---- | C] ()
avisplitter.INI -> C:\Windows\avisplitter.INI -> [2009/06/03 22:25:17 | 00,000,038 | ---- | C] ()
bscs.ini -> C:\Windows\System32\bscs.ini -> [2009/04/20 10:13:34 | 00,001,082 | ---- | C] ()
RtNicProp32.dll -> C:\Windows\System32\RtNicProp32.dll -> [2009/03/05 06:54:58 | 00,073,728 | ---- | C] ()
BsUI.dll -> C:\Windows\System32\BsUI.dll -> [2009/02/27 16:45:16 | 00,405,589 | ---- | C] ()
outlookAddin.dll -> C:\Windows\System32\outlookAddin.dll -> [2009/02/27 16:44:50 | 00,278,647 | ---- | C] ()
HtmPrintHelper.dll -> C:\Windows\System32\HtmPrintHelper.dll -> [2009/02/27 16:44:28 | 00,053,248 | ---- | C] ()
BSShell.dll -> C:\Windows\System32\BSShell.dll -> [2009/02/27 16:44:10 | 00,622,693 | ---- | C] ()
Bs2Res.dll -> C:\Windows\System32\Bs2Res.dll -> [2009/02/27 16:41:38 | 00,098,403 | ---- | C] ()
BsMobileSDK.dll -> C:\Windows\System32\BsMobileSDK.dll -> [2009/02/27 16:41:02 | 00,122,976 | ---- | C] ()
BsMobileCSps.dll -> C:\Windows\System32\BsMobileCSps.dll -> [2009/02/27 16:40:50 | 00,028,672 | ---- | C] ()
vnetinst.dll -> C:\Windows\System32\vnetinst.dll -> [2009/01/27 17:08:23 | 00,055,856 | ---- | C] ()
btnetBus.sys -> C:\Windows\System32\drivers\btnetBus.sys -> [2008/12/07 12:44:54 | 00,030,088 | ---- | C] ()
sptd.sys -> C:\Windows\System32\drivers\sptd.sys -> [2008/10/24 21:56:28 | 00,717,296 | ---- | C] ()
BsVistaCommon.dll -> C:\Windows\System32\BsVistaCommon.dll -> [2008/10/22 15:30:30 | 00,081,920 | ---- | C] ()
NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2008/09/05 18:16:06 | 00,000,069 | ---- | C] ()
GSetup.ini -> C:\Windows\GSetup.ini -> [2008/07/27 21:25:36 | 00,000,010 | ---- | C] ()
unrar.dll -> C:\Windows\System32\unrar.dll -> [2008/06/15 15:59:04 | 00,164,352 | ---- | C] ()
BsLangInDepRes.dll -> C:\Windows\System32\BsLangInDepRes.dll -> [2008/03/07 13:54:22 | 17,907,824 | ---- | C] ()
libcurl.dll -> C:\Windows\System32\libcurl.dll -> [2008/03/04 17:52:34 | 00,286,720 | ---- | C] ()
manage-bde.ini.en -> C:\Windows\System32\manage-bde.ini.en -> [2008/01/21 10:23:41 | 00,081,158 | ---- | C] ()
zlib1.dll -> C:\Windows\System32\zlib1.dll -> [2007/10/31 08:39:54 | 00,059,904 | ---- | C] ()
libexpatw.dll -> C:\Windows\System32\libexpatw.dll -> [2007/05/17 12:58:10 | 00,143,360 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 20:34:20 | 00,005,632 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 18:25:44 | 00,159,744 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 18:23:31 | 00,000,219 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 18:23:31 | 00,000,144 | ---- | C] ()
cngaudit.dll -> C:\Windows\System32\cngaudit.dll -> [2006/11/02 16:43:04 | 00,061,952 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 15:40:29 | 00,013,750 | ---- | C] ()
Wh2Robo.dll -> C:\Windows\System32\Wh2Robo.dll -> [2000/01/31 08:02:00 | 00,047,104 | ---- | C] ()
[Files/Folders - Modified Within 30 Days]
319 C:\Users\brenton\AppData\Local\Temp\*.tmp files -> C:\Users\brenton\AppData\Local\Temp\*.tmp ->
NTUSER.DAT -> C:\Users\brenton\NTUSER.DAT -> [2009/09/13 20:11:16 | 02,359,296 | -HS- | M] ()
alg.exe -> C:\Users\brenton\alg.exe -> [2009/09/13 20:07:10 | 00,514,560 | ---- | M] (OldTimer Tools)
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/09/13 19:59:30 | 00,751,290 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/09/13 19:59:30 | 00,636,534 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/09/13 19:59:30 | 00,118,248 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\brenton\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/09/13 19:53:37 | 00,160,768 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/09/13 19:30:50 | 00,003,760 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/09/13 19:30:50 | 00,003,760 | -H-- | M] ()
