here is my OTS report
OTS logfile created on: 7/23/2011 10:12:32 AM - Run 1
OTS by OldTimer - Version 3.1.44.0 Folder = C:\Users\Scott\Desktop\Anti Malware tools
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 60.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.50 Gb Total Space | 338.96 Gb Free Space | 74.09% Space Free | Partition Type: NTFS
Drive D: | 2.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 74.53 Gb Total Space | 31.58 Gb Free Space | 42.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SCOTT-ALIEN
Current User Name: Scott
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
otl.exe -> C:\Users\Scott\Desktop\Anti Malware tools\OTL.exe -> [2011/07/23 10:12:28 | 000,645,120 | ---- | M] (OldTimer Tools)
csrss.exe -> C:\Users\Scott\AppData\Local\Temp\csrss.exe -> [2011/07/21 22:56:40 | 000,187,904 | ---- | M] ()
dwm.exe -> C:\Users\Scott\AppData\Roaming\dwm.exe -> [2011/07/20 18:10:40 | 000,180,736 | ---- | M] ()
conhost.exe -> C:\Users\Scott\AppData\Roaming\Microsoft\conhost.exe -> [2011/07/20 18:09:57 | 000,169,472 | ---- | M] ()
servetome.exe -> C:\Program Files (x86)\ServeToMe\Contents\Windows\ServeToMe.exe -> [2011/03/18 23:15:20 | 000,850,648 | ---- | M] ()
mcmscsvc.exe -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.)
memeodashboard.exe -> C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe -> [2010/04/30 09:47:00 | 000,069,896 | ---- | M] (Memeo)
seagatedashboardservice.exe -> C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -> [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo)
instantbackup.exe -> C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe -> [2010/04/22 19:33:00 | 000,323,808 | ---- | M] ()
toaster.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe -> [2010/03/25 17:08:06 | 001,573,376 | ---- | M] (SoftThinks - Dell)
sftservice.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -> [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks)
mcsysmon.exe -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.)
mcagent.exe -> C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
alienfxhook32mngr.exe -> C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe -> [2009/10/05 15:36:04 | 000,013,624 | ---- | M] (Alienware)
alienwarealienfxcontroller.exe -> C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe -> [2009/10/05 15:35:52 | 000,058,696 | ---- | M] (Alienware Corporation)
ctaudsvc.exe -> C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -> [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd)
xenotray.exe -> C:\Program Files (x86)\Bigfoot Networks\Xeno Suite\XenoTray.exe -> [2009/08/05 13:29:08 | 000,696,320 | ---- | M] (Bigfoot Networks, Inc.)
gamedetectservice.exe -> C:\Program Files (x86)\Bigfoot Networks\Xeno Suite\GameDetectService.exe -> [2009/08/05 13:26:40 | 000,212,480 | ---- | M] ()
perftuneservice.exe -> C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -> [2009/07/27 15:19:12 | 000,030,944 | ---- | M] (Intel Corporation)
mcproxy.exe -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
iaantmon.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
nbservice.exe -> C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -> [2009/05/15 08:35:52 | 000,935,208 | ---- | M] (Nero AG)
brs.exe -> C:\Program Files (x86)\CyberLink\Shared Files\brs.exe -> [2009/04/29 02:50:26 | 000,075,048 | ---- | M] (cyberlink)
pdvd8serv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe -> [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.)
ewidoguard.exe -> C:\Program Files (x86)\ewido\security suite\ewidoguard.exe -> [2005/07/19 12:37:52 | 000,163,904 | ---- | M] (ewido networks)
spybotsd.exe -> E:\Utilities\Antispyware\SPYBOT\SPYBOT_SD_1.4_WITHOUT_INSTALLING\SpybotSD.exe -> [2005/05/31 01:04:00 | 004,393,096 | ---- | M] (Safer Networking Limited)
ewidoctrl.exe -> C:\Program Files (x86)\ewido\security suite\ewidoctrl.exe -> [2004/11/11 18:53:03 | 000,016,448 | ---- | M] (ewido networks)
[Modules - Safe List]
otl.exe -> C:\Users\Scott\Desktop\Anti Malware tools\OTL.exe -> [2011/07/23 10:12:28 | 000,645,120 | ---- | M] (OldTimer Tools)
sahook.dll -> c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll -> [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.)
alienfxhook.dll -> C:\Program Files\Alienware\Command Center\AlienFXHook.dll -> [2009/10/05 15:36:42 | 000,015,656 | ---- | M] (Alienware Corp.)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)
msvcr90.dll -> C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll -> [2009/06/10 16:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
64bit-(McShield) [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/11/04 17:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.)
64bit-(McODS) [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/10/28 12:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.)
64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009/08/27 02:56:26 | 000,202,752 | ---- | M] (AMD)
64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(AERTFilters) [Auto | Running] -> C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -> [2009/06/03 18:56:06 | 000,092,160 | ---- | M] (Andrea Electronics Corporation)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -> [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.)
