After this, I got SUPERAntiSpyware and Spybot to run tests. Spybot always turns up clean but SUPER always has several temp files which it quarantines and I delete. When this didn't work, I got AVG free trial to see if it would take care of it. The screen shot of AVG alerts is attached as well.
I also tried turning off system restore, rebooting, and then making a new restore point.
I then ran the OTS with the settings shown in the third screen shot attached, and had the following outputs.
OTS logfile created on: 1/11/2011 7:26:17 PM - Run 2 OTS by OldTimer - Version 3.1.41.0 Folder = C:\Users\Owner\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 39.00% Memory free 8.00 Gb Paging File | 5.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.11 Gb Total Space | 373.67 Gb Free Space | 82.83% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Quick Scan [Processes - Safe List] ots.exe -> C:\Users\Owner\Downloads\OTS.exe -> File not found avgidsmonitor.exe -> C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe -> [2010/11/23 13:34:16 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) avgidsagent.exe -> C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -> [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) avgfws.exe -> C:\Program Files (x86)\AVG\AVG10\avgfws.exe -> [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) raptr.exe -> C:\Program Files (x86)\Raptr\raptr.exe -> [2010/11/11 18:30:00 | 000,058,792 | ---- | M] () raptr_im.exe -> C:\Program Files (x86)\Raptr\raptr_im.exe -> [2010/11/11 18:30:00 | 000,042,920 | ---- | M] () avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -> [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) avgtray.exe -> C:\Program Files (x86)\AVG\AVG10\avgtray.exe -> [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) avgam.exe -> C:\Program Files (x86)\AVG\AVG10\avgam.exe -> [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) realsched.exe -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe -> [2010/08/25 12:18:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.) applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) g2mstart.exe -> C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe -> [2010/08/13 11:48:42 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) g2mlauncher.exe -> C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mlauncher.exe -> [2010/08/13 11:48:42 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) g2mcomm.exe -> C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mcomm.exe -> [2010/08/13 11:48:42 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) winampa.exe -> C:\Program Files (x86)\Winamp\winampa.exe -> [2010/05/25 11:08:42 | 000,037,888 | ---- | M] (Nullsoft, Inc.) rtvscan.exe -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2010/04/01 22:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) protectionutilsurrogate.exe -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe -> [2010/04/01 22:31:18 | 000,050,544 | ---- | M] (Symantec Corporation) dwhwizrd.exe -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\DWHWizrd.exe -> [2010/04/01 22:26:42 | 000,159,600 | ---- | M] (Symantec Corporation) bridge.exe -> C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe -> [2010/03/09 03:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.) switchboard.exe -> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -> [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) ccapp.exe -> C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe -> [2010/01/25 15:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) ccsvchst.exe -> C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) jucheck.exe -> C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe -> [2010/01/11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) eeventmanager.exe -> C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe -> [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) wcourier.exe -> C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe -> [2009/07/24 12:32:50 | 001,593,344 | ---- | M] () fastbootagent.exe -> C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -> [2009/07/23 19:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) controldeckstartup.exe -> C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe -> [2009/07/22 19:58:46 | 000,017,976 | ---- | M] () atkosd2.exe -> C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe -> [2009/07/07 13:20:56 | 008,493,624 | ---- | M] (ASUS) adsmtray.exe -> C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe -> [2009/06/24 14:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) cnrpc.exe -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe -> [2009/06/11 17:13:40 | 000,158,584 | ---- | M] () cinemanowsvc.exe -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2009/06/11 17:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.) cinemanowshell.exe -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -> [2009/06/11 17:13:30 | 002,088,296 | ---- | M] (CinemaNow Inc.) sensorsrv.exe -> C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe -> [2009/05/18 17:58:38 | 000,305,720 | ---- | M] (ASUS) hcontrol.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe -> [2009/04/23 23:24:44 | 000,178,744 | ---- | M] (ASUS) dmedia.exe -> C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe -> [2009/04/20 13:09:30 | 000,159,744 | ---- | M] (ASUS) hcontroluser.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe -> [2009/04/01 23:05:34 | 000,098,304 | ---- | M] (ASUS) teatimer.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe -> [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) wdc.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe -> [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) kbfiltr.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe -> [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) atouch64.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe -> [2008/08/13 22:59:56 | 000,301,624 | ---- | M] () asldrsrv.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -> [2008/08/13 22:59:52 | 000,100,920 | ---- | M] () atkosd.exe -> C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe -> [2008/08/13 18:21:56 | 002,482,176 | ---- | M] (ASUS) clmlsvc.exe -> C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe -> [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) adsmsrv.exe -> C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -> [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) gfnexsrv.exe -> C:\Program Files\ATKGFNEX\GFNEXSrv.exe -> [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () eebsvc.exe -> C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -> [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Modules - Safe List] comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll -> [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(!SASCORE) [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) 64bit-(WinDefend) [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) 64bit-(ATKGFNEXSrv) [Auto | Running] -> C:\Program Files\ATKGFNEX\GFNEXSrv.exe -> [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () (Akamai) Akamai NetSession Interface [Auto | Running] -> c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll -> [2011/01/05 20:46:43 | 003,129,432 | ---- | M] () (AVGIDSAgent) AVGIDSAgent [Auto | Running] -> C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -> [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) (avgfws) AVG Firewall [Auto | Running] -> C:\Program Files (x86)\AVG\AVG10\avgfws.exe -> [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) (avgwd) AVG WatchDog [Auto | Running] -> C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -> [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) (Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) (SmcService) Symantec Management Client [Auto | Running] -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -> [2010/04/10 11:00:28 | 003,217,344 | ---- | M] (Symantec Corporation) (Symantec AntiVirus) Symantec Endpoint Protection [Auto | Running] -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2010/04/01 22:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) (SNAC) Symantec Network Access Control [Disabled | Stopped] -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -> [2010/04/01 20:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (SwitchBoard) Adobe SwitchBoard [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -> [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) (LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -> [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) (ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) (ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) (FastBootAgent) FastBootAgent [Auto | Running] -> C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -> [2009/07/23 19:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) (CinemaNow Service) CinemaNow Service [Auto | Running] -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2009/06/11 17:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) (SBSDWSCService) SBSD Security Center Service [Auto | Stopped] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) (ASLDRService) ASLDR Service [Auto | Running] -> C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -> [2008/08/13 22:59:52 | 000,100,920 | ---- | M] () (ADSMService) ADSM Service [Auto | Running] -> C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -> [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) (EpsonBidirectionalService) EpsonBidirectionalService [Auto | Running] -> C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -> [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Driver Services - Safe List] 64bit-(Avgldx64) AVG AVI Loader Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgldx64.sys -> [2010/12/08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) 64bit-(Avgtdia) AVG TDI Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgtdia.sys -> [2010/11/12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) 64bit-(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -> [2010/11/10 10:36:53 | 000,172,592 | ---- | M] (Symantec Corporation) 64bit-(AVGIDSEH) AVGIDSEH [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AVGIDSEH.sys -> [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) 64bit-(Avgmfx64) AVG Mini-Filter Resident Anti-Virus Shield [File_System | System | Running] -> C:\Windows\SysNative\drivers\avgmfx64.sys -> [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) 64bit-(Avgrkx64) AVG Anti-Rootkit Driver [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\avgrkx64.sys -> [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) 64bit-(AVGIDSDriver) AVGIDSDriver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AVGIDSDriver.sys -> [2010/08/19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) 64bit-(AVGIDSFilter) AVGIDSFilter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AVGIDSFilter.sys -> [2010/08/19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) 64bit-(Avgfwfd) AVG network filter service [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgfwd6a.sys -> [2010/07/12 04:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) 64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) 64bit-(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\srtspl64.sys -> [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) 64bit-(SRTSP) SRTSP [File_System | System | Running] -> C:\Windows\SysNative\drivers\srtsp64.sys -> [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) 64bit-(SRTSPX) SRTSPX [Kernel | System | Running] -> C:\Windows\SysNative\drivers\srtspx64.sys -> [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) 64bit-(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -> [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 64bit-(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\saskutil64.sys -> [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 64bit-(dc3d) MS Hardware Device Detection Driver (HID) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dc3d.sys -> [2009/11/04 02:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) 64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2009/07/28 02:35:51 | 007,345,632 | ---- | M] (Intel Corporation) 64bit-(kbfiltr) Keyboard Filter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\kbfiltr.sys -> [2009/07/20 04:29:39 | 000,015,416 | ---- | M] ( ) 64bit-(NETw1v64) Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NETw1v64.sys -> [2009/07/20 02:33:41 | 007,058,432 | ---- | M] (Intel Corporation) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(ETD) ELAN PS/2 Port Input Device [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ETD.sys -> [2009/07/08 22:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) 64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\athrx.sys -> [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) 64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () 64bit-(SiSGbeLH) SiS191/SiS190 Ethernet Device NDIS 6.0 Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SiSG664.sys -> [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) 64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009/06/04 05:54:35 | 000,408,600 | ---- | M] (Intel Corporation) 64bit-(AmUStor) AM USB Stroage Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\AmUStor.sys -> [2009/05/26 08:32:37 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) 64bit-(IntcHdmiAddService) Intel(R) High Definition Audio HDMI [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcHdmi.sys -> [2009/05/25 15:13:09 | 000,138,752 | ---- | M] (Intel(R) Corporation) 64bit-(SNP2UVC) USB2.0 PC Camera (SNP2UVC) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\snp2uvc.sys -> [2009/05/20 03:11:05 | 001,799,680 | ---- | M] () 64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) 64bit-(MTsensor) ATK0100 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ATK64AMD.sys -> [2009/05/12 20:07:19 | 000,015,928 | ---- | M] (ASUS) 64bit-(NuidFltr) NUID filter driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nuidfltr.sys -> [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) 64bit-(L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\L1C62x64.sys -> [2009/04/27 03:25:57 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) 64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2008/12/08 19:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) 64bit-(WimFltr) WimFltr [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WimFltr.sys -> [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) 64bit-(ASMMAP64) ASMMAP64 [Kernel | Auto | Running] -> C:\Program Files\ATKGFNEX\ASMMAP64.sys -> [2007/07/24 13:11:32 | 000,014,904 | ---- | M] () (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Symantec\Definitions\VirusDefs\20110111.002\EX64.SYS -> [2010/12/17 04:00:00 | 001,791,096 | ---- | M] (Symantec Corporation) (NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Symantec\Definitions\VirusDefs\20110111.002\ENG64.SYS -> [2010/12/17 04:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -> [2010/10/18 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2010/10/18 03:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) (SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\srtspl64.sys -> [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) (SRTSP) SRTSP [File_System | System | Running] -> C:\Windows\SysWOW64\drivers\srtsp64.sys -> [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) (SRTSPX) SRTSPX [Kernel | System | Running] -> C:\Windows\SysWOW64\drivers\srtspx64.sys -> [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{ba14329e-9550-4989-b3f2-9732e92d17cc}" [HKLM] -> C:\Program Files (x86)\Vuze_Remote\tbVuze.dll [Vuze Remote Toolbar] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.) < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://antivirus.vt.edu -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://antivirus.vt.edu -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\: Main\\"Default_Page_URL" -> http://asus.msn.com -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\: Main\\"Start Page" -> http://antivirus.vt.edu -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\: URLSearchHooks\\"{ba14329e-9550-4989-b3f2-9732e92d17cc}" [HKLM] -> C:\Program Files (x86)\Vuze_Remote\tbVuze.dll [Vuze Remote Toolbar] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.) HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\: "ProxyOverride" -> *.local -> < FireFox Settings [Prefs.js] > -> C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\Profiles\u31q2sju.default\prefs.js -> browser.search.defaultthis.engineName -> "Google Powered Search" -> browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" -> browser.search.param.yahoo-fr -> "chrf-i3752" -> browser.search.param.yahoo-fr-cjkt -> "chrf-i3752" -> browser.startup.homepage -> "http://www.christnotes.org/dbv.php" -> extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 -> extensions.enabledItems -> {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 -> extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 -> extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 -> extensions.enabledItems -> {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 -> extensions.enabledItems -> {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0 -> extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 -> < FireFox Settings [User.js] > -> C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\Profiles\u31q2sju.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}] -> [2010/08/10 11:41:39 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2010/12/23 22:53:10 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX\ [C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX\] -> [2011/01/09 16:38:56 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/25 10:55:57 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/12/25 10:55:59 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Owner\AppData\Roaming\Mozilla\Extensions -> [2010/02/21 19:40:14 | 000,000,000 | ---D | M] -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions -> [2011/01/11 18:46:09 | 000,000,000 | ---D | M] Yahoo! Toolbar -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2010/12/23 22:53:14 | 000,000,000 | ---D | M] Vuze Remote Toolbar -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} -> [2010/12/23 22:53:15 | 000,000,000 | ---D | M] Adblock Plus -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/12/23 22:53:15 | 000,000,000 | ---D | M] < FireFox SearchPlugins [User Folders] > -> conduit.xml -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u31q2sju.default\searchplugins\conduit.xml -> [2010/11/18 16:11:05 | 000,000,903 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2011/01/09 19:13:46 | 000,000,000 | ---D | M] No name found -> C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} -> [2010/12/25 10:54:05 | 000,000,000 | ---D | M] Adobe Contribute Toolbar -> C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9} -> [2010/08/10 11:41:39 | 000,000,000 | ---D | M] AVG Safe Search -> C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX -> [2011/01/09 16:38:56 | 000,000,000 | ---D | M] RealPlayer Browser Record Plugin -> C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT -> [2010/12/23 22:53:10 | 000,000,000 | ---D | M] < FireFox Components [Program Folders] > -> nprpffbrowserrecordext.dll -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll -> [2010/08/25 12:18:24 | 000,049,152 | ---- | M] () < HOSTS File > ([2009/06/10 16:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG10\avgssiea.dll [AVG Safe Search] -> [2010/11/22 04:48:14 | 003,848,032 | ---- | M] (AVG Technologies CZ, s.r.o.) {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2008/12/08 19:35:52 | 000,068,960 | ---- | M] (Microsoft Corporation) {9421DD08-935F-4701-A9CA-22DF90AC4EA6} [HKLM] -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [Easy Photo Print] -> [2009/08/24 00:10:02 | 000,430,592 | ---- | M] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {074C1DC5-9320-4A9A-947D-C042949C6216} [HKLM] -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [ContributeBHO Class] -> [2010/03/27 16:59:12 | 000,164,312 | ---- | M] (Adobe Systems, Inc.) {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2010/08/25 12:18:24 | 000,341,600 | ---- | M] (RealPlayer) {30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG10\avgssie.dll [AVG Safe Search] -> [2010/11/22 04:48:12 | 002,732,896 | ---- | M] (AVG Technologies CZ, s.r.o.) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {ba14329e-9550-4989-b3f2-9732e92d17cc} [HKLM] -> C:\Program Files (x86)\Vuze_Remote\tbVuze.dll [Vuze Remote Toolbar] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.) < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{9421DD08-935F-4701-A9CA-22DF90AC4EA6}" [HKLM] -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [Easy Photo Print] -> [2009/08/24 00:10:02 | 000,430,592 | ---- | M] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.) "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" [HKLM] -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [Contribute Toolbar] -> [2010/03/27 16:59:12 | 000,164,312 | ---- | M] (Adobe Systems, Inc.) "{ba14329e-9550-4989-b3f2-9732e92d17cc}" [HKLM] -> C:\Program Files (x86)\Vuze_Remote\tbVuze.dll [Vuze Remote Toolbar] -> [2010/11/13 21:58:34 | 003,913,000 | ---- | M] (Conduit Ltd.) "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AmIcoSinglun64" -> C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe] -> [2009/04/09 08:17:03 | 000,320,000 | ---- | M] (AlcorMicro Co., Ltd.) "ETDWare" -> C:\Program Files\Elantech\ETDCtrl.exe [C:\Program Files\Elantech\ETDCtrl.exe] -> [2009/07/30 05:56:05 | 000,617,856 | ---- | M] (ELAN Microelectronic Corp.) "HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2009/08/02 07:38:01 | 000,387,608 | ---- | M] (Intel Corporation) "IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2009/08/02 07:38:11 | 000,165,912 | ---- | M] (Intel Corporation) "Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2009/08/02 07:38:07 | 000,365,592 | ---- | M] (Intel Corporation) "RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/07/28 08:14:19 | 007,982,112 | ---- | M] (Realtek Semiconductor) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AdobeCS5ServiceManager" -> C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe ["C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin] -> [2010/02/22 03:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) "ATKMEDIA" -> C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe] -> [2009/04/20 13:09:30 | 000,159,744 | ---- | M] (ASUS) "ATKOSD2" -> C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe] -> [2009/07/07 13:20:56 | 008,493,624 | ---- | M] (ASUS) "AVG_TRAY" -> C:\Program Files (x86)\AVG\AVG10\avgtray.exe [C:\Program Files (x86)\AVG\AVG10\avgtray.exe] -> [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) "ccApp" -> C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"] -> [2010/01/25 15:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) "CinemaNowMediaManagerApp" -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe [C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -start] -> [2009/06/11 17:13:30 | 002,088,296 | ---- | M] (CinemaNow Inc.) "EEventManager" -> C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe ["C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"] -> [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) "HControlUser" -> C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe] -> [2009/04/01 23:05:34 | 000,098,304 | ---- | M] (ASUS) "LTCM Client" -> C:\Program Files (x86)\LTCM Client\ltcmClient.exe [C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup] -> [2009/08/05 12:36:18 | 001,596,096 | ---- | M] (Leader Technologies Inc.) "Setwallpaper" -> c:\programdata\SetWallpaper.cmd [c:\programdata\SetWallpaper.cmd] -> File not found "SwitchBoard" -> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe] -> [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) "TkBellExe" -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2010/08/25 12:18:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.) "UpdateLBPShortCut" -> C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"] -> [2009/05/20 00:16:16 | 000,222,504 | ---- | M] (CyberLink