OTS logfile created on: 9/20/2010 4:41:19 PM - Run 1 OTS by OldTimer - Version 3.1.37.1 Folder = C:\Users\wlogan89\Pictures 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.99 Gb Total Space | 216.03 Gb Free Space | 75.54% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WLOGAN89-PC Current User Name: wlogan89 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\wlogan89\Pictures\OTS.exe -> [2010/09/20 16:07:35 | 000,642,048 | ---- | M] (OldTimer Tools) firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2010/09/17 14:20:26 | 000,910,296 | ---- | M] (Mozilla Corporation) plugin-container.exe -> C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe -> [2010/09/17 14:20:26 | 000,014,808 | ---- | M] (Mozilla Corporation) divxupdate.exe -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe -> [2010/08/20 14:45:26 | 001,164,584 | ---- | M] () applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) limewire.exe -> C:\Program Files (x86)\LimeWire\LimeWire.exe -> [2010/07/29 11:32:10 | 000,503,808 | ---- | M] (Lime Wire, LLC) soffice.bin -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin -> [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) soffice.exe -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe -> [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) avguard.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2010/04/22 11:55:26 | 000,267,432 | ---- | M] (Avira GmbH) plfseti.exe -> C:\Windows\PLFSetI.exe -> [2010/04/04 12:36:56 | 000,200,704 | ---- | M] () yahoomessenger.exe -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe -> [2010/03/19 16:27:46 | 005,248,312 | ---- | M] (Yahoo! Inc.) avgnt.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe -> [2010/03/02 09:28:31 | 000,282,792 | ---- | M] (Avira GmbH) sched.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2010/02/24 08:28:09 | 000,135,336 | ---- | M] (Avira GmbH) arcadedeluxeagent.exe -> C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe -> [2009/10/06 16:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.) pmvservice.exe -> C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe -> [2009/10/05 21:15:10 | 000,181,480 | ---- | M] (Acer Corp.) backupmanagertray.exe -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -> [2009/09/24 17:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) ischedulesvc.exe -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -> [2009/09/24 17:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) mwlservice.exe -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe -> [2009/09/10 08:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) mwldaemon.exe -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe -> [2009/09/10 08:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) lmanager.exe -> C:\Program Files (x86)\Launch Manager\LManager.exe -> [2009/08/31 21:19:12 | 001,157,128 | ---- | M] (Dritek System Inc.) greghsrw.exe -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) dsiwmis.exe -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2009/08/23 21:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) egisupdate.exe -> C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe -> [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) acervcm.exe -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe -> [2009/07/10 17:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) rs_service.exe -> C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -> [2009/07/10 04:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) updaterservice.exe -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) schedulersvc.exe -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2009/06/17 19:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) searchprotection.exe -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) yahooauservice.exe -> C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) ijplmsvc.exe -> C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -> [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () [Modules - Safe List] ots.exe -> C:\Users\wlogan89\Pictures\OTS.exe -> [2010/09/20 16:07:35 | 000,642,048 | ---- | M] (OldTimer Tools) msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(ePowerSvc) [Auto | Running] -> C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -> [2009/09/30 16:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) 64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD) 64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) 64bit-(Updater Service) [Auto | Running] -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) (Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) (AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2010/04/22 11:55:26 | 000,267,432 | ---- | M] (Avira GmbH) (clr_optimization_v4.0.30319_64) Microsoft .NET Framework NGEN v4.0.30319_X64 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2010/02/24 08:28:09 | 000,135,336 | ---- | M] (Avira GmbH) (NTI IScheduleSvc) NTI IScheduleSvc [Auto | Running] -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -> [2009/09/24 17:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) (MWLService) MyWinLocker Service [Auto | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -> [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () (Greg_Service) GRegService [Auto | Running] -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) (DsiWMIService) Dritek WMI Service [Auto | Running] -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2009/08/23 21:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) (RS_Service) Raw Socket Service [Auto | Running] -> C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -> [2009/07/10 04:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) (NTISchedulerSvc) NTI Backup Now 5 Scheduler Service [Auto | Running] -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2009/06/17 19:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) (NTIBackupSvc) NTI Backup Now 5 Backup Service [On_Demand | Stopped] -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -> [2009/06/17 19:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) (YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) (IJPLMSVC) PIXMA Extended Survey Program [Auto | Running] -> C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -> [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () [Driver Services - Safe List] 64bit-(USBCCID) Realtek Smartcard Reader Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -> File not found 64bit-(RtsUIR) Realtek IR Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -> File not found 64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) 64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\athrx.sys -> [2010/04/02 21:54:44 | 001,598,464 | ---- | M] (Atheros Communications, Inc.) 64bit-(avipbb) avipbb [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avipbb.sys -> [2010/03/02 11:35:01 | 000,116,568 | ---- | M] (Avira GmbH) 64bit-(avgntflt) avgntflt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\avgntflt.sys -> [2010/02/16 12:24:00 | 000,081,072 | ---- | M] (Avira GmbH) 64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) 64bit-(AtiHdmiService) ATI Service for HD Audio Codec [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtiHdmi.sys -> [2009/07/23 10:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(RTHDMIAzAudService) Service for HDMI [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtHDMIVX.sys -> [2009/07/02 00:15:26 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) 64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2009/06/25 21:34:24 | 000,219,136 | ---- | M] (Realtek Semiconductor Corp.) 64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) 64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) 64bit-(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -> [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) 64bit-(mwlPSDFilter) mwlPSDFilter [File_System | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDFilter.sys -> [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) 64bit-(mwlPSDNServ) mwlPSDNServ [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDNserv.sys -> [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) 64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2009/05/22 09:52:30 | 000,215,040 | ---- | M] (Realtek ) 64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) 64bit-(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NTIDrvr.sys -> [2009/05/05 03:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) 64bit-(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UBHelper.sys -> [2009/05/05 03:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) 64bit-(AtiPcie) AMD PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AtiPcie.sys -> [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) 64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) (DKbFltr) Dritek Keyboard Filter Driver (64-bit) [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\Drivers\DKbFltr.sys -> [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5538&r=273604105635l0364z155t4862v602 -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5538&r=273604105635l0364z155t4862v602 -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\] > -> -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5538&r=273604105635l0364z155t4862v602 -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\: Main\\"Search Page" -> -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\: Main\\"Start Page" -> http://www.google.com -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\: Main\\"Start Page Restore" -> http://www.yahoo.com -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\: "ProxyOverride" -> *.local -> < FireFox Settings [Prefs.js] > -> C:\Users\wlogan89\AppData\Roaming\Mozilla\FireFox\Profiles\2ibn802q.default\prefs.js -> browser.startup.homepage -> "http://www.lc.edu/" -> extensions.enabledItems -> [email protected]:3.6.9.135 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 -> extensions.enabledItems -> {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 -> network.proxy.no_proxies_on -> "*.local" -> network.proxy.type -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/09/17 14:27:38 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/09/17 14:27:38 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\wlogan89\AppData\Roaming\Mozilla\Extensions -> [2010/07/24 15:13:07 | 000,000,000 | ---D | M] -> C:\Users\wlogan89\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2010/04/04 13:13:27 | 000,000,000 | ---D | M] -> C:\Users\wlogan89\AppData\Roaming\Mozilla\Firefox\Profiles\2ibn802q.default\extensions -> [2010/09/19 22:17:15 | 000,000,000 | ---D | M] -> C:\Users\wlogan89\AppData\Roaming\Mozilla\Firefox\Profiles\2ibn802q.default\extensions\[email protected] -> [2010/08/06 01:47:50 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/09/09 20:19:47 | 000,000,000 | ---D | M] Skype extension for Firefox -> C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} -> [2010/09/09 20:19:48 | 000,000,000 | ---D | M] Java Console -> C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/09/02 00:23:23 | 000,000,000 | ---D | M] Java Console -> C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/26 01:43:55 | 000,000,000 | ---D | M] < HOSTS File > ([2009/06/10 16:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2010/07/13 23:11:58 | 000,371,888 | ---- | M] (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll [Google Toolbar Notifier BHO] -> [2010/09/14 20:48:24 | 000,317,496 | ---- | M] (Google Inc.) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2010/03/23 02:51:16 | 001,205,560 | ---- | M] (Yahoo! Inc.) {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/07/13 23:11:54 | 000,278,192 | ---- | M] (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [Google Toolbar Notifier BHO] -> [2010/09/14 20:48:24 | 000,842,296 | ---- | M] (Google Inc.) {D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [LimeWire Toolbar] -> [2010/06/17 11:02:24 | 001,233,288 | ---- | M] (Ask.com) {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2010/03/23 02:51:16 | 000,158,520 | ---- | M] (Yahoo! Inc) < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/07/13 23:11:58 | 000,371,888 | ---- | M] (Google Inc.) "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 23:11:54 | 000,278,192 | ---- | M] (Google Inc.) "{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [LimeWire Toolbar] -> [2010/06/17 11:02:24 | 001,233,288 | ---- | M] (Ask.com) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2010/03/23 02:51:16 | 001,205,560 | ---- | M] (Yahoo! Inc.) "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\] > -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\Software\Microsoft\Internet Explorer\Toolbar\ -> 64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/07/13 23:11:58 | 000,371,888 | ---- | M] (Google Inc.) WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 23:11:54 | 000,278,192 | ---- | M] (Google Inc.) WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [LimeWire Toolbar] -> [2010/06/17 11:02:24 | 001,233,288 | ---- | M] (Ask.com) WebBrowser\\"{EEE6C35B-6118-11DC-9C72-001320C79847}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Acer ePower Management" -> C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe] -> [2009/09/30 16:45:20 | 000,823,840 | ---- | M] (Acer Incorporated) "CanonMyPrinter" -> C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> [2009/07/06 20:07:00 | 002,114,376 | ---- | M] (CANON INC.) "CanonSolutionMenu" -> C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon] -> [2007/10/25 20:10:00 | 000,652,624 | ---- | M] (CANON INC.) "mwlDaemon" -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe] -> [2009/09/10 08:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) "PLFSetI" -> C:\Windows\PLFSetI.exe [C:\Windows\PLFSetI.exe] -> [2010/04/04 12:36:56 | 000,200,704 | ---- | M] () "RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/07/06 04:52:00 | 007,940,128 | ---- | M] (Realtek Semiconductor) "Skytel" -> C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [C:\Program Files\Realtek\Audio\HDA\Skytel.exe] -> [2009/07/06 04:52:54 | 001,833,504 | ---- | M] (Realtek Semiconductor Corp.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Acer Assist Launcher" -> C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [C:\Program Files (x86)\Acer\Acer Assist\launcher.exe] -> [2007/11/19 17:17:40 | 001,261,568 | ---- | M] () "AppleSyncNotifier" -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe] -> [2010/09/08 17:31:24 | 000,047,904 | ---- | M] (Apple Inc.) "ArcadeDeluxeAgent" -> C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe ["C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"] -> [2009/10/06 16:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.) "avgnt" -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2010/03/02 09:28:31 | 000,282,792 | ---- | M] (Avira GmbH) "BackupManagerTray" -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe ["C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k] -> [2009/09/24 17:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) "DivXUpdate" -> C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ["C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW] -> [2010/08/20 14:45:26 | 001,164,584 | ---- | M] () "EgisTecLiveUpdate" -> C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe ["C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"] -> [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) "LManager" -> C:\Program Files (x86)\Launch Manager\LManager.exe [C:\Program Files (x86)\Launch Manager\LManager.exe] -> [2009/08/31 21:19:12 | 001,157,128 | ---- | M] (Dritek System Inc.) "PlayMovie" -> C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe ["C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"] -> [2009/10/05 21:15:10 | 000,181,480 | ---- | M] (Acer Corp.) "StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2009/07/30 00:20:52 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) "YSearchProtection" -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 20:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 20:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\] > -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Messenger (Yahoo!)" -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2010/03/19 16:27:46 | 005,248,312 | ---- | M] (Yahoo! Inc.) "msnmsgr" -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background] -> [2010/04/16 22:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation) "Search Protection" -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) "swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/10/21 13:54:28 | 000,039,408 | ---- | M] (Google Inc.) < RunOnce [HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\] > -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "FlashPlayerUpdate" -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe [C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -update plugin] -> [2010/08/20 23:51:28 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001] > -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\] > -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html] -> [2010/06/24 19:11:58 | 001,697,456 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\] > -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html] -> [2010/06/24 19:11:58 | 001,697,456 | ---- | M] (Google Inc.) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\] > -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4948 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\] > -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3448710332-4106491244-2214301219-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 24.217.0.5 24.217.201.67 68.113.206.10 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {DDECF472-6803-4EEC-861E-C63FDDA8E9EA}\\DhcpNameServer -> 24.217.0.5 24.217.201.67 68.113.206.10 (Realtek PCIe GBE Family Controller) -> {DE2A73C4-8491-48E6-85DE-0845015ECD93}\\DhcpNameServer -> 24.217.0.5 24.217.201.67 68.113.206.10 (Atheros AR5B93 Wireless Network Adapter) -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 20:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009/07/13 20:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {12A39A1C-7F54-4D4A-98F3-3DA9DFD68BD5} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {169AFE04-2F8B-4A27-8EB0-EB5BE47EBBE1} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system | {1E78A8DA-87C1-46C4-8E1A-6247BC07CD89} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system | {23B864AC-7474-41B1-935E-697A791A68C8} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {2D837417-E373-4E52-AB6D-1EAC249AB6B1} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {3ED5B76D-3DC3-4041-9C4F-C2C25434830E} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system | {3F816FF7-490F-4469-A6B1-FDD44755DB77} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system | {45D9B52F-E1C6-4A17-AF8A-194BE2261C4A} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | {524E27B8-F0D1-443B-BCEC-F1FE0F8ECAB1} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {5F7343CA-5A71-471D-8F21-5C7B29814510} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {6F55BE34-3E43-4452-8BA2-E38B45DE7AC1} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | {75B05236-D060-433B-9BC9-79924EE16097} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss | {7D2E7FFE-43BC-47D3-9A73-6975EF831E11} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system | {812E9BB1-89CD-4F02-ACC2-4E40753F3055} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {8F786DBD-2FE3-4981-9212-3F4804BCAF40} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {B7F7F3D4-4F43-4889-8EBB-BD323290EB08} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {BC56D6CE-69E9-4DDE-A2B0-E910B334075C} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {D0ECCEB0-BC0B-4E89-B9A7-467F3023006A} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {D1D89132-7222-4C60-A1EF-EA9AC9721E5C} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | {D4E7B943-6CC6-4D16-A4C5-9907498AA359} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system | {DB5AD1DA-26B1-4D10-B2AE-F3E8277AFA3C} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system | {E76B3A1E-CF9C-462E-AE3C-3E9C7A2660B6} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | {EE71FB0E-D017-4807-8E38-950CED8DA147} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system | {F9CC1621-98FB-43D7-B9D6-33DD48584899} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | {FFA1B2F6-CEBB-4AC3-8247-41ADFB89E7DB} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {04F8E632-4370-4C3F-B91B-E89B52FA8F7D} -> profile=private | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | {1569957C-75BF-43BE-BA1A-E3AF87FDEDE3} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe | {17DE5A18-DE52-430C-B17E-F578A6B801C3} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | {1D6AEAF9-83B1-4AE9-BE65-1DA598F7D5D8} -> dir=in | action=allow | name=acervcm-rs_service | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | {1EFBDB6A-70F8-43AC-B9C3-BAE3F35AA81F} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | {24CCDB30-28BD-458D-82A2-B5420BB3523C} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {27109678-8FAC-4E68-9A36-5AD80D69E451} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {2DEB7F8E-496D-429C-AA2E-D89F8615A8AF} -> profile=private | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | {3554D412-BCC5-4B29-8452-D63AE0ADFDD7} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {383D4417-7B95-4C77-A152-5C48E7D3BA31} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 | {3D54CFE2-6286-409F-AA2E-CA3BB1A475EF} -> dir=in | action=allow | name=acervcm-vc | app=c:\program files (x86)\acer\acer vcm\vc.exe | {3E3032BD-C867-43BB-A62E-1DA14AB2C479} -> profile=public | protocol=17 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | {4C928FCA-FAD7-47E0-95E1-ED515790BD1A} -> profile=public | protocol=17 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | {51C6F3F6-7539-44D8-8484-6CB28805020B} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {539FF614-2C49-4B3D-B5F3-E1DA0EBDBEC8} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {53D7BA4A-6F3B-4CF0-8C41-DE61F117CB99} -> profile=public | protocol=6 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | {64671088-DB6A-4FA0-B7C5-9ABF141E2223} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {66C15850-FDB5-45C0-90D9-4FDC77D8B169} -> profile=private | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | {708BDB58-948F-4F16-89F8-F68D6ED30990} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | {7356008D-08FE-44FB-ADA6-6A01B8D250DD} -> profile=private | protocol=17 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe | {7609AF8A-7049-4B6D-B700-6BA5C9D66974} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 | {799039F5-C971-442B-9C4D-0CA72F8E8292} -> profile=public | protocol=6 | dir=in | action=allow | name=sweetim installer | app=c:\users\wlogan89\downloads\sweetimsetup.exe | {7DB57F30-6F50-497C-9548-7281DD60B715} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {7DDC9E51-77C3-4E58-82B7-6FDFC0D7A1CC} -> profile=private | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | {7F8686C3-EFAA-4162-A548-0F1E2A38FFAE} -> profile=public | protocol=6 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | {802AAA45-B86D-4DDA-9442-8D3A1E8CB887} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {837F8712-C343-4431-A663-AE54C9A9DC47} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | {859B7FE6-5C2F-4507-A33C-F9F1173B3089} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | {91A0DD08-8F18-428F-8A60-25D7746F30A0} -> dir=in | action=allow | name=acer homemedia | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | {958F5BE6-3338-483C-90E1-85DB489EE6D0} -> dir=in | action=allow | name=acer play movie resident program | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | {9930459B-E270-459E-81B7-C56A9DA09038} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | {A3712605-95A6-481D-83A2-CD0E57B60DC6} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 | {AF2D5919-D2F6-4388-ABAE-0D8D8888A848} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {B87CE84C-30BA-455F-8197-2E294DD0E0E3} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 | {BE195B3E-FCA0-452F-95AA-E5D2317647BA} -> dir=in | action=allow | name=acer arcade deluxe | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | {C52DA975-F3EF-40BB-A448-EBA9B9D135F0} -> dir=in | action=allow | name=acer play movie | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | {C9D9E616-A9E5-45F4-99B2-EA0838563351} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {CE6FCBFA-EEA7-4A56-B32D-D7B1E4904569} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {D281F1DD-462C-4CD6-9231-D96B93377A8A} -> profile=public | protocol=17 | dir=in | action=allow | name=sweetim installer | app=c:\users\wlogan89\downloads\sweetimsetup.exe | {D6623B19-B0E0-4FEE-89ED-EE303D49AFC8} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {D772BF26-BDAF-4537-9148-A942D469931F} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {D97FA223-1CD4-4790-B674-106BA7F36D34} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {E5DD3CEC-B714-4947-B85E-DEFFF5B5672B} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | {E77647C2-B082-4D80-A78B-9396CE583250} -> profile=private | protocol=6 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe | {E80F9B85-0B87-47A2-B7B2-9C0ED06EE27B} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {ED07E51D-71B6-4D2F-A06F-6C243C1FB73E} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {EDECC197-4ADE-4B94-9A2D-0B1F66739026} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {FCBF581C-820D-4BCF-A22F-A6CB8120E426} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | TCP Query User{A98DD6A8-149B-4FA6-9A40-705D82FFF92C}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=public | protocol=6 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe | TCP Query User{B6C4516E-5E95-4B4A-90AE-9DE49CFB08A9}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=private | protocol=6 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe | TCP Query User{D55A06CB-7F9A-4A1A-886F-99F98820FEA0}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=public | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | TCP Query User{F3B4E603-9F39-4B13-9031-42C6BC5CC98F}C:\program files (x86)\limewire\limewire.exe -> profile=public | protocol=6 | dir=in | action=block | name=limewire | app=c:\program files (x86)\limewire\limewire.exe | UDP Query User{33828C5A-6B71-4EE1-90B0-949F6697E41D}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=public | protocol=17 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe | UDP Query User{42ABCD59-75F7-480E-8C34-79B15AA214AC}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=private | protocol=17 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe | UDP Query User{5E56C468-CACA-404C-88A7-3BBC6E40BD3E}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=public | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | UDP Query User{A65F5569-7054-42A4-A3FF-8228766A4818}C:\program files (x86)\limewire\limewire.exe -> profile=public | protocol=17 | dir=in | action=block | name=limewire | app=c:\program files (x86)\limewire\limewire.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{500465d3-4f2d-11df-838b-00235ae9055c} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{500465d3-4f2d-11df-838b-00235ae9055c}\shell \{500465d3-4f2d-11df-838b-00235ae9055c}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{500465d3-4f2d-11df-838b-00235ae9055c}\shell\AutoRun\command \{500465d3-4f2d-11df-838b-00235ae9055c}\shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* -> File not found 64bit-cmdfile [open] -> "%1" %* -> File not found 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found 64bit-htmlfile [print] -> rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" -> File not found 64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 20:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/06/30 01:22:34 | 005,971,456 | ---- | M] (Microsoft Corporation) 64bit-piffile [open] -> "%1" %* -> File not found 64bit-scrfile [config] -> "%1" -> File not found 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 20:38:51 | 000,130,048 | ---- | M] (Microsoft Corporation) 64bit-scrfile [open] -> "%1" /S -> File not found 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found 64bit-Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/01/30 17:27:38 | 000,141,061 | ---- | M] () 64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 20:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation) 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/01/30 17:27:38 | 000,141,061 | ---- | M] () 64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 20:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> htmlfile [print] -> rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" -> inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 20:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation) InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/06/30 01:22:34 | 005,971,456 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 20:14:08 | 000,128,000 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/01/30 17:27:38 | 000,141,061 | ---- | M] () Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 20:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/01/30 17:27:38 | 000,141,061 | ---- | M] () Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 9/5/2010 2:33:36 PM Computer Name = wlogan89-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 9/5/2010 2:33:36 PM Computer Name = wlogan89-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 8252 Application [ Error ] 9/5/2010 2:33:36 PM Computer Name = wlogan89-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 8252 Application [ Error ] 9/5/2010 2:51:35 PM Computer Name = wlogan89-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 9/5/2010 2:51:35 PM Computer Name = wlogan89-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 1088044 Application [ Error ] 9/5/2010 2:51:35 PM Computer Name = wlogan89-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 1088044 Application [ Error ] 9/5/2010 2:51:36 PM Computer Name = wlogan89-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 9/5/2010 2:51:36 PM Computer Name = wlogan89-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 1089058 Application [ Error ] 9/5/2010 2:51:36 PM Computer Name = wlogan89-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 1089058 Application [ Error ] 9/5/2010 9:08:08 PM Computer Name = wlogan89-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Media Center [ Error ] 8/23/2010 10:22:35 PM Computer Name = wlogan89-PC | Source = MCUpdate | ID = 0 -> Description = 9:22:35 PM - Error connecting to the internet. 