LOCALSERVICE.INI -> C:\Windows\System32\LOCALSERVICE.INI -> [2009/09/13 17:30:59 | 00,006,019 | ---- | M] ()
bscs.ini -> C:\Windows\System32\bscs.ini -> [2009/09/13 17:30:55 | 00,001,082 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/09/13 17:30:52 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/09/13 17:30:33 | 00,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/13 17:30:26 | 21,459,02592 | -HS- | M] ()
NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\brenton\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms -> [2009/09/13 17:29:44 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf -> C:\Users\brenton\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf -> [2009/09/13 17:29:44 | 00,065,536 | -HS- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/09/13 17:11:56 | 15,964,4853 | ---- | M] ()
User_Feed_Synchronization-{63B6EC25-FDA1-4089-96A5-81CA5DC576D1}.job -> C:\Windows\tasks\User_Feed_Synchronization-{63B6EC25-FDA1-4089-96A5-81CA5DC576D1}.job -> [2009/09/13 16:43:30 | 00,000,422 | -H-- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/09/13 16:39:07 | 00,000,818 | ---- | M] ()
incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2009/09/13 15:00:12 | 41,033,455 | ---- | M] ()
microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2009/09/13 15:00:12 | 00,095,802 | ---- | M] ()
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/09/13 00:07:48 | 00,186,304 | ---- | M] ()
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/09/13 00:07:48 | 00,011,868 | ---- | M] ()
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/09/13 00:07:48 | 00,008,760 | ---- | M] ()
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/09/13 00:07:48 | 00,005,520 | ---- | M] ()
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/09/13 00:07:48 | 00,000,000 | ---- | M] ()
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/09/13 00:07:48 | 00,000,000 | ---- | M] ()
default.pls -> C:\Users\brenton\AppData\Roaming\default.pls -> [2009/09/12 09:42:44 | 00,000,095 | ---- | M] ()
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [2009/09/11 02:25:42 | 04,194,304 | ---- | M] ()
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [2009/09/11 02:25:42 | 04,194,304 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
a.dat -> C:\Users\brenton\AppData\Local\Temp\a.dat -> [2009/09/09 17:59:05 | 00,013,524 | ---- | M] ()
mpengine.dll -> C:\Users\brenton\AppData\Local\Temp\mpengine.dll -> [2009/09/09 07:58:29 | 05,395,280 | ---- | M] (Microsoft Corporation)
b.exe -> C:\Users\brenton\AppData\Local\Temp\b.exe -> [2009/09/09 07:30:05 | 00,158,208 | ---- | M] ()
tax info 0809.ods -> C:\Users\brenton\Documents\tax info 0809.ods -> [2009/09/08 23:38:09 | 00,019,507 | ---- | M] ()
Windows 7 Upgrade Advisor Beta.lnk -> C:\Users\brenton\Desktop\Windows 7 Upgrade Advisor Beta.lnk -> [2009/09/03 17:32:17 | 00,002,048 | ---- | M] ()
GameUXLegacyGDFs.dll -> C:\Windows\System32\GameUXLegacyGDFs.dll -> [2009/08/29 08:27:49 | 04,240,384 | ---- | M] (Microsoft)
Apphlpdm.dll -> C:\Windows\System32\Apphlpdm.dll -> [2009/08/29 08:14:38 | 00,028,672 | ---- | M] (Microsoft Corporation)
mrt.exe -> C:\Windows\System32\mrt.exe -> [2009/08/29 05:38:20 | 24,689,600 | ---- | M] ()
LOCALDEVICE.INI -> C:\Windows\System32\LOCALDEVICE.INI -> [2009/08/24 20:36:27 | 00,000,099 | ---- | M] ()
REMOTEDEVICE.INI -> C:\Windows\System32\REMOTEDEVICE.INI -> [2009/08/23 21:01:40 | 00,000,132 | ---- | M] ()
avgldx86.sys -> C:\Windows\System32\drivers\avgldx86.sys -> [2009/08/20 18:31:24 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\Windows\System32\drivers\avgmfx86.sys -> [2009/08/20 18:31:24 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/08/20 18:31:24 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