Corp.) "UpdateP2GoShortCut" -> C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2008/12/04 00:15:16 | 000,218,408 | ---- | M] (CyberLink Corp.) "WinampAgent" -> C:\Program Files (x86)\Winamp\winampa.exe ["C:\Program Files (x86)\Winamp\winampa.exe"] -> [2010/05/25 11:08:42 | 000,037,888 | ---- | M] (Nullsoft, Inc.) < RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "" -> [] -> File not found < RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "" -> [] -> File not found < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 20:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "" -> [] -> File not found "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 20:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "" -> [] -> File not found "mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AdobeBridge" -> C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe ["C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth] -> [2010/03/09 03:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.) "DW6" -> C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe ["C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"] -> [2010/04/16 10:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) "Epson Stylus NX420(Network)" -> C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIGCA.EXE [C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_SBF32.tmp" /EF "HKCU"] -> File not found "GoToMeeting" -> C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe ["C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon"] -> [2010/08/13 11:48:42 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) "Raptr" -> C:\Program Files (x86)\Raptr\raptrstub.exe [C:\PROGRA~2\Raptr\raptrstub.exe --startup] -> [2010/11/11 18:30:02 | 000,052,648 | ---- | M] () "SpybotSD TeaTimer" -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) "SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/12/14 15:02:36 | 002,988,784 | ---- | M] (SUPERAntiSpyware.com) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found \\"NoActiveDesktopChanges" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000] > -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveAutoRun" -> [0] -> File not found \\"NoDriveTypeAutoRun" -> [149] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7567 domain(s) found. -> cinemanow.com .[http] -> Trusted sites -> cinemanow.com .[https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\] > -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-165630816-1800415273-3807148623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.2.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3D55454B-6490-4B25-82EC-8D0ECEABB655}\\DhcpNameServer -> 192.168.2.1 (Intel(R) WiFi Link 1000 BGN) -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 20:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2009/07/28 02:04:49 | 000,258,560 | ---- | M] (Intel Corporation) < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {0E280B3E-CAD8-4B5C-ACBC-199FC775029D} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32753 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {167AE2E9-60D0-44E0-9052-88365043BACC} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32785 | app=%systemroot%\system32\svchost.exe | svc=fdphost | {17EC1905-6EBF-4B99-9585-E83690768A78} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system | {1DAECD5A-F9CD-4F10-BBA7-173EBF7C38CE} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | {2BE61982-8FDF-4239-95B8-87F99DA1DAB2} -> lport=5000 | profile=public | protocol=17 | dir=in | action=allow | name=akamai netsession interface | {38E2B83F-3FE1-4127-A5D2-C733108366BE} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system | {470E28A5-F41A-42FF-89DD-FD3F0C5E62D4} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {4A1C87C3-7151-4FF6-B0B3-29551969AFDA} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | {4C729977-B397-434D-B3F4-ABF4DB5D13D0} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32801 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {4CC9EDA0-4B4C-4754-B673-EDC22B736669} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system | {5079C229-FE63-410D-BCC1-4520185544A1} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {5241845B-77B9-434F-913E-9C75E27CBBCD} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {531CF038-A9BF-473D-B8DA-A42BC67B339E} -> lport=49163 | profile=public | protocol=6 | dir=in | action=allow | name=akamai netsession interface | {5391F5F3-4C47-46BF-82CE-CD4823E9BD17} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32805 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {541377EC-FFC0-4787-8CC6-C7F898D7A305} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system | {56017422-84F1-4DD6-855A-A5008632EEE6} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system | {6C2A2C8B-8332-4A9E-B085-DA201474C3D0} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | {6F7CED57-283B-484A-B0E2-478245032997} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {7A4CB58E-AEE6-4773-AB3A-6F8E6A2CA132} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {7AC75B1D-760D-4594-AF50-60BC42112527} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | {865C6F78-F14C-415F-89E6-F0BE0BEE136C} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system | {8A695A48-8694-4ED2-852C-6A15CF55F70B} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {91C05558-F4F1-43A1-86A7-70A2FEE40DA5} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32757 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {9E3B2ECC-A4FA-4231-B9F2-8AAD0BF78FEF} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32811 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | {A061311E-FA49-4356-B701-B6C23F3ED1DC} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {A26B5CB0-F821-43A6-B8B5-18B10528DDE9} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-32809 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | {ABF14BE4-2B71-4232-BB0D-EF3533135D11} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {B3AE19EB-260C-4E1B-A503-4A10904BC72F} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-32789 | app=%systemroot%\system32\svchost.exe | svc=fdphost | {B5D7E892-B44B-4C79-99E3-F795B1572BEC} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {C4D4EBA9-90E7-4970-A117-1A7EE8C0AFBF} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system | {C98FC17D-1F5A-4FB5-AF86-3DB09E2E2EA2} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss | {D1CF633F-C119-443A-ADA3-AAB92DC4DDAE} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system | {DF712705-2DC7-4AA4-80B9-3ACEB230BB83} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {E01C9F1E-FDC5-4F48-93C0-CDFFAA3AA3F0} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | {ECEBC1BD-EFE4-4CB9-A3FD-9FEB536ECFDD} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | {F5E97E30-297F-4615-AEAA-E902EBAB8282} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {0191334A-4090-4E50-BF3B-2DF26E7FBF9F} -> profile=public | protocol=17 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | {18362D5C-E298-4BA4-80A9-10623185D1DF} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {1A6A6D24-9CE8-424A-A710-60A8B7F46BF4} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {1DC92F22-7274-4E60-B688-793BB484EBCA} -> profile=public | protocol=6 | dir=in | action=allow | name=symantec email | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | {1F20267F-9881-4976-A5CB-7E3B2E110281} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | {27251568-2350-452A-A74D-AECD82203D4D} -> profile=private | protocol=6 | dir=in | action=allow | name=eeventmanager.exe | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | {27B0F5B7-2D1B-4D6C-99A9-392DE60E2784} -> profile=private | protocol=6 | dir=in | action=allow | name=avg diagnostics 2011 | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | {2A6558D0-51D8-4D47-943F-69ABB2622259} -> profile=private | protocol=17 | dir=in | action=allow | name=cinemanow updater | app=c:\program files (x86)\cinemanow\cinemanow media manager\cnupdater.exe | {3756A025-F7A6-4EE4-82DE-DA1D286E6F34} -> profile=private | protocol=6 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg10\avgnsa.exe | {38287949-F146-4A95-98D0-A345EE811FF1} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {3C23AEB2-7D6E-48EB-91ED-16D4BFB9314F} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 | {4A6D9708-981A-47A9-AAFC-5CA08645A0FE} -> profile=private | protocol=17 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg10\avgemca.exe | {4C2C51A6-03BD-4093-B72E-87E9D8B00852} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | {5199D09E-59DC-40F3-A327-6E57881E13F9} -> profile=public | protocol=17 | dir=in | action=allow | name=smc service | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | {53322476-E469-4DCC-ADEF-E1C46CAF1A3B} -> profile=public | protocol=6 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | {549373C6-70AE-4FA1-AC3A-C257338DBAF7} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | {57D63114-A462-4D54-B6D2-D7A47C29C844} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {5833F48D-0E1B-41A7-A84D-6C3184CAAD16} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {5B815D02-97C4-4C95-9EDD-87EB659D1C87} -> profile=public | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {64036B2B-522D-4AEB-BB4C-73D3999E6620} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {67A07F5B-A219-44C8-B73C-C3A94C937D5F} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {699B6C49-CC02-4763-B3C5-4B382CD07065} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | {6A7ED694-F506-478E-BFF0-A5570A4E6036} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {6C7E67B7-226B-46A2-875B-8A5A9498D685} -> profile=private | protocol=6 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | {6CB4B777-855B-428C-94E6-376CBE76F972} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | {6D839E68-3568-4573-B3FD-6AD63AD8D9D3} -> profile=public | protocol=17 | dir=in | action=allow | name=snac64 service | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | {726EECF2-36B4-4E35-8697-D83423B04016} -> profile=public | protocol=6 | dir=in | action=allow | name=cinemanow updater | app=c:\program files (x86)\cinemanow\cinemanow media manager\cnupdater.exe | {727922A5-7C09-4660-B970-CD84370B9970} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {7517EB4B-CDE7-4B23-8882-CB3166EA540F} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 | {75E0C872-26CB-43B5-B331-331DF0DCB25B} -> profile=public | protocol=6 | dir=in | action=allow | name=smc service | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | {76D11B86-965D-4B05-89C5-750B36FE6716} -> profile=private | protocol=6 | dir=in | action=allow | name=epsonnet setup | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | {7F77D1E6-891B-4994-9731-68C143576643} -> profile=private | protocol=17 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | {819E0CD3-3F29-4F96-891A-1D971630BF13} -> profile=private | protocol=6 | dir=in | action=allow | name=cinemanow updater | app=c:\program files (x86)\cinemanow\cinemanow media manager\cnupdater.exe | {823B43A9-2839-4B20-9940-9C684FA549EF} -> profile=public | protocol=6 | dir=out | action=allow | [email protected],-32821 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {82C9AAFF-808D-49A1-81D5-4B6A57889799} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {863DD546-0659-4D10-880A-89C4E35F23B6} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {867937E4-1866-4CE2-94A5-E82889276D23} -> profile=public | protocol=6 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | {87DC2A29-732C-4666-910C-0D1C46DCF936} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | {906295EC-B08A-4822-BA3F-30BA79DC724E} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | {910A73BA-BCBD-41F1-BB44-4CBAD718C5CD} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 | {93B7FD47-8B92-4D87-B15E-D87D8FFDD847} -> profile=private | protocol=17 | dir=in | action=allow | name=epsonnet setup | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | {970FC4B1-EAC0-4779-86D8-963EA4CB1438} -> profile=private | protocol=17 | dir=in | action=allow | name=raptr im | app=c:\program files (x86)\raptr\raptr_im.exe | {98076275-6F42-488D-BD83-09D0A7BB6A6F} -> profile=private | protocol=6 | dir=in | action=allow | name=avg alert manager | app=c:\program files (x86)\avg\avg10\avgam.exe | {A1E8D0E0-137F-43E6-A9B3-FEE1252BA23D} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {A6999624-A704-4844-AC47-19D99E773ED2} -> profile=private | protocol=6 | dir=in | action=allow | name=raptr im | app=c:\program files (x86)\raptr\raptr_im.exe | {A6EAB963-6418-4B74-93EE-F47AA8456FE0} -> profile=public | protocol=6 | dir=in | action=allow | name=mozilla firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe | {A8701D65-2931-40A8-A73B-62CC372319AE} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {A8B24B14-15A5-47B0-BD79-9BAFD2D65420} -> profile=private | protocol=17 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg10\avgnsa.exe | {AE4C4DD4-499B-4371-834B-D9401F2DB32C} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {AF660CC0-5CE6-4FD3-935A-6D5B9C1C39A6} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {B04BFC11-5333-414A-9FAE-41A6775AA01C} -> profile=private | protocol=17 | dir=in | action=allow | name=avg diagnostics 2011 | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | {B4CEA86E-74C6-48F2-96EF-7059FC88B8AA} -> profile=private | protocol=17 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | {B66B82FB-EA1D-45CC-8C43-6F287A1288B4} -> profile=public | protocol=17 | dir=in | action=allow | name=mozilla firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe | {BFA03FCA-4C79-4150-A1FE-7F5D2EB2640E} -> profile=private | protocol=6 | dir=in | action=allow | name=raptr client | app=c:\program files (x86)\raptr\raptr.exe | {C511FC58-C84A-49A1-9A8F-A360A031D668} -> profile=public | protocol=6 | dir=in | action=allow | name=snac64 service | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | {C8EFD3D9-ADD5-4E52-9601-3984F5F63D7A} -> profile=private | protocol=17 | dir=in | action=allow | name=raptr client | app=c:\program files (x86)\raptr\raptr.exe | {C97E7915-31F0-46D9-BF18-090E36133EB4} -> profile=private | protocol=17 | dir=in | action=allow | name=eeventmanager.exe | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | {CB97106A-4EEB-4CC8-AD6E-7A724FC75CDE} -> profile=private | protocol=6 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | {CBF537EC-FDE5-442A-A977-7C181816255C} -> profile=public | protocol=17 | dir=in | action=allow | name=cinemanow updater | app=c:\program files (x86)\cinemanow\cinemanow media manager\cnupdater.exe | {CC293A52-324B-432D-B34D-B5FC9ACC131B} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe | {D953CDFC-4035-405D-85FA-DDF2888AEC05} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | {D969BB11-AF5D-4171-8AAE-18BEAC749A64} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {DCA10B6A-2E22-4358-A893-1B1F9B0ADB00} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | {DE2A9350-5204-4B5C-B6B0-58B1B9C7741D} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {DEB9868D-B962-45AA-ACA6-3C14F324B8B2} -> profile=public | protocol=17 | dir=in | action=allow | name=symantec email | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | {DF73730C-9FBE-4089-9429-CC4E1144971F} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {E08CDCBC-5A55-4C06-B2A5-F54306E050E6} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 | {E1B93292-3E94-4131-A4EE-BC9133BF2241} -> profile=private | protocol=17 | dir=in | action=allow | name=avg alert manager | app=c:\program files (x86)\avg\avg10\avgam.exe | {E3973598-8DAF-49E3-841C-19AF072506A4} -> profile=private | protocol=6 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg10\avgemca.exe | {E490E34A-BD39-4F90-98EC-976277ABE740} -> profile=public | protocol=17 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | {E55E1CD4-1280-4B1C-B9A8-E8E51CC42FA2} -> profile=public | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {EC87A9C0-374A-4A9A-8D13-FF3EE8D37E50} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | TCP Query User{705D08D2-B62A-44BD-A685-44616783A85F}C:\program files (x86)\epson software\event manager\eeventmanager.exe -> profile=public | protocol=6 | dir=in | action=block | name=eeventmanager application | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | TCP Query User{98C7BED0-CDE6-407A-970B-12744A2E7421}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | TCP Query User{9EC75BFC-CE76-409D-848D-CEB28224EA72}C:\program files (x86)\real\realplayer\realplay.exe -> profile=private | protocol=6 | dir=in | action=allow | name=realplayer | app=c:\program files (x86)\real\realplayer\realplay.exe | UDP Query User{34C24BD7-E6A9-43B8-AE69-2B5F13597CBD}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | UDP Query User{96A80660-BED5-420F-AF6C-CBDE6F77434F}C:\program files (x86)\epson software\event manager\eeventmanager.exe -> profile=public | protocol=17 | dir=in | action=block | name=eeventmanager application | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | UDP Query User{99881285-747D-4DF2-81EF-20C88E580121}C:\program files (x86)\real\realplayer\realplay.exe -> profile=private | protocol=17 | dir=in | action=allow | name=realplayer | app=c:\program files (x86)\real\realplayer\realplay.