(Creative Audio Engine Licensing Service) Creative Audio Engine Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -> [2010/07/24 15:03:33 | 000,079,360 | ---- | M] (Creative Labs)
(Creative ALchemy AL6 Licensing Service) Creative ALchemy AL6 Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -> [2010/07/24 15:03:21 | 000,079,360 | ---- | M] (Creative Labs)
(mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.)
(SeagateDashboardService) Seagate Dashboard Service [Auto | Running] -> C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -> [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo)
(MemeoBackgroundService) MemeoBackgroundService [Auto | Running] -> C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -> [2010/04/22 19:33:04 | 000,025,824 | ---- | M] (Memeo)
(SftService) SoftThinks Agent Service [Auto | Running] -> C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -> [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks)
(McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
(HPSLPSVC) HP Network Devices Support [Auto | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -> [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.)
(CTAudSvcService) Creative Audio Service [Auto | Running] -> C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -> [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd)
(GameDetect) GameDetect [Auto | Running] -> C:\Program Files (x86)\Bigfoot Networks\Xeno Suite\GameDetectService.exe -> [2009/08/05 13:26:40 | 000,212,480 | ---- | M] ()
(XTUService) Intel® Extreme Tuning Utility [Auto | Running] -> C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -> [2009/07/27 15:19:12 | 000,030,944 | ---- | M] (Intel Corporation)
(Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation)
(McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(IAANTMON) Intel® Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
(Nero BackItUp Scheduler 4.0) Nero BackItUp Scheduler 4.0 [Auto | Running] -> C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -> [2009/05/15 08:35:52 | 000,935,208 | ---- | M] (Nero AG)
(wampmysqld) wampmysqld [On_Demand | Stopped] -> c:\wamp\mysql\bin\mysqld-nt.exe -> [2007/07/06 14:14:02 | 005,730,304 | ---- | M] ()
(wampapache) wampapache [On_Demand | Stopped] -> c:\wamp\apache2\bin\httpd.exe -> [2007/01/10 01:17:24 | 000,020,539 | ---- | M] (Apache Software Foundation)
(ewido security suite guard) ewido security suite guard [Disabled | Stopped] -> C:\Program Files (x86)\ewido\security suite\ewidoguard.exe -> [2005/07/19 12:37:52 | 000,163,904 | ---- | M] (ewido networks)
(ewido security suite control) ewido security suite control [Auto | Running] -> C:\Program Files (x86)\ewido\security suite\ewidoctrl.exe -> [2004/11/11 18:53:03 | 000,016,448 | ---- | M] (ewido networks)
[Driver Services - Safe List]
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.)
64bit-(AWOPFilterDriver) AWOPFilterDriver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -> [2010/09/02 01:12:22 | 000,019,464 | ---- | M] ()
64bit-(MPFP) MPFP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\Mpfp.sys -> [2010/07/15 15:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.)
64bit-(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mfehidk.sys -> [2009/11/04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.)
64bit-(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfeavfk.sys -> [2009/11/04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.)
64bit-(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfesmfk.sys -> [2009/11/04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.)
64bit-(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mferkdk.sys -> [2009/11/04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.)
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2009/08/27 05:13:06 | 006,203,392 | ---- | M] (ATI Technologies Inc.)
64bit-(AtiHdmiService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtiHdmi.sys -> [2009/08/23 13:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.)
64bit-(WRfiltv) WRfiltv [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WRfiltv.sys -> [2009/07/31 11:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.)
64bit-(SI3132) SiI-3132 SATALink Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SI3132.sys -> [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc)
64bit-(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SiWinAcc.sys -> [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc)
64bit-(SiRemFil) SATALink External Device Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SiRemFil.sys -> [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(k57nd60a) Broadcom NetLink Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\k57nd60a.sys -> [2009/07/06 14:08:10 | 000,317,480 | ---- | M] (Broadcom Corporation)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009/06/24 18:22:48 | 000,408,600 | ---- | M] (Intel Corporation)
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 15:38:56 | 000,000,308 | ---- | M] ()
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(Xeno7x64) Killer Xeno Gaming Adapter Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Xeno7x64.sys -> [2009/06/02 18:24:46 | 000,131,096 | ---- | M] (Bigfoot Networks, Inc.)
64bit-(Edge7x64) Killer Xeno NDIS-Edge Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Edge7x64.sys -> [2009/06/02 18:24:46 | 000,027,672 | ---- | M] (Bigfoot Networks, Inc.)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.)
64bit-(smbusp) Intel® SMBus 2.0 Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\intelsmb.sys -> [2009/05/13 16:31:02 | 000,063,616 | ---- | M] (Intel Corporation)
64bit-(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LMouFilt.Sys -> [2009/04/22 18:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.)