9:22:35 PM - Unable to contact server.. Media Center [ Error ] 8/23/2010 10:22:45 PM Computer Name = wlogan89-PC | Source = MCUpdate | ID = 0 -> Description = 9:22:40 PM - Error connecting to the internet. 9:22:40 PM - Unable to contact server.. Media Center [ Error ] 8/24/2010 11:22:48 PM Computer Name = wlogan89-PC | Source = MCUpdate | ID = 0 -> Description = 10:22:48 PM - Error connecting to the internet. 10:22:48 PM - Unable to contact server.. Media Center [ Error ] 8/24/2010 11:22:57 PM Computer Name = wlogan89-PC | Source = MCUpdate | ID = 0 -> Description = 10:22:53 PM - Error connecting to the internet. 10:22:53 PM - Unable to contact server.. Media Center [ Error ] 8/25/2010 12:23:01 AM Computer Name = wlogan89-PC | Source = MCUpdate | ID = 0 -> Description = 11:23:01 PM - Error connecting to the internet. 11:23:01 PM - Unable to contact server.. Media Center [ Error ] 8/25/2010 12:23:08 AM Computer Name = wlogan89-PC | Source = MCUpdate | ID = 0 -> Description = 11:23:06 PM - Error connecting to the internet. 11:23:06 PM - Unable to contact server.. Media Center [ Error ] 8/25/2010 3:41:41 PM Computer Name = wlogan89-PC | Source = MCUpdate | ID = 0 -> Description = 2:41:41 PM - Error connecting to the internet. 2:41:41 PM - Unable to contact server.. Media Center [ Error ] 8/25/2010 3:41:48 PM Computer Name = wlogan89-PC | Source = MCUpdate | ID = 0 -> Description = 2:41:46 PM - Error connecting to the internet. 2:41:46 PM - Unable to contact server.. Media Center [ Error ] 9/6/2010 3:14:36 PM Computer Name = wlogan89-PC | Source = MCUpdate | ID = 0 -> Description = 2:14:36 PM - Error connecting to the internet. 2:14:36 PM - Unable to contact server.. Media Center [ Error ] 9/6/2010 3:15:26 PM Computer Name = wlogan89-PC | Source = MCUpdate | ID = 0 -> Description = 2:15:22 PM - Error connecting to the internet. 2:15:22 PM - Unable to contact server.. System [ Error ] 9/13/2010 4:22:05 PM Computer Name = wlogan89-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/13/2010 7:45:21 PM Computer Name = wlogan89-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/14/2010 7:44:55 AM Computer Name = wlogan89-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/14/2010 4:32:03 PM Computer Name = wlogan89-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/14/2010 4:34:05 PM Computer Name = wlogan89-PC | Source = DCOM | ID = 10010 -> Description = System [ Error ] 9/15/2010 4:01:17 AM Computer Name = wlogan89-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/15/2010 7:37:40 AM Computer Name = wlogan89-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/15/2010 11:42:57 AM Computer Name = wlogan89-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/15/2010 9:08:34 PM Computer Name = wlogan89-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active System [ Error ] 9/15/2010 9:49:42 PM Computer Name = wlogan89-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active [Files/Folders - Created Within 30 Days] MSSTDFMT.DLL -> C:\Windows\SysWow64\MSSTDFMT.DLL -> [2010/09/19 13:20:17 | 000,118,784 | ---- | C] (Microsoft Corporation) SpywareBlaster -> C:\Program Files (x86)\SpywareBlaster -> [2010/09/19 13:20:14 | 000,000,000 | ---D | C] Namco Networks -> C:\Users\wlogan89\AppData\Local\Namco Networks -> [2010/09/19 12:35:14 | 000,000,000 | ---D | C] XAudio2_1.dll -> C:\Windows\SysNative\XAudio2_1.dll -> [2010/09/19 12:30:47 | 000,511,496 | ---- | C] (Microsoft Corporation) XAudio2_1.dll -> C:\Windows\SysWow64\XAudio2_1.dll -> [2010/09/19 12:30:47 | 000,507,400 | ---- | C] (Microsoft Corporation) XAPOFX1_0.dll -> C:\Windows\SysNative\XAPOFX1_0.dll -> [2010/09/19 12:30:47 | 000,068,104 | ---- | C] (Microsoft Corporation) XAPOFX1_0.dll -> C:\Windows\SysWow64\XAPOFX1_0.dll -> [2010/09/19 12:30:47 | 000,065,032 | ---- | C] (Microsoft Corporation) xactengine3_1.dll -> C:\Windows\SysWow64\xactengine3_1.dll -> [2010/09/19 12:30:45 | 000,238,088 | ---- | C] (Microsoft Corporation) xactengine3_1.dll -> C:\Windows\SysNative\xactengine3_1.dll -> [2010/09/19 12:30:45 | 000,177,672 | ---- | C] (Microsoft Corporation) X3DAudio1_4.dll -> C:\Windows\SysNative\X3DAudio1_4.dll -> [2010/09/19 12:30:45 | 000,028,168 | ---- | C] (Microsoft Corporation) X3DAudio1_4.dll -> C:\Windows\SysWow64\X3DAudio1_4.dll -> [2010/09/19 12:30:45 | 000,025,608 | ---- | C] (Microsoft Corporation) D3DX9_38.dll -> C:\Windows\SysNative\D3DX9_38.dll -> [2010/09/19 12:30:42 | 004,991,496 | ---- | C] (Microsoft Corporation) D3DX9_38.dll -> C:\Windows\SysWow64\D3DX9_38.dll -> [2010/09/19 12:30:42 | 003,850,760 | ---- | C] (Microsoft Corporation) PAC-MAN-Pizza Parlor -> C:\Program Files (x86)\PAC-MAN-Pizza Parlor -> [2010/09/19 12:29:16 | 000,000,000 | ---D | C] PlayFirst -> C:\Users\wlogan89\AppData\Roaming\PlayFirst -> [2010/09/19 11:32:15 | 000,000,000 | ---D | C] PlayFirst -> C:\ProgramData\PlayFirst -> [2010/09/19 11:32:15 | 000,000,000 | ---D | C] Haunted Hotel - Lonely Dream Strategy Guide -> C:\Program Files (x86)\Haunted Hotel - Lonely Dream Strategy Guide -> [2010/09/19 09:21:19 | 000,000,000 | ---D | C] bfgclient -> C:\Program Files (x86)\bfgclient -> [2010/09/19 09:20:47 | 000,000,000 | ---D | C] BigFishGamesCache -> C:\BigFishGamesCache -> [2010/09/19 09:20:01 | 000,000,000 | ---D | C] QuickTime -> C:\Program Files (x86)\QuickTime -> [2010/09/17 14:27:09 | 000,000,000 | ---D | C] iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2010/09/16 21:26:09 | 002,441,216 | ---- | C] (Microsoft Corporation) Specialbit -> C:\Users\wlogan89\AppData\Roaming\Specialbit -> [2010/09/13 22:10:10 | 000,000,000 | ---D | C] Boolat Games -> C:\Users\wlogan89\AppData\Roaming\Boolat Games -> [2010/09/13 21:07:59 | 000,000,000 | ---D | C] AlawarWrapper -> C:\Users\Public\Documents\AlawarWrapper -> [2010/09/13 21:07:59 | 000,000,000 | ---D | C] AlawarWrapper -> C:\ProgramData\AlawarWrapper -> [2010/09/13 21:07:59 | 000,000,000 | ---D | C] GabCab -> C:\ProgramData\GabCab -> [2010/09/13 20:27:45 | 000,000,000 | ---D | C] Games -> C:\Program Files (x86)\Games -> [2010/09/13 19:34:32 | 000,000,000 | ---D | C] Exorcist DS 7 -> C:\ProgramData\Exorcist DS 7 -> [2010/09/11 10:47:57 | 000,000,000 | ---D | C] Skype -> C:\Program Files (x86)\Common Files\Skype -> [2010/09/09 20:19:18 | 000,000,000 | ---D | C] Skype -> C:\Program Files (x86)\Skype -> [2010/09/09 20:19:17 | 000,000,000 | R--D | C] QuickTimeVR.qtx -> C:\Windows\SysWow64\QuickTimeVR.qtx -> [2010/09/08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) QuickTime.qts -> C:\Windows\SysWow64\QuickTime.qts -> [2010/09/08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) Orneon -> C:\Users\wlogan89\AppData\Roaming\Orneon -> [2010/09/07 22:31:42 | 000,000,000 | ---D | C] iTunes -> C:\Program Files\iTunes -> [2010/09/04 18:29:31 | 000,000,000 | ---D | C] iTunes -> C:\Program Files (x86)\iTunes -> [2010/09/04 18:29:31 | 000,000,000 | ---D | C] iPod -> C:\Program Files\iPod -> [2010/09/04 18:29:31 | 000,000,000 | ---D | C] OpenOffice.org -> C:\Users\wlogan89\AppData\Roaming\OpenOffice.org -> [2010/09/02 00:27:37 | 000,000,000 | ---D | C] JRE -> C:\Program Files (x86)\JRE -> [2010/09/02 00:25:18 | 000,000,000 | ---D | C] OpenOffice.org 3 -> C:\Program Files (x86)\OpenOffice.org 3 -> [2010/09/02 00:25:12 | 000,000,000 | ---D | C] javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2010/09/02 00:23:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2010/09/02 00:23:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) java.exe -> C:\Windows\SysWow64\java.exe -> [2010/09/02 00:23:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) OpenOffice.org 3.2 (en-US) Installation Files -> C:\Users\wlogan89\Desktop\OpenOffice.org 3.2 (en-US) Installation Files -> [2010/09/02 00:21:48 | 000,000,000 | ---D | C] Safari -> C:\Program Files (x86)\Safari -> [2010/08/29 23:59:13 | 000,000,000 | ---D | C] %APPDATA% -> C:\Windows\SysNative\%APPDATA% -> [2010/08/29 23:54:10 | 000,000,000 | -HSD | C] Java -> C:\Program Files (x86)\Common Files\Java -> [2010/08/26 01:44:15 | 000,000,000 | ---D | C] oleaut32.dll -> C:\Windows\SysNative\oleaut32.dll -> [2010/08/25 15:08:36 | 000,861,184 | ---- | C] (Microsoft Corporation) Scanned Documents -> C:\Users\wlogan89\Documents\Scanned Documents -> [2010/08/21 23:53:58 | 000,000,000 | R--D | C] Fax -> C:\Users\wlogan89\Documents\Fax -> [2010/08/21 23:53:58 | 000,000,000 | ---D | C] my baby vinces pics -> C:\Users\wlogan89\my baby vinces pics -> [2010/08/21 23:10:14 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] NTUSER.DAT -> C:\Users\wlogan89\NTUSER.DAT -> [2010/09/20 16:44:05 | 003,407,872 | -HS- | M] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/09/20 16:11:00 | 000,000,898 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/09/20 15:39:30 | 000,067,584 | --S- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/09/20 13:48:06 | 000,009,920 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/09/20 13:48:06 | 000,009,920 | -H-- | M] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/09/20 13:40:33 | 000,000,894 | ---- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/09/20 13:38:43 | 000,000,006 | -H-- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/09/20 13:38:25 | 3016,790,016 | -HS- | M] () IconCache.db -> C:\Users\wlogan89\AppData\Local\IconCache.db -> [2010/09/20 13:37:28 | 001,820,860 | -H-- | M] () SpywareBlaster.lnk -> C:\Users\wlogan89\Desktop\SpywareBlaster.lnk -> [2010/09/19 13:20:18 | 000,000,971 | ---- | M] () PAC-MAN-Pizza Parlor.lnk -> C:\Users\Public\Desktop\PAC-MAN-Pizza Parlor.lnk -> [2010/09/19 12:29:49 | 000,001,119 | ---- | M] () Game Manager.lnk -> C:\Users\wlogan89\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk -> [2010/09/19 09:20:48 | 000,001,907 | ---- | M] () Jeremy&Winston.jpg -> C:\Users\wlogan89\Documents\Jeremy&Winston.jpg -> [2010/09/17 19:54:08 | 000,020,296 | ---- | M] () Untitled 1.ods -> C:\Users\wlogan89\Documents\Untitled 1.ods -> [2010/09/17 19:40:02 | 000,010,709 | ---- | M] () QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2010/09/17 14:27:26 | 000,001,809 | ---- | M] () untitiled 3.odt -> C:\Users\wlogan89\Documents\untitiled 3.odt -> [2010/09/14 22:25:56 | 000,017,118 | ---- | M] () Haunted Hotel 3 Lonely Dream.lnk -> C:\Users\wlogan89\Desktop\Haunted Hotel 3 Lonely Dream.lnk -> [2010/09/13 19:34:37 | 000,002,279 | ---- | M] () mapisvc.inf -> C:\Windows\SysNative\mapisvc.inf -> [2010/09/12 15:06:51 | 000,000,629 | ---- | M] () Skype.lnk -> C:\Users\Public\Desktop\Skype.lnk -> [2010/09/09 20:19:20 | 000,002,515 | ---- | M] () QuickTimeVR.qtx -> C:\Windows\SysWow64\QuickTimeVR.qtx -> [2010/09/08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) QuickTime.qts -> C:\Windows\SysWow64\QuickTime.qts -> [2010/09/08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) english paper.odt -> C:\Users\wlogan89\Documents\english paper.odt -> [2010/09/07 21:51:45 | 000,019,835 | ---- | M] () Apple Safari.lnk -> C:\Users\wlogan89\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2010/09/07 19:28:11 | 000,002,515 | ---- | M] () Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2010/09/07 19:28:11 | 000,002,491 | ---- | M] () Untitled 2.odt -> C:\Users\wlogan89\Documents\Untitled 2.odt -> [2010/09/06 19:26:26 | 000,018,272 | ---- | M] () definitions.odt -> C:\Users\wlogan89\Documents\definitions.odt -> [2010/09/05 22:35:11 | 000,017,343 | ---- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/09/04 18:32:24 | 000,326,072 | ---- | M] () iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/09/04 18:30:04 | 000,002,429 | ---- | M] () GDIPFONTCACHEV1.DAT -> C:\Users\wlogan89\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/09/02 17:00:03 | 000,071,624 | ---- | M] () Untitled 1.odt -> C:\Users\wlogan89\Documents\Untitled 1.odt -> [2010/09/02 01:02:47 | 000,019,984 | ---- | M] () OpenOffice.org 3.2.lnk -> C:\Users\wlogan89\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk -> [2010/09/02 00:28:05 | 000,001,203 | ---- | M] () OpenOffice.org 3.2.