Default.rdp -> C:\Users\brenton\Documents\Default.rdp -> [2009/08/18 22:12:22 | 00,001,812 | -H-- | M] ()
tcpip.sys -> C:\Windows\System32\drivers\tcpip.sys -> [2009/08/15 00:27:34 | 00,904,776 | ---- | M] (Microsoft Corporation)
netevent.dll -> C:\Windows\System32\netevent.dll -> [2009/08/14 23:53:34 | 00,017,920 | ---- | M] (Microsoft Corporation)
TCPSVCS.EXE -> C:\Windows\System32\TCPSVCS.EXE -> [2009/08/14 21:49:20 | 00,009,728 | ---- | M] (Microsoft Corporation)
ROUTE.EXE -> C:\Windows\System32\ROUTE.EXE -> [2009/08/14 21:49:18 | 00,017,920 | ---- | M] (Microsoft Corporation)
MRINFO.EXE -> C:\Windows\System32\MRINFO.EXE -> [2009/08/14 21:49:18 | 00,011,264 | ---- | M] (Microsoft Corporation)
NETSTAT.EXE -> C:\Windows\System32\NETSTAT.EXE -> [2009/08/14 21:49:15 | 00,027,136 | ---- | M] (Microsoft Corporation)
ARP.EXE -> C:\Windows\System32\ARP.EXE -> [2009/08/14 21:49:14 | 00,019,968 | ---- | M] (Microsoft Corporation)
HOSTNAME.EXE -> C:\Windows\System32\HOSTNAME.EXE -> [2009/08/14 21:49:14 | 00,008,704 | ---- | M] (Microsoft Corporation)
finger.exe -> C:\Windows\System32\finger.exe -> [2009/08/14 21:49:13 | 00,010,240 | ---- | M] (Microsoft Corporation)
tcpipreg.sys -> C:\Windows\System32\drivers\tcpipreg.sys -> [2009/08/14 21:48:21 | 00,030,720 | ---- | M] (Microsoft Corporation)
netiohlp.dll -> C:\Windows\System32\netiohlp.dll -> [2009/08/14 21:48:02 | 00,105,984 | ---- | M] (Microsoft Corporation)
jre-6u15-windows-i586-iftw.exe -> C:\Users\brenton\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe -> [2009/08/02 01:29:47 | 00,714,528 | ---- | M] (Sun Microsystems, Inc.)
SkypeSetup.exe -> C:\Users\brenton\AppData\Local\Temp\SkypeSetup.exe -> [2009/06/28 03:05:32 | 00,005,120 | ---- | M] ()
isnetfx.exe -> C:\Users\brenton\AppData\Local\Temp\{E4BBFCF0-F825-44F1-B908-040A5B787E4E}\isnetfx.exe -> [2009/06/10 20:12:51 | 00,431,392 | ---- | M] (Acresso Software Inc.)
jre-6u13-windows-i586-p-iftw.exe -> C:\Users\brenton\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe -> [2009/05/21 08:34:08 | 00,607,640 | ---- | M] (Sun Microsystems, Inc.)
Mcx2.dat -> C:\ProgramData\Microsoft\User Account Pictures\Mcx2.dat -> [2008/12/06 10:49:49 | 00,000,000 | ---- | M] ()
Mcx1.dat -> C:\ProgramData\Microsoft\User Account Pictures\Mcx1.dat -> [2008/12/01 19:30:32 | 00,000,000 | ---- | M] ()
hhcolreg.dat -> C:\ProgramData\Microsoft\HTML Help\hhcolreg.dat -> [2008/09/26 10:02:38 | 00,000,184 | ---- | M] ()
index.dat -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/06/29 16:25:59 | 00,032,768 | -HS- | M] ()
index.dat -> C:\Windows\Temp\History\History.IE5\index.dat -> [2008/06/29 16:25:59 | 00,016,384 | -HS- | M] ()
index.dat -> C:\Windows\Temp\Cookies\index.dat -> [2008/06/29 16:25:59 | 00,016,384 | -HS- | M] ()
brenton.dat -> C:\ProgramData\Microsoft\User Account Pictures\brenton.dat -> [2008/05/27 22:42:19 | 00,000,000 | ---- | M] ()
_isE88F.exe -> C:\Users\brenton\AppData\Local\Temp\_isE88F.exe -> [2008/01/21 10:39:16 | 00,455,600 | R--- | M] (Macrovision Corporation)
_Setup.dll -> C:\Users\brenton\AppData\Local\Temp\{C3413D50-1C59-4887-9C58-A97928C26626}\_Setup.dll -> [2008/01/21 10:39:16 | 00,385,968 | R--- | M] (Macrovision Corporation)
ISSetup.dll -> C:\Users\brenton\AppData\Local\Temp\{C3413D50-1C59-4887-9C58-A97928C26626}\ISSetup.dll -> [2008/01/21 10:39:14 | 00,492,032 | R--- | M] (Macrovision Corporation)
_is6F5.exe -> C:\Users\brenton\AppData\Local\Temp\_is6F5.exe -> [2007/06/07 16:43:44 | 00,450,560 | R--- | M] (Macrovision Corporation)