64bit-(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LHidFilt.Sys -> [2009/04/22 18:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.)
64bit-(WimFltr) WimFltr [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WimFltr.sys -> [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation)
(IOCBIOS) IOCBIOS [Kernel | Auto | Running] -> C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -> [2009/07/09 11:53:00 | 000,027,096 | ---- | M] (Intel Corporation)
({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) Power Control [2009/11/20 18:08:09] [Kernel | Auto | Running] -> c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -> [2009/04/16 00:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.)
(ewido security suite driver) ewido security suite driver [Kernel | System | Stopped] -> C:\Program Files (x86)\ewido\security suite\guard.sys -> [2004/11/22 09:15:15 | 000,003,072 | ---- | M] ()
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{7b13ec3e-999a-4b70-b9cb-2617b8323822}" [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{aac4043a-8832-4abe-9963-35377f30b8e6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://www.alienware.com/ ->
HKEY_CURRENT_USER\: Main\\"Default_Secondary_Page_URL" -> http://support.alienware.com [binary data] ->
HKEY_CURRENT_USER\: Main\\"Secondary Start Pages" -> [Binary data over 100 bytes] ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.alienware.com/ ->
64bit-HKEY_CURRENT_USER\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,309,096 | ---- | M] (McAfee, Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,251,928 | ---- | M] (McAfee, Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{aac4043a-8832-4abe-9963-35377f30b8e6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local;<local> ->
HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:61273 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Scott\AppData\Roaming\Mozilla\FireFox\Profiles\ustkuvl3.default\prefs.js ->
extensions.enabledItems -> [email protected]:1.5.4 ->
extensions.enabledItems -> [email protected]:4.51 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 ->
network.proxy.http -> "127.0.0.1" ->
network.proxy.http_port -> 61273 ->
network.proxy.type -> 1 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\HP\Digital Imaging\smart web printing\MozillaAddOn3 [C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/03/24 21:45:30 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files (x86)\McAfee\SiteAdvisor [C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR] -> [2011/05/25 17:23:54 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/12 00:10:09 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2011/05/12 00:10:09 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Scott\AppData\Roaming\Mozilla\Extensions -> [2010/01/20 15:19:01 | 000,000,000 | ---D | M]
-> C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ustkuvl3.default\extensions -> [2011/05/26 05:37:37 | 000,000,000 | ---D | M]
-> C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ustkuvl3.default\extensions\[email protected] -> [2010/05/06 19:51:07 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/01/20 15:18:47 | 000,000,000 | ---D | M]
HP Smart Web Printing -> C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 -> [2010/03/24 21:45:30 | 000,000,000 | ---D | M]
McAfee SiteAdvisor -> C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR -> [2011/05/25 17:23:54 | 000,000,000 | ---D | M]
Firebug -> C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\USTKUVL3.DEFAULT\EXTENSIONS\[email protected] -> [2010/05/06 19:51:07 | 000,000,000 | ---D | M]
< FireFox Components [Program Folders] > ->
< HOSTS File > ([2009/06/10 16:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/11/04 17:47:38 | 000,060,224 | ---- | M] (McAfee, Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2011/04/08 15:37:58 | 000,309,096 | ---- | M] (McAfee, Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 05:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7b13ec3e-999a-4b70-b9cb-2617b8323822} [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/11/04 17:53:42 | 000,062,784 | ---- | M] (McAfee, Inc.)
{aac4043a-8832-4abe-9963-35377f30b8e6} [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2011/04/08 15:37:58 | 000,251,928 | ---- | M] (McAfee, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 05:47:42 | 000,160,496 | ---- | M] (Yahoo! Inc)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,309,096 | ---- | M] (McAfee, Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,251,928 | ---- | M] (McAfee, Inc.)
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}" [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
"{aac4043a-8832-4abe-9963-35377f30b8e6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 05:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{7B13EC3E-999A-4B70-B9CB-2617B8323822}" [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{AAC4043A-8832-4ABE-9963-35377F30B8E6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"AlienFX Controller" -> C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe ["C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"] -> [2009/10/05 15:35:52 | 000,058,696 | ---- | M] (Alienware Corporation)
"IAAnotif" -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
"Kernel and Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2009/04/22 18:09:36 | 000,130,576 | ---- | M] (Logitech, Inc.)