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* -> File not found 64bit-cmdfile [open] -> "%1" %* -> File not found 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found 64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 20:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2010/11/04 00:48:18 | 010,989,056 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/11/04 00:49:17 | 005,978,112 | ---- | M] (Microsoft Corporation) 64bit-jsfile [open] -> "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" -> [2002/05/21 23:13:20 | 009,797,632 | ---- | M] (Macromedia, Inc.) 64bit-piffile [open] -> "%1" %* -> File not found 64bit-scrfile [config] -> "%1" -> File not found 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 20:38:51 | 000,130,048 | ---- | M] (Microsoft Corporation) 64bit-scrfile [open] -> "%1" /S -> File not found 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found 64bit-Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/08/26 18:34:22 | 000,107,008 | ---- | M] () 64bit-Directory [Bridge] -> C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" -> [2010/03/09 03:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.) 64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 20:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation) 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/08/26 18:34:22 | 000,107,008 | ---- | M] () 64bit-Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.) 64bit-Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.) 64bit-Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.) 64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 20:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 20:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation) InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2010/11/04 00:48:18 | 010,989,056 | ---- | M] (Microsoft Corporation) InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010/11/04 00:49:17 | 005,978,112 | ---- | M] (Microsoft Corporation) jsfile [open] -> "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" -> [2002/05/21 23:13:20 | 009,797,632 | ---- | M] (Macromedia, Inc.) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009/07/13 20:14:08 | 000,128,000 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/08/26 18:34:22 | 000,107,008 | ---- | M] () Directory [Bridge] -> C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" -> [2010/03/09 03:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.) Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/13 20:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/08/26 18:34:22 | 000,107,008 | ---- | M] () Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.) Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.) Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2010/05/25 11:09:44 | 001,552,736 | ---- | M] (Nullsoft, Inc.) Folder [open] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 7/21/2010 4:19:29 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 13412778 Application [ Error ] 7/21/2010 4:19:29 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 13412778 Application [ Error ] 7/21/2010 4:19:30 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 7/21/2010 4:19:30 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 13413777 Application [ Error ] 7/21/2010 4:19:30 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 13413777 Application [ Error ] 7/21/2010 4:19:31 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 7/21/2010 4:19:31 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 13414791 Application [ Error ] 7/21/2010 4:19:31 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 13414791 Application [ Error ] 7/21/2010 4:19:32 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 7/21/2010 4:19:32 PM Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 13415789 Media Center [ Error ] 8/2/2010 10:51:04 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 10:50:59 PM - Error connecting to the internet. 10:50:59 PM - Unable to contact server.. Media Center [ Error ] 8/3/2010 4:28:44 AM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 4:28:44 AM - Error connecting to the internet. 4:28:44 AM - Unable to contact server.. Media Center [ Error ] 8/3/2010 12:34:40 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 4:28:49 AM - Error connecting to the internet. 4:28:49 AM - Unable to contact server.. Media Center [ Error ] 10/3/2010 12:44:51 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 12:44:43 PM - Failed to retrieve SportsV2 (Error: Unable to connect to the remote server) Media Center [ Error ] 10/13/2010 1:08:48 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 1:08:48 PM - Error connecting to the internet. 1:08:48 PM - Unable to contact server.. Media Center [ Error ] 10/13/2010 1:09:39 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 1:09:35 PM - Error connecting to the internet. 1:09:35 PM - Unable to contact server.. Media Center [ Error ] 10/13/2010 2:11:06 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 2:11:05 PM - Error connecting to the internet. 2:11:05 PM - Unable to contact server.. Media Center [ Error ] 10/13/2010 2:11:54 PM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 2:11:53 PM - Error connecting to the internet. 2:11:53 PM - Unable to contact server.. Media Center [ Error ] 10/20/2010 1:02:13 AM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 1:02:13 AM - Error connecting to the internet. 1:02:13 AM - Unable to contact server.. Media Center [ Error ] 10/20/2010 1:02:50 AM Computer Name = Owner-PC | Source = MCUpdate | ID = 0 -> Description = 1:02:45 AM - Error connecting to the internet. 1:02:45 AM - Unable to contact server.. System [ Error ] 12/1/2010 12:58:19 AM Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011 -> Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. System [ Error ] 12/1/2010 12:58:19 AM Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011 -> Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec AntiVirus service. System [ Error ] 12/1/2010 10:38:58 AM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC :20" could not be registered on the interface with IP address 172.31.112.27. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer. System [ Error ] 12/1/2010 10:39:02 AM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC :0" could not be registered on the interface with IP address 172.31.112.27. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer. System [ Error ] 12/1/2010 12:02:37 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC :0" could not be registered on the interface with IP address 172.31.112.27. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer. System [ Error ] 12/1/2010 1:45:35 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC :0" could not be registered on the interface with IP address 172.31.80.195. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer. System [ Error ] 12/1/2010 1:45:38 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC :20" could not be registered on the interface with IP address 172.31.80.195. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer. System [ Error ] 12/1/2010 2:13:28 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC :0" could not be registered on the interface with IP address 172.31.115.52. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer. System [ Error ] 12/1/2010 2:13:31 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC :20" could not be registered on the interface with IP address 172.31.115.52. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer. System [ Error ] 12/1/2010 3:33:30 PM Computer Name = Owner-PC | Source = NetBT | ID = 4321 -> Description = The name "OWNER-PC :20" could not be registered on the interface with IP address 172.31.115.52. The computer with the IP address 198.82.162.243 did not allow the name to be claimed by this computer. [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2011/01/11 19:11:32 | 000,642,560 | ---- | C] (OldTimer Tools) OneNote Notebooks -> C:\Users\Owner\Documents\OneNote Notebooks -> [2011/01/10 18:23:03 | 000,000,000 | ---D | C] Hewlett-Packard -> C:\ProgramData\Hewlett-Packard -> [2011/01/10 18:22:28 | 000,000,000 | ---D | C] $AVG -> C:\$AVG -> [2011/01/09 18:15:59 | 000,000,000 | -H-D | C] AVG10 -> C:\Users\Owner\AppData\Roaming\AVG10 -> [2011/01/09 16:44:10 | 000,000,000 | ---D | C] Common Files -> C:\ProgramData\Common Files -> [2011/01/09 16:43:18 | 000,000,000 | -H-D | C] AVG 2011 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011 -> [2011/01/09 16:42:09 | 000,000,000 | ---D | C] AVG -> C:\Windows\SysWow64\drivers\AVG -> [2011/01/09 16:42:06 | 000,000,000 | ---D | C] AVG10 -> C:\ProgramData\AVG10 -> [2011/01/09 16:38:30 | 000,000,000 | ---D | C] AVG -> C:\Windows\SysNative\drivers\AVG -> [2011/01/09 16:38:30 | 000,000,000 | ---D | C] AVG -> C:\Program Files (x86)\AVG -> [2011/01/09 16:35:49 | 000,000,000 | ---D | C] MFAData -> C:\ProgramData\MFAData -> [2011/01/09 16:21:28 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com -> [2010/12/27 10:18:43 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/12/27 10:18:43 | 000,000,000 | ---D | C] !SASCORE -> C:\ProgramData\!SASCORE -> [2010/12/27 10:18:39 | 000,000,000 | ---D | C] SUPERAntiSpyware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware -> [2010/12/27 10:18:38 | 000,000,000 | ---D | C] SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/12/27 10:18:35 | 000,000,000 | ---D | C] Spybot - Search & Destroy -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy -> [2010/12/25 01:23:53 | 000,000,000 | ---D | C] Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2010/12/25 01:23:43 | 000,000,000 | ---D | C] Spybot - Search & Destroy -> C:\Program Files (x86)\Spybot - Search & Destroy -> [2010/12/25 01:23:43 | 000,000,000 | ---D | C] Registry Backup -> C:\Users\Owner\Documents\Registry Backup -> [2010/12/23 21:22:53 | 000,000,000 | ---D | C] Google -> C:\Program Files (x86)\Google -> [2010/12/16 18:51:16 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] OTS.exe -> C:\Users\Owner\Desktop\OTS.exe -> [2011/01/11 19:11:41 | 000,642,560 | ---- | M] (OldTimer Tools) GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000UA.job -> [2011/01/11 18:59:06 | 000,000,908 | ---- | M] () incavi.avm -> C:\Windows\SysNative\drivers\AVG\incavi.avm -> [2011/01/11 18:50:46 | 104,036,103 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011/01/11 18:46:06 | 000,067,584 | --S- | M] () ChatLog Fairfax County 2011_01_11 12_39.rtf -> C:\Users\Owner\Documents\ChatLog Fairfax County 2011_01_11 12_39.rtf -> [2011/01/11 12:39:24 | 000,000,710 | ---- | M] () OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> [2011/01/11 12:26:47 | 000,001,294 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/01/11 11:55:22 | 000,010,240 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/01/11 11:55:22 | 000,010,240 | -H-- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/01/11 11:33:47 | 3193,884,672 | -HS- | M] () GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-165630816-1800415273-3807148623-1000Core.job -> [2011/01/11 11:03:44 | 000,000,856 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/01/10 16:22:29 | 000,736,514 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/01/10 16:22:29 | 000,631,224 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/01/10 16:22:29 | 000,109,310 | ---- | M] () s&c return label.png -> C:\Users\Owner\Desktop\s&c return label.png -> [2011/01/10 16:22:05 | 000,029,237 | ---- | M] () iavifw.avm -> C:\Windows\SysNative\drivers\AVG\iavifw.avm -> [2011/01/09 21:41:48 | 000,641,053 | ---- | M] () AVG 2011.lnk -> C:\Users\Public\Desktop\AVG 2011.lnk -> [2011/01/09 16:42:20 | 000,000,955 | ---- | M] () incavi.avm -> C:\Windows\SysWow64\drivers\AVG\incavi.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | M] () iavifw.avm -> C:\Windows\SysWow64\drivers\AVG\iavifw.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | M] () iavichjw.avm -> C:\Windows\SysWow64\drivers\AVG\iavichjw.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | M] () To Do 12.21.2010.docx -> C:\Users\Owner\Desktop\To Do 12.21.2010.docx -> [2011/01/05 12:01:55 | 000,018,986 | ---- | M] () SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/12/27 10:26:45 | 000,001,963 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010/12/25 10:54:55 | 000,749,728 | ---- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/12/25 03:50:03 | 004,983,064 | ---- | M] () Spybot - Search & Destroy.lnk -> C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2010/12/25 01:24:06 | 000,001,284 | ---- | M] () Spybot - Search & Destroy.lnk -> C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk -> [2010/12/25 01:24:06 | 000,001,260 | ---- | M] () CinemaNowSvc.ini -> C:\ProgramData\CinemaNowSvc.ini -> [2010/12/23 23:04:42 | 000,000,024 | ---- | M] () Resmon.ResmonCfg -> C:\Users\Owner\AppData\Local\Resmon.ResmonCfg -> [2010/12/23 16:20:36 | 000,007,602 | ---- | M] () To Do 12.16.2010.docx -> C:\Users\Owner\Desktop\To Do 12.16.2010.docx -> [2010/12/16 16:26:24 | 000,016,312 | ---- | M] () ChatLog VT SWIM Meeitng 2010_12_16 11_10.rtf -> C:\Users\Owner\Documents\ChatLog VT SWIM Meeitng 2010_12_16 11_10.rtf -> [2010/12/16 11:10:05 | 000,000,373 | ---- | M] () To Do List.docx -> C:\Users\Owner\Desktop\To Do List.docx -> [2010/12/15 13:36:50 | 000,015,238 | ---- | M] () 66 C:\Users\Owner\AppData\Local\Temp\*.tmp files -> C:\Users\Owner\AppData\Local\Temp\*.tmp -> 4 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> [Files - No Company Name] incavi.avm -> C:\Windows\SysNative\drivers\AVG\incavi.avm -> [2011/01/11 18:50:46 | 104,036,103 | ---- | C] () ChatLog Fairfax County 2011_01_11 12_39.rtf -> C:\Users\Owner\Documents\ChatLog Fairfax County 2011_01_11 12_39.rtf -> [2011/01/11 12:39:24 | 000,000,710 | ---- | C] () OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> [2011/01/10 18:23:06 | 000,001,294 | ---- | C] () s&c return label.png -> C:\Users\Owner\Desktop\s&c return label.png -> [2011/01/10 16:22:04 | 000,029,237 | ---- | C] () iavifw.avm -> C:\Windows\SysNative\drivers\AVG\iavifw.avm -> [2011/01/09 21:41:48 | 000,641,053 | ---- | C] () AVG 2011.lnk -> C:\Users\Public\Desktop\AVG 2011.lnk -> [2011/01/09 16:42:20 | 000,000,955 | ---- | C] () incavi.avm -> C:\Windows\SysWow64\drivers\AVG\incavi.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | C] () iavifw.avm -> C:\Windows\SysWow64\drivers\AVG\iavifw.