ISSetup.dll -> C:\Users\brenton\AppData\Local\Temp\{C5A364F6-90E8-45AE-89EC-5A06F40BABE9}\ISSetup.dll -> [2007/06/07 16:43:39 | 00,492,032 | R--- | M] (Macrovision Corporation)
_Setup.dll -> C:\Users\brenton\AppData\Local\Temp\{C5A364F6-90E8-45AE-89EC-5A06F40BABE9}\_Setup.dll -> [2007/06/07 16:12:32 | 00,373,680 | R--- | M] (Macrovision Corporation)
unicows.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\unicows.dll -> [2005/09/23 07:57:06 | 00,245,408 | R--- | M] (Microsoft Corporation)
install.exe -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.exe -> [2005/09/23 07:01:16 | 00,609,472 | ---- | M] (Microsoft Corporation)
install.res.1049.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.res.1049.dll -> [2005/09/23 06:47:30 | 00,082,432 | ---- | M] (Microsoft Corporation)
vjscustom.1049.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\vjscustom.1049.dll -> [2005/09/23 06:47:30 | 00,042,496 | ---- | M] (Microsoft Corporation)
install.res.1046.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.res.1046.dll -> [2005/09/23 06:47:04 | 00,082,432 | ---- | M] (Microsoft Corporation)
vjscustom.1046.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\vjscustom.1046.dll -> [2005/09/23 06:47:04 | 00,042,496 | ---- | M] (Microsoft Corporation)
vjscustom.1042.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\vjscustom.1042.dll -> [2005/09/23 06:45:00 | 00,042,496 | ---- | M] (Microsoft Corporation)
install.res.1042.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.res.1042.dll -> [2005/09/23 06:44:58 | 00,080,896 | ---- | M] (Microsoft Corporation)
install.res.1041.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.res.1041.dll -> [2005/09/23 06:42:58 | 00,080,896 | ---- | M] (Microsoft Corporation)
vjscustom.1041.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\vjscustom.1041.dll -> [2005/09/23 06:42:58 | 00,042,496 | ---- | M] (Microsoft Corporation)
install.res.1040.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.res.1040.dll -> [2005/09/23 06:40:56 | 00,084,480 | ---- | M] (Microsoft Corporation)
vjscustom.1040.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\vjscustom.1040.dll -> [2005/09/23 06:40:56 | 00,042,496 | ---- | M] (Microsoft Corporation)
install.res.1036.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.res.1036.dll -> [2005/09/23 06:38:52 | 00,086,016 | ---- | M] (Microsoft Corporation)
vjscustom.1036.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\vjscustom.1036.dll -> [2005/09/23 06:38:52 | 00,042,496 | ---- | M] (Microsoft Corporation)
install.res.3082.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.res.3082.dll -> [2005/09/23 06:36:48 | 00,085,504 | ---- | M] (Microsoft Corporation)
vjscustom.3082.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\vjscustom.3082.dll -> [2005/09/23 06:36:48 | 00,042,496 | ---- | M] (Microsoft Corporation)
install.res.1031.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.res.1031.dll -> [2005/09/23 06:34:44 | 00,085,504 | ---- | M] (Microsoft Corporation)
vjscustom.1031.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\vjscustom.1031.dll -> [2005/09/23 06:34:44 | 00,042,496 | ---- | M] (Microsoft Corporation)
install.res.1028.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.res.1028.dll -> [2005/09/23 06:32:24 | 00,080,896 | ---- | M] (Microsoft Corporation)
vjscustom.1028.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\vjscustom.1028.dll -> [2005/09/23 06:32:24 | 00,042,496 | ---- | M] (Microsoft Corporation)
install.res.2052.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.res.2052.dll -> [2005/09/23 06:30:18 | 00,080,896 | ---- | M] (Microsoft Corporation)
vjscustom.2052.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\vjscustom.2052.dll -> [2005/09/23 06:30:18 | 00,042,496 | ---- | M] (Microsoft Corporation)