"Launch Keyboard CI" -> c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe ["c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe" /SHOWHIDE] -> [2009/05/28 11:42:12 | 003,438,088 | ---- | M] (Alienware)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/06/03 18:56:08 | 007,833,120 | ---- | M] (Realtek Semiconductor)
"Skytel" -> [C:\Program Files\Realtek\Audio\HDA\Skytel.exe] -> File not found
"Thermal Controller" -> C:\Program Files\Alienware\Command Center\ThermalController.exe ["C:\Program Files\Alienware\Command Center\ThermalController.exe" /auto] -> [2009/10/05 15:34:12 | 000,166,200 | ---- | M] (Alienware Corp.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BDRegion" -> c:\Program Files (x86)\CyberLink\Shared Files\brs.exe [c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe] -> [2009/04/29 02:50:26 | 000,075,048 | ---- | M] (cyberlink)
"conhost" -> C:\Users\Scott\AppData\Roaming\Microsoft\conhost.exe [C:\Users\Scott\AppData\Roaming\Microsoft\conhost.exe] -> [2011/07/20 18:09:57 | 000,169,472 | ---- | M] ()
"mcagent_exe" -> C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe ["C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
"McENUI" -> C:\Program Files (x86)\McAfee\MHN\McENUI.exe [C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide] -> [2009/07/07 22:02:26 | 001,176,808 | ---- | M] (McAfee, Inc.)
"Memeo AutoSync" -> C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent] -> [2010/04/16 16:43:12 | 000,144,608 | ---- | M] (Memeo Inc.)
"Memeo Instant Backup" -> C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui] -> [2010/04/22 19:33:08 | 000,136,416 | ---- | M] (Memeo Inc.)
"Memeo Send" -> C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe [C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent] -> [2010/07/20 13:18:14 | 000,236,816 | ---- | M] ()
"PDVD8LanguageShortcut" -> c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ["c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"] -> [2009/04/16 00:54:44 | 000,050,472 | ---- | M] (CyberLink Corp.)
"RemoteControl8" -> c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ["c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"] -> [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.)
"Seagate Dashboard" -> C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui] -> [2010/04/30 09:47:02 | 000,079,112 | ---- | M] ()
"StartCCC" -> c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2009/08/26 23:18:10 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.)
< 64bit-RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"DSUpdateLauncher" -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"] -> [2009/09/17 14:14:00 | 000,018,160 | ---- | M] (Dell)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"" -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] -> [2011/03/21 20:29:26 | 000,560,128 | ---- | M] (Dell)
"STToasterLauncher" -> C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe [C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe] -> [2010/02/11 12:53:00 | 000,120,128 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Messenger (Yahoo!)" -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/06/20 04:03:56 | 004,351,216 | ---- | M] (Yahoo! Inc.)
< 64bit-WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
64bit-*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\Users\Scott\AppData\Local\Temp\csrss.exe -> C:\Users\Scott\AppData\Local\Temp\csrss.exe -> [2011/07/21 22:56:40 | 000,187,904 | ---- | M] ()
*MultiFile Done* -> ->
< WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\Users\Scott\AppData\Local\Temp\csrss.exe -> C:\Users\Scott\AppData\Local\Temp\csrss.exe -> [2011/07/21 22:56:40 | 000,187,904 | ---- | M] ()
*MultiFile Done* -> ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [0] -> File not found
\\"ConsentPromptBehaviorUser" -> [3] -> File not found
\\"EnableLUA" -> [0] -> File not found
\\"PromptOnSecureDesktop" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1093 domain(s) found. ->
bhc.edu .[*] -> Trusted sites ->
bhc-blackboard_bhc.edu [http] -> Trusted sites ->
myblackhawk_bhc.edu [*] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. ->
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29} [HKLM] -> http://ccfiles.creat...15112/CTPID.cab [Creative Software AutoUpdate Support Package] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{A27FB204-6BE9-41E7-A300-520520548425}\\DhcpNameServer -> 192.168.0.1 (Killer Xeno NDIS EDGE Interface) ->
{B8B51C96-3A70-48E6-ABD0-BC7931CAA9E5}\\DhcpNameServer -> 0.0.0.0 (Broadcom NetLink Gigabit Ethernet) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 20:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}" [HKLM] -> C:\Program Files (x86)\ewido\security suite\shellhook.dll [ewido shell guard] -> [2004/09/30 07:21:56 | 000,039,488 | ---- | M] ()