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk -> [2010/09/02 00:26:33 | 000,001,120 | ---- | M] () iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2010/08/31 00:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) 10 C:\Users\wlogan89\AppData\Local\Temp\*.tmp files -> C:\Users\wlogan89\AppData\Local\Temp\*.tmp -> 10 C:\Users\wlogan89\AppData\Local\Temp\*.tmp files -> C:\Users\wlogan89\AppData\Local\Temp\*.tmp -> [Files - No Company Name] SpywareBlaster.lnk -> C:\Users\wlogan89\Desktop\SpywareBlaster.lnk -> [2010/09/19 13:20:18 | 000,000,971 | ---- | C] () PAC-MAN-Pizza Parlor.lnk -> C:\Users\Public\Desktop\PAC-MAN-Pizza Parlor.lnk -> [2010/09/19 12:29:49 | 000,001,119 | ---- | C] () Game Manager.lnk -> C:\Users\wlogan89\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk -> [2010/09/19 09:20:48 | 000,001,907 | ---- | C] () Jeremy&Winston.jpg -> C:\Users\wlogan89\Documents\Jeremy&Winston.jpg -> [2010/09/17 19:54:07 | 000,020,296 | ---- | C] () Untitled 1.ods -> C:\Users\wlogan89\Documents\Untitled 1.ods -> [2010/09/17 19:40:00 | 000,010,709 | ---- | C] () QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2010/09/17 14:27:26 | 000,001,809 | ---- | C] () untitiled 3.odt -> C:\Users\wlogan89\Documents\untitiled 3.odt -> [2010/09/14 22:25:53 | 000,017,118 | ---- | C] () Haunted Hotel 3 Lonely Dream.lnk -> C:\Users\wlogan89\Desktop\Haunted Hotel 3 Lonely Dream.lnk -> [2010/09/13 19:34:37 | 000,002,279 | ---- | C] () Skype.lnk -> C:\Users\Public\Desktop\Skype.lnk -> [2010/09/09 20:19:20 | 000,002,515 | ---- | C] () english paper.odt -> C:\Users\wlogan89\Documents\english paper.odt -> [2010/09/07 21:51:43 | 000,019,835 | ---- | C] () Untitled 2.odt -> C:\Users\wlogan89\Documents\Untitled 2.odt -> [2010/09/06 19:26:24 | 000,018,272 | ---- | C] () definitions.odt -> C:\Users\wlogan89\Documents\definitions.odt -> [2010/09/05 22:35:09 | 000,017,343 | ---- | C] () iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/09/04 18:30:04 | 000,002,429 | ---- | C] () Untitled 1.odt -> C:\Users\wlogan89\Documents\Untitled 1.odt -> [2010/09/02 01:02:46 | 000,019,984 | ---- | C] () OpenOffice.org 3.2.lnk -> C:\Users\wlogan89\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk -> [2010/09/02 00:28:05 | 000,001,203 | ---- | C] () OpenOffice.org 3.2.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk -> [2010/09/02 00:26:33 | 000,001,120 | ---- | C] () Apple Safari.lnk -> C:\Users\wlogan89\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2010/08/29 23:59:19 | 000,002,515 | ---- | C] () Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2010/08/29 23:59:19 | 000,002,491 | ---- | C] () cdplayer.ini -> C:\Windows\cdplayer.ini -> [2010/06/02 22:53:47 | 000,000,229 | ---- | C] () dtirc.dll -> C:\Windows\SysWow64\dtirc.dll -> [2010/06/02 22:33:37 | 000,000,076 | ---- | C] () ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2010/05/27 11:28:55 | 000,000,056 | -H-- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\wlogan89\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/05/19 16:37:56 | 000,003,584 | ---- | C] () IconCache.db -> C:\Users\wlogan89\AppData\Local\IconCache.db -> [2010/04/04 12:48:51 | 001,820,860 | -H-- | C] () PidList.ini -> C:\Windows\PidList.ini -> [2010/04/04 12:37:36 | 000,000,074 | ---- | C] () GDIPFONTCACHEV1.DAT -> C:\Users\wlogan89\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/04/04 11:33:14 | 000,071,624 | ---- | C] () ArcadeDeluxe3.log -> C:\ProgramData\ArcadeDeluxe3.log -> [2009/10/21 14:08:01 | 000,007,920 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/14 00:32:39 | 000,043,318 | ---- | C] () GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/14 00:32:39 | 000,029,779 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/14 00:32:39 | 000,026,489 | ---- | C] () GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/14 00:32:39 | 000,026,040 | ---- | C] () desktop.ini -> C:\Program Files\desktop.ini -> [2009/07/13 23:54:24 | 000,000,174 | -HS- | C] () desktop.ini -> C:\Program Files (x86)\desktop.ini -> [2009/07/13 23:54:24 | 000,000,174 | -HS- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () [File - Lop Check] acccore -> C:\Users\wlogan89\AppData\Roaming\acccore -> [2010/05/22 18:34:38 | 000,000,000 | ---D | M] Acer -> C:\Users\wlogan89\AppData\Roaming\Acer -> [2010/04/04 11:36:14 | 000,000,000 | ---D | M] BitTorrent -> C:\Users\wlogan89\AppData\Roaming\BitTorrent -> [2010/09/20 13:37:29 | 000,000,000 | ---D | M] Boolat Games -> C:\Users\wlogan89\AppData\Roaming\Boolat Games -> [2010/09/13 21:07:59 | 000,000,000 | ---D | M] J River -> C:\Users\wlogan89\AppData\Roaming\J River -> [2010/06/16 00:19:06 | 000,000,000 | ---D | M] Leadertech -> C:\Users\wlogan89\AppData\Roaming\Leadertech -> [2010/04/04 11:36:13 | 000,000,000 | ---D | M] LimeWire -> C:\Users\wlogan89\AppData\Roaming\LimeWire -> [2010/09/20 15:40:03 | 000,000,000 | ---D | M] OpenOffice.org -> C:\Users\wlogan89\AppData\Roaming\OpenOffice.org -> [2010/09/02 00:27:37 | 000,000,000 | ---D | M] Orneon -> C:\Users\wlogan89\AppData\Roaming\Orneon -> [2010/09/07 22:31:42 | 000,000,000 | ---D | M] PlayFirst -> C:\Users\wlogan89\AppData\Roaming\PlayFirst -> [2010/09/19 11:32:15 | 000,000,000 | ---D | M] PowerCinema -> C:\Users\wlogan89\AppData\Roaming\PowerCinema -> [2010/04/04 13:01:06 | 000,000,000 | ---D | M] Specialbit -> C:\Users\wlogan89\AppData\Roaming\Specialbit -> [2010/09/13 22:10:10 | 000,000,000 | ---D | M] TeamViewer -> C:\Users\wlogan89\AppData\Roaming\TeamViewer -> [2010/04/04 23:20:23 | 000,000,000 | ---D | M] SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 00:08:49 | 000,014,118 | ---- | M] () [File - Purity Scan] [Alternate Data Streams] @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:745C905A @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34 < End of report >
keylogger/spy program
Started by
michaelsp
, Sep 20 2010 03:56 PM
#1
Posted 20 September 2010 - 03:56 PM
michaelsp
-
- Member
-
- 32 posts
Member
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