vjscustom.1033.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\vjscustom.1033.dll -> [2005/09/23 03:48:06 | 00,042,496 | ---- | M] (Microsoft Corporation)
install.res.1033.dll -> C:\Users\brenton\AppData\Local\Temp\IS8E3A.tmp\install.res.1033.dll -> [2005/09/23 03:46:14 | 00,080,896 | ---- | M] (Microsoft Corporation)
Setup.EXE -> C:\Users\brenton\AppData\Local\Temp\GLFC263\Setup.EXE -> [2005/01/28 03:00:02 | 03,394,408 | ---- | M] ()
Setup.EXE -> C:\Users\brenton\AppData\Local\Temp\GLFBB21\Setup.EXE -> [2005/01/28 03:00:02 | 03,394,408 | ---- | M] ()
INSTALLDB.DLL -> C:\Users\brenton\AppData\Local\Temp\GLFC263\INSTALLDB.DLL -> [2004/05/14 15:54:30 | 00,441,856 | ---- | M] ()
INSTALLDB.DLL -> C:\Users\brenton\AppData\Local\Temp\GLFBB21\INSTALLDB.DLL -> [2004/05/14 15:54:30 | 00,441,856 | ---- | M] ()
[File - Lop Check]
Roaming -> C:\Users\brenton\AppData\Roaming -> [2009/09/13 16:39:08 | 00,000,000 | ---D | M]
AccurateRip -> C:\Users\brenton\AppData\Roaming\AccurateRip -> [2009/08/10 23:24:00 | 00,000,000 | ---D | M]
Ahead -> C:\Users\brenton\AppData\Roaming\Ahead -> [2008/09/04 07:47:11 | 00,000,000 | ---D | M]
DAEMON Tools -> C:\Users\brenton\AppData\Roaming\DAEMON Tools -> [2008/10/24 21:56:15 | 00,000,000 | ---D | M]
dBpoweramp -> C:\Users\brenton\AppData\Roaming\dBpoweramp -> [2009/08/10 23:48:00 | 00,000,000 | ---D | M]
EPSON -> C:\Users\brenton\AppData\Roaming\EPSON -> [2008/05/30 16:56:33 | 00,000,000 | ---D | M]
Leadertech -> C:\Users\brenton\AppData\Roaming\Leadertech -> [2008/12/06 12:36:26 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\brenton\AppData\Roaming\Media Center Programs -> [2006/11/02 20:35:50 | 00,000,000 | ---D | M]
NoteTab Light -> C:\Users\brenton\AppData\Roaming\NoteTab Light -> [2008/08/06 20:56:32 | 00,000,000 | ---D | M]
OpenOffice.org2 -> C:\Users\brenton\AppData\Roaming\OpenOffice.org2 -> [2009/09/08 23:53:47 | 00,000,000 | ---D | M]
uqm -> C:\Users\brenton\AppData\Roaming\uqm -> [2008/08/07 19:30:09 | 00,000,000 | ---D | M]
uTorrent -> C:\Users\brenton\AppData\Roaming\uTorrent -> [2009/09/13 16:41:30 | 00,000,000 | ---D | M]
Vso -> C:\Users\brenton\AppData\Roaming\Vso -> [2009/07/10 23:09:24 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Default\AppData\Roaming -> [2006/11/02 20:35:50 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\Default\AppData\Roaming\Media Center Programs -> [2006/11/02 20:35:50 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Default User\AppData\Roaming -> [2006/11/02 20:35:50 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\Default User\AppData\Roaming\Media Center Programs -> [2006/11/02 20:35:50 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Mcx1\AppData\Roaming -> [2006/11/02 20:35:50 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\Mcx1\AppData\Roaming\Media Center Programs -> [2006/11/02 20:35:50 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Mcx2\AppData\Roaming -> [2006/11/02 20:35:50 | 00,000,000 | ---D | M]
Media Center Programs -> C:\Users\Mcx2\AppData\Roaming\Media Center Programs -> [2006/11/02 20:35:50 | 00,000,000 | ---D | M]
C:\Windows\Tasks\ -> C:\Windows\Tasks -> [2009/09/11 02:35:27 | 00,000,000 | ---D | M]
SA.DAT -> C:\Windows\Tasks\SA.DAT -> [2009/09/13 17:30:52 | 00,000,006 | -H-- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/09/13 16:42:08 | 00,032,636 | ---- | M] ()
User_Feed_Synchronization-{63B6EC25-FDA1-4089-96A5-81CA5DC576D1}.job -> C:\Windows\Tasks\User_Feed_Synchronization-{63B6EC25-FDA1-4089-96A5-81CA5DC576D1}.job -> [2009/09/13 16:43:30 | 00,000,422 | -H-- | M] ()
[File - Purity Scan]
< End of report >
Sign In
Create Account