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{071B04E4-944F-4415-823E-60D618CBB01C} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{151113F4-5DE8-4F21-B5EF-6A27827BE700} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{1E2D72EB-E090-4713-85A6-04435A8BF97A} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{260F2480-A942-4D15-A6AE-93C377F882AC} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system |
{301C970B-A4E5-4C96-AD67-CAB1A98A430F} -> lport=2799 | protocol=6 | dir=in | action=allow | name=altova license metering port (tcp) |
{4B7B051D-22D1-4498-9BFD-4A726F6B96BB} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{5887A8F1-2659-488E-BEF4-EAE397BBE101} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system |
{642603CD-696E-44C2-829B-5E76C9300A0C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{6D775462-D8E6-4E00-866F-562C840BF0E7} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system |
{88EB936C-092F-4C69-B156-86FD31CD2FE0} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system |
{8E337BDD-06E7-4574-B0FB-7994AC26144C} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system |
{9D882D52-9344-4CD3-9FBC-9C3C6FDE2FDC} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system |
{A9185B5D-D823-4CBB-8179-9935FDDB55EC} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{BB70B83B-9FF9-443C-82AF-1F73D2DB4CF5} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss |
{D321AAD2-9121-465C-95B7-DF826D40861A} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{E06F23C9-697C-47C7-8A8A-774BD06B3398} -> lport=2799 | protocol=17 | dir=in | action=allow | name=altova license metering port (udp) |
{E1BEC105-9743-444B-8265-7F5A5CC94271} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{E5799705-CC3D-42CA-AFBC-E2FA12D6CB6E} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system |
{FFE76941-3203-40D6-9CCE-301B5C9A83A2} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{0122D654-819B-4B6B-B064-2651BB459B36} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
{055541AA-09A6-4D55-AEC6-E6C656E184FA} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
{056A375C-4F94-46BE-810B-7A365B26BE00} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
{0F0D95DB-4BBC-41E8-8F65-D562F1A35971} -> dir=in | action=allow | name=hpqgpc01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
{11639C76-D698-4018-B6F6-3BE5811C1A78} -> dir=in | action=allow | name=hpqsudi.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
{135EA6E5-927F-450B-8105-DF9559D3E424} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 |
{16EBDDBB-289A-4EF5-8537-2753BBA14CA5} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{1837CEF6-48DE-403F-869D-B4A36F07ACFF} -> profile=public | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe |
{19FCEE21-BD63-48C8-A950-7EA7825DA183} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{248C770E-A5E6-436C-93D3-9AFC4120476E} -> dir=in | action=allow | name=hpqusgm.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
{29A74F12-FE43-42E0-8C2F-D7C94A03B8AD} -> dir=in | action=allow | name=hpiscnapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
{315C880A-445C-499B-A6AE-6CFE63019165} -> profile=private | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{346AF33A-CAF2-4126-932A-399D71892850} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{392670AC-B829-40FC-9826-E89EB0FFE9B0} -> profile=domain | dir=in | action=allow | name=mcafee network agent | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
{3AC88A92-96D8-47F0-8384-30D4807731F2} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{40F86E82-54A2-4AEF-9DB8-7CB91BAB928A} -> dir=in | action=allow | name=hpqcopy2.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
{49F8175A-ABA0-4EE5-AA1E-F6C8516073BF} -> profile=private | protocol=6 | dir=in | action=allow | name=vmcmoteserver | app=c:\program files (x86)\vmcmoteserver\server\vmcmoteserver.exe |
{4A8B1F34-F3F3-4E72-A1A9-5A68C7406273} -> profile=public | protocol=6 | dir=out | action=allow | name=windows media player x86 (tcp-out) | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{4C438A41-E634-4408-994A-FB2BB57A3EB5} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe |
{4E2B42B9-E800-4903-BA55-C22A09760F3B} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{50D03786-ABC5-4E1C-81BD-A1CCCFBDCE39} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{52AE588D-2B92-49F6-99C8-C48686BAFC57} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe |
{54D53793-AB74-4020-A1C3-96E3B74DE4C4} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{56289E5F-0352-44E2-B80B-0B49CF882E05} -> profile=public | protocol=17 | dir=out | action=allow | name=windows media player x86 (udp-out) | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{58856C85-665C-4B32-9F54-F508160AA481} -> profile=private | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
{5C35E40A-776A-4C31-9F96-61BC33E79121} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{60A1DC02-E22D-4AA0-A3E3-6660FA115AC4} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{61FBC0B3-B1C5-4201-AF15-82F072BC292A} -> dir=in | action=allow | name=hpfccopy.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