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | C] () iavichjw.avm -> C:\Windows\SysWow64\drivers\AVG\iavichjw.avm -> [2011/01/09 16:42:06 | 000,000,000 | ---- | C] () SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/12/27 10:18:38 | 000,001,963 | ---- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010/12/25 10:54:55 | 000,749,728 | ---- | C] () Spybot - Search & Destroy.lnk -> C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2010/12/25 01:24:06 | 000,001,284 | ---- | C] () Spybot - Search & Destroy.lnk -> C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk -> [2010/12/25 01:24:06 | 000,001,260 | ---- | C] () Resmon.ResmonCfg -> C:\Users\Owner\AppData\Local\Resmon.ResmonCfg -> [2010/12/23 16:20:36 | 000,007,602 | ---- | C] () To Do 12.21.2010.docx -> C:\Users\Owner\Desktop\To Do 12.21.2010.docx -> [2010/12/21 08:40:43 | 000,018,986 | ---- | C] () To Do 12.16.2010.docx -> C:\Users\Owner\Desktop\To Do 12.16.2010.docx -> [2010/12/16 11:24:01 | 000,016,312 | ---- | C] () ChatLog VT SWIM Meeitng 2010_12_16 11_10.rtf -> C:\Users\Owner\Documents\ChatLog VT SWIM Meeitng 2010_12_16 11_10.rtf -> [2010/12/16 11:10:05 | 000,000,373 | ---- | C] () ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2010/11/14 19:48:17 | 000,000,056 | -H-- | C] () ATKPF.ini -> C:\Windows\ATKPF.ini -> [2010/11/10 13:49:09 | 000,000,024 | ---- | C] () Smiley.ico -> C:\Users\Owner\AppData\Roaming\Smiley.ico -> [2010/10/10 00:19:30 | 000,076,407 | ---- | C] () Cgiteqal.dat -> C:\Users\Owner\AppData\Local\Cgiteqal.dat -> [2010/08/17 21:52:21 | 000,000,120 | ---- | C] () Hnisoxew.bin -> C:\Users\Owner\AppData\Local\Hnisoxew.bin -> [2010/08/17 21:52:21 | 000,000,000 | ---- | C] () Adobe GIF Format CS5 Prefs -> C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs -> [2010/08/13 08:13:52 | 000,000,132 | ---- | C] () Adobe PNG Format CS5 Prefs -> C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs -> [2010/08/12 16:46:21 | 000,000,132 | ---- | C] () PICSDK.ini -> C:\Windows\SysWow64\PICSDK.ini -> [2010/07/30 20:34:07 | 000,000,097 | ---- | C] () ENX420.ini -> C:\Windows\ENX420.ini -> [2010/07/30 20:27:35 | 000,000,071 | ---- | C] () winscp.rnd -> C:\Users\Owner\AppData\Roaming\winscp.rnd -> [2010/03/28 20:28:41 | 000,000,600 | ---- | C] () wklnhst.dat -> C:\Users\Owner\AppData\Roaming\wklnhst.dat -> [2010/02/15 18:14:27 | 000,000,108 | ---- | C] () ODBC.INI -> C:\Windows\ODBC.INI -> [2010/01/20 23:54:17 | 000,000,376 | ---- | C] () CinemaNowSvc.ini -> C:\ProgramData\CinemaNowSvc.ini -> [2010/01/19 13:33:41 | 000,000,024 | ---- | C] () primopdf.ini -> C:\Windows\primopdf.ini -> [2009/12/20 20:42:18 | 000,000,326 | ---- | C] () LogonStart.dll -> C:\Windows\SysWow64\LogonStart.dll -> [2009/09/17 10:24:05 | 000,053,248 | ---- | C] () {40BF1E83-20EB-11D8-97C5-0009C5020658}.log -> C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log -> [2009/09/17 10:03:04 | 000,000,105 | ---- | C] () {C59C179C-668D-49A9-B6EA-0121CCFC1243}.log -> C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log -> [2009/09/17 10:02:46 | 000,000,107 | ---- | C] () OOBEPlayer.ini -> C:\Windows\OOBEPlayer.ini -> [2009/08/19 03:33:09 | 000,000,031 | ---- | C] () ABLKSR.ini -> C:\Windows\SysWow64\ABLKSR.ini -> [2009/07/29 00:20:40 | 000,000,010 | ---- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () sqlite3.dll -> C:\Windows\SysWow64\sqlite3.dll -> [2008/12/01 20:32:32 | 000,362,029 | ---- | C] () snp2uvc.ini -> C:\Windows\snp2uvc.ini -> [2006/05/18 22:39:57 | 000,015,497 | ---- | C] () [File - Lop Check] AVG10 -> C:\Users\Owner\AppData\Roaming\AVG10 -> [2011/01/09 16:44:10 | 000,000,000 | ---D | M] Azureus -> C:\Users\Owner\AppData\Roaming\Azureus -> [2011/01/06 20:28:20 | 000,000,000 | ---D | M] C5F77F1507117267D95EEAD6894CD1B8 -> C:\Users\Owner\AppData\Roaming\C5F77F1507117267D95EEAD6894CD1B8 -> [2010/08/18 10:35:18 | 000,000,000 | ---D | M] Echo Software -> C:\Users\Owner\AppData\Roaming\Echo Software -> [2010/11/11 16:42:02 | 000,000,000 | ---D | M] EndNote -> C:\Users\Owner\AppData\Roaming\EndNote -> [2010/11/17 14:07:12 | 000,000,000 | ---D | M] Epson -> C:\Users\Owner\AppData\Roaming\Epson -> [2010/09/08 15:23:10 | 000,000,000 | ---D | M] FileZilla -> C:\Users\Owner\AppData\Roaming\FileZilla -> [2011/01/10 20:04:13 | 000,000,000 | ---D | M] KompoZer -> C:\Users\Owner\AppData\Roaming\KompoZer -> [2010/12/23 22:53:11 | 000,000,000 | ---D | M] Leader Technologies -> C:\Users\Owner\AppData\Roaming\Leader Technologies -> [2010/07/30 20:49:09 | 000,000,000 | ---D | M] Leadertech -> C:\Users\Owner\AppData\Roaming\Leadertech -> [2010/07/30 20:44:51 | 000,000,000 | ---D | M] OpenCandy -> C:\Users\Owner\AppData\Roaming\OpenCandy -> [2010/12/23 22:53:15 | 000,000,000 | ---D | M] PrimoPDF -> C:\Users\Owner\AppData\Roaming\PrimoPDF -> [2011/01/10 11:11:09 | 000,000,000 | ---D | M] Raptr -> C:\Users\Owner\AppData\Roaming\Raptr -> [2011/01/09 21:48:58 | 000,000,000 | ---D | M] Template -> C:\Users\Owner\AppData\Roaming\Template -> [2010/02/15 18:14:27 | 000,000,000 | ---D | M] Uniblue -> C:\Users\Owner\AppData\Roaming\Uniblue -> [2010/10/13 19:51:04 | 000,000,000 | ---D | M] SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 00:08:49 | 000,022,182 | ---- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > < MD5 Scans Start> < %systemdrive%\AGP440.SYS /md5 /s > AGP440.sys : MD5=608C14DBA7299D8CB6ED035A68A15799 -> C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys -> [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=608C14DBA7299D8CB6ED035A68A15799 -> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys -> [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) < %systemdrive%\ATAPI.SYS /md5 /s > atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys -> [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys -> [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) < %systemdrive%\CNGAUDIT.DLL /md5 /s > cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\SysWOW64\cngaudit.dll -> [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\SysWOW64\cngaudit.dll -> [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll -> [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -> C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll -> [2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) < %systemdrive%\IASTOR.SYS /md5 /s > iaStor.sys : MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -> C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys -> [2009/06/04 05:54:35 | 000,408,600 | ---- | M] (Intel Corporation) iaStor.sys : MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -> C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys -> [2009/06/04 05:54:35 | 000,408,600 | ---- | M] (Intel Corporation) < %systemdrive%\IASTORV.SYS /md5 /s > iaStorV.sys : MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -> C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys -> [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) iaStorV.sys : MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys -> [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) < %systemdrive%\NETLOGON.DLL /md5 /s > netlogon.dll : MD5=956D030D375F207B22FB111E06EF9C35 -> C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll -> [2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\SysWOW64\netlogon.dll -> [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\SysWOW64\netlogon.dll -> [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll -> [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) < %systemdrive%\NVSTOR.SYS /md5 /s > nvstor.sys : MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -> C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys -> [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys -> [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) < %systemdrive%\SCECLI.DLL /md5 /s > scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\SysWOW64\scecli.dll -> [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\SysWOW64\scecli.dll -> [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll -> [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=398712DDDAEFB85EDF61DF6A07B65C79 -> C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll -> [2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > CREATERESTOREPOINT Restore point Set: OTS Restore Point < %systemroot%\system32\*.dll /lockedfiles > dxtmsft.dll : Unable to obtain MD5 -> C:\Windows\SysWOW64\dxtmsft.dll -> [2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) dxtrans.dll : Unable to obtain MD5 -> C:\Windows\SysWOW64\dxtrans.dll -> [2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) wmp.dll : Unable to obtain MD5 -> C:\Windows\SysWOW64\wmp.dll -> [2010/08/31 23:29:28 | 011,406,848 | ---- | M] (Microsoft Corporation) < %systemroot%\Tasks\*.job /lockedfiles > [Alternate Data Streams] @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1 < End of report >
What can I do to get rid of this thing?
Any help is so much appreciated,
Kristi