{643A6C07-ECA9-4B8E-A933-0BE50F740F7D} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
{69CBC21A-73AA-4313-A6FB-D1ABA3138BAF} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
{6BBBC53F-598D-446E-9618-ECF76D03B45E} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
{765F769C-9994-4C4F-944D-50288B4B4543} -> dir=in | action=allow | name=hpqpsapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
{78A583E8-6533-433F-AB10-11127D95CB22} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe |
{7D02CA3F-69C2-4EEF-88CF-F818B05822F1} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 |
{7E2FEAFB-0C96-49E3-8A77-F7A8C16EFFC1} -> dir=in | action=allow | name=hpqnrs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
{81B5A6F4-60C8-4107-9FE1-15BF534C2736} -> dir=in | action=allow | name=hposfx08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
{8681D88E-5C8A-408A-A6BE-55A084DBA41A} -> profile=private | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
{9617449E-1F18-4FC4-ACB3-EE40CBE3AA8E} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{96488AD5-A887-43AF-81B4-7F18B43B3644} -> dir=in | action=allow | name=hpzwiz01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
{9C1BE57C-D6D0-4492-828D-9CB2522122E4} -> dir=in | action=allow | name=hpqste08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
{9CE70AF8-CE8E-4C50-A274-449B4218E1E9} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 |
{9D3544D0-1B4D-437E-BCAD-4F2C995B1C62} -> dir=in | action=allow | name=cyberlink powerdvd 8.0 | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
{9D777A19-17DD-48D6-98C5-B7F521CE86B1} -> dir=in | action=allow | name=smartwebprintexe.exe | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
{9EEC82BB-D416-483E-AF46-84CA50F79545} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
{A155485D-7169-467F-82B7-C2AB52380ECE} -> dir=in | action=allow | name=hpqgplgtupl.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
{AD748F72-E4D0-4D99-A198-15E0884519D6} -> dir=in | action=allow | name=hposid01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
{B4246AB6-7488-4779-8B7E-7AF2D4A4A958} -> dir=in | action=allow | name=hpoews01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
{BEEDF1D8-FD61-48E1-B2B6-84F160A3047B} -> profile=private | protocol=17 | dir=in | action=allow | name=vmcmoteserver | app=c:\program files (x86)\vmcmoteserver\server\vmcmoteserver.exe |
{C223FD2C-FBF8-45ED-BB78-ADA3414620F3} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
{C591AC26-E1EC-4641-9E16-8759713A23A7} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{C975D7E8-93FF-4CB4-8DF3-C04DA91F3AE3} -> dir=in | action=allow | name=hpqfxt08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
{CC19CF33-1B1E-4C26-9630-792FFC920F4E} -> dir=in | action=allow | name=hpofxs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
{CD70C7F8-08C9-4086-9CC9-992235322E16} -> dir=in | action=allow | name=hpqkygrp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
{D40673DD-413B-4D92-921C-1FA907E7E2F8} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
{D43D2E75-E1B0-4AC0-B582-D9B153F8CD1B} -> dir=in | action=allow | name=hpqpse.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
{D6B3DCD3-6892-486F-A730-CBCE34B15C93} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 |
{DBEDE7CE-D5D5-4B19-BA0E-63DA968464C4} -> profile=public | protocol=17 | dir=in | action=allow | name=windows media player (udp-in) | app=%programfiles%\windows media player\wmplayer.exe |
{DFF7CE1A-7223-483F-B683-799C483819AC} -> dir=in | action=allow | name=hpwucli.exe | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
{E04EF51D-2980-4D28-9734-9BCC089BD710} -> profile=public | protocol=17 | dir=in | action=allow | name=windows media player x86 (udp-in) | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{E05E65AA-1A50-4DDE-A377-C1E854A56680} -> profile=public | protocol=17 | dir=out | action=allow | name=windows media player (udp-out) | app=%programfiles%\windows media player\wmplayer.exe |
{E69FCD62-209A-452B-AB61-E4B8AAFFA8BB} -> dir=in | action=allow | name=hpqphotocrm.exe | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
{EB0A870D-166C-47B5-B0DD-893B7D4AB61D} -> profile=public | protocol=6 | dir=out | action=allow | name=windows media player (tcp-out) | app=%programfiles%\windows media player\wmplayer.exe |
{EBEBFBE9-7AA6-4DED-8A4D-FFBB93198AA9} -> dir=in | action=allow | name=hpofxm08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
{EC99612D-F294-4BC5-B7A9-4D8D8EF44E70} -> profile=public | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe |
{ED4B233B-B6FF-45BC-8A7C-953A7170AA04} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{F1A94004-7C8F-4471-A0F9-99B420869485} -> dir=in | action=allow | name=hpqtra08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
{F4536311-4F85-4547-8A61-C941988C2E9B} -> profile=private | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{F4C908EE-8EC6-48E0-99CB-BD64A7294A96} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
{F688C2E2-E7D6-411D-B7CC-AA6B148691DD} -> dir=in | action=allow | name=hpqusgh.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
{FC588ADD-DDB9-46DF-9B85-F2E645A3DE24} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{FD98E274-4989-4E95-B705-A4099A33998B} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
TCP Query User{D91E7856-A5F6-48E7-9FB1-5044E8303BD0}C:\users\public\games\world of warcraft\launcher.exe -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=c:\users\public\games\world of warcraft\launcher.exe |
UDP Query User{5509DE69-CCBC-4ADE-830F-466C0FD1981C}C:\users\public\games\world of warcraft\launcher.exe -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=c:\users\public\games\world of warcraft\launcher.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
[Files/Folders - Created Within 30 Days]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2011/07/23 10:08:20 | 000,000,000 | ---D | C]
ewido -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ewido -> [2011/07/23 09:59:28 | 000,000,000 | ---D | C]
ewido -> C:\Program Files (x86)\ewido -> [2011/07/23 09:59:26 | 000,000,000 | ---D | C]
Lavasoft -> C:\Users\Scott\AppData\Roaming\Lavasoft -> [2011/07/23 09:58:45 | 000,000,000 | ---D | C]
CyberLink PowerDVD 8 -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 -> [2011/07/23 09:56:59 | 000,000,000 | R--D | C]
Anti Malware tools -> C:\Users\Scott\Desktop\Anti Malware tools -> [2011/07/23 09:44:06 | 000,000,000 | ---D | C]
Ventrilo -> C:\Users\Scott\AppData\Roaming\Ventrilo -> [2011/07/22 20:33:08 | 000,000,000 | ---D | C]
Ventrilo -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo -> [2011/07/22 20:32:38 | 000,000,000 | ---D | C]
Ventrilo -> C:\Program Files\Ventrilo -> [2011/07/22 20:32:36 | 000,000,000 | ---D | C]
Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2011/07/22 20:32:13 | 000,000,000 | ---D | C]
iTunes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes -> [2011/07/21 00:04:32 | 000,000,000 | ---D | C]
iPod -> C:\Program Files\iPod -> [2011/07/21 00:03:45 | 000,000,000 | ---D | C]
iTunes -> C:\Program Files\iTunes -> [2011/07/21 00:03:44 | 000,000,000 | ---D | C]
Bonjour -> C:\Program Files\Bonjour -> [2011/07/21 00:02:04 | 000,000,000 | ---D | C]
Bonjour -> C:\Program Files (x86)\Bonjour -> [2011/07/21 00:02:04 | 000,000,000 | ---D | C]
dns-sd.exe -> C:\Windows\SysNative\dns-sd.exe -> [2011/07/12 11:34:00 | 000,096,104 | ---- | C] (Apple Inc.)
dnssd.dll -> C:\Windows\SysNative\dnssd.dll -> [2011/07/12 11:34:00 | 000,085,864 | ---- | C] (Apple Inc.)
dns-sd.exe -> C:\Windows\SysWow64\dns-sd.exe -> [2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.)
dnssd.dll -> C:\Windows\SysWow64\dnssd.dll -> [2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.)
Updates -> C:\Windows\SysWow64\Updates -> [2011/07/08 19:03:07 | 000,000,000 | ---D | C]
Data -> C:\Windows\SysWow64\Data -> [2011/07/08 19:03:01 | 000,000,000 | ---D | C]
[Files/Folders - Modified Within 30 Days]
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/23 10:04:42 | 000,014,016 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/23 10:04:42 | 000,014,016 | -H-- | M] ()
ewido security suite.lnk -> C:\Users\Public\Desktop\ewido security suite.lnk -> [2011/07/23 09:59:28 | 000,001,092 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2011/07/23 09:56:37 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/07/23 09:56:33 | 529,780,735 | -HS- | M] ()
Config.MPF -> C:\Windows\SysNative\Config.MPF -> [2011/07/23 09:50:47 | 000,014,636 | ---- | M] ()
OTL.exe -> C:\OTL.exe -> [2011/07/23 09:44:23 | 000,085,543 | ---- | M] ()
B50C.5FC -> C:\Users\Scott\AppData\Roaming\B50C.5FC -> [2011/07/22 21:26:02 | 000,020,611 | ---- | M] ()
World of Warcraft.lnk -> C:\Users\Public\Desktop\World of Warcraft.lnk -> [2011/07/22 20:55:04 | 000,001,064 | ---- | M] ()
menu.new -> C:\ProgramData\menu.new -> [2011/07/22 20:44:12 | 000,000,166 | ---- | M] ()
menu.bfm -> C:\ProgramData\menu.bfm -> [2011/07/22 20:44:12 | 000,000,166 | ---- | M] ()
Ventrilo.lnk -> C:\Users\Scott\Desktop\Ventrilo.lnk -> [2011/07/22 20:32:38 | 000,000,919 | ---- | M] ()
{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> [2011/07/22 20:32:38 | 000,000,262 | ---- | M] ()
Apple Safari.lnk -> C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2011/07/21 00:06:12 | 000,002,515 | ---- | M] ()
Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2011/07/21 00:06:12 | 000,002,491 | ---- | M] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/07/21 00:04:32 | 000,001,745 | ---- | M] ()
dwm.exe -> C:\Users\Scott\AppData\Roaming\dwm.exe -> [2011/07/20 18:10:40 | 000,180,736 | ---- | M] ()
dns-sd.exe -> C:\Windows\SysNative\dns-sd.exe -> [2011/07/12 11:34:00 | 000,096,104 | ---- | M] (Apple Inc.)
dnssd.dll -> C:\Windows\SysNative\dnssd.dll -> [2011/07/12 11:34:00 | 000,085,864 | ---- | M] (Apple Inc.)
dns-sd.exe -> C:\Windows\SysWow64\dns-sd.exe -> [2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.)
dnssd.dll -> C:\Windows\SysWow64\dnssd.dll -> [2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.)
McQcTask.job -> C:\Windows\tasks\McQcTask.job -> [2011/07/01 01:00:31 | 000,000,318 | ---- | M] ()
260 C:\Users\Scott\AppData\Local\Temp\*.tmp files -> C:\Users\Scott\AppData\Local\Temp\*.tmp ->
[Files - No Company Name]
ewido security suite.lnk -> C:\Users\Public\Desktop\ewido security suite.lnk -> [2011/07/23 09:59:28 | 000,001,092 | ---- | C] ()
OTL.exe -> C:\OTL.exe -> [2011/07/23 09:53:10 | 000,085,543 | ---- | C] ()
menu.new -> C:\ProgramData\menu.new -> [2011/07/22 20:44:12 | 000,000,166 | ---- | C] ()
menu.bfm -> C:\ProgramData\menu.bfm -> [2011/07/22 20:44:12 | 000,000,166 | ---- | C] ()
Ventrilo.lnk -> C:\Users\Scott\Desktop\Ventrilo.lnk -> [2011/07/22 20:32:38 | 000,000,919 | ---- | C] ()
{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> [2011/07/22 20:32:34 | 000,000,262 | ---- | C] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/07/21 00:04:32 | 000,001,745 | ---- | C] ()
dwm.exe -> C:\Users\Scott\AppData\Roaming\dwm.exe -> [2011/07/05 21:04:27 | 000,180,736 | ---- | C] ()
B50C.5FC -> C:\Users\Scott\AppData\Roaming\B50C.5FC -> [2011/07/05 21:04:07 | 000,020,611 | ---- | C] ()
servetome-fonts.conf -> C:\Users\Scott\AppData\Roaming\servetome-fonts.conf -> [2011/05/07 01:45:32 | 000,005,259 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010/12/08 09:52:44 | 000,730,638 | ---- | C] ()
resmon.resmoncfg -> C:\Users\Scott\AppData\Local\resmon.resmoncfg -> [2010/09/19 22:49:51 | 000,000,017 | ---- | C] ()
WRcfg.ini -> C:\Windows\WRcfg.ini -> [2010/07/24 15:03:38 | 000,001,801 | ---- | C] ()
WRMCcfg.ini -> C:\Windows\WRMCcfg.ini -> [2010/07/24 15:03:38 | 000,000,388 | ---- | C] ()
hpomdl19.dat.temp -> C:\Windows\hpomdl19.dat.temp -> [2010/03/24 22:02:44 | 000,013,898 | ---- | C] ()
hpoins19.dat -> C:\Windows\hpoins19.dat -> [2010/03/24 21:42:20 | 000,221,430 | ---- | C] ()
hpomdl19.dat -> C:\Windows\hpomdl19.dat -> [2010/03/24 21:42:20 | 000,013,898 | ---- | C] ()
nsreg.dat -> C:\Windows\nsreg.dat -> [2010/01/20 15:18:57 | 000,000,000 | ---- | C] ()
phpdesigner2007pe.xml -> C:\Users\Scott\AppData\Roaming\phpdesigner2007pe.xml -> [2010/01/06 20:46:04 | 000,013,280 | ---- | C] ()
APOMngr.DLL -> C:\Windows\SysWow64\APOMngr.DLL -> [2009/11/20 20:18:36 | 000,176,128 | ---- | C] ()
CmdRtr.DLL -> C:\Windows\SysWow64\CmdRtr.DLL -> [2009/11/20 20:18:36 | 000,073,728 | ---- | C] ()
ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2009/11/20 20:18:15 | 000,000,000 | ---- | C] ()
CCBiosSupportAPI.dll -> C:\Windows\SysWow64\CCBiosSupportAPI.dll -> [2009/09/25 15:50:00 | 000,097,584 | ---- | C] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 00:38:36 | 000,067,584 | --S- | C] ()
NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 21:35:51 | 000,000,741 | ---- | C] ()
dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 21:34:42 | 000,215,943 | ---- | C] ()
mib.bin -> C:\Windows\mib.bin -> [2009/07/13 19:10:29 | 000,043,131 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] ()
mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 16:26:10 | 000,673,088 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] ()
AgCPanelSwedish.dll -> C:\Windows\SysWow64\AgCPanelSwedish.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] ()
AgCPanelSpanish.dll -> C:\Windows\SysWow64\AgCPanelSpanish.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelPortugese.dll -> C:\Windows\SysWow64\AgCPanelPortugese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelKorean.dll -> C:\Windows\SysWow64\AgCPanelKorean.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelJapanese.dll -> C:\Windows\SysWow64\AgCPanelJapanese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelGerman.dll -> C:\Windows\SysWow64\AgCPanelGerman.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelFrench.dll -> C:\Windows\SysWow64\AgCPanelFrench.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
< End of report >
thanks for any help!!!!
Edited by Essexboy, 23 July 2011 - 01:53 PM.