[code] OTS logfile created on: 11/9/2009 5:37:37 PM - Run 1 OTS by OldTimer - Version 3.1.4.0 Folder = C:\Users\Kevin\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 87.81% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215.70 Gb Total Space | 97.63 Gb Free Space | 45.26% Space Free | Partition Type: NTFS Drive D: | 14.65 Gb Total Space | 9.19 Gb Free Space | 62.73% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KEVIN-PC Current User Name: Kevin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Kevin\Desktop\OTS.exe -> [2009/11/09 17:36:16 | 00,525,312 | ---- | M] (OldTimer Tools) winhbt.exe -> C:\Users\Kevin\AppData\Local\Temp\winhbt.exe -> [2009/11/08 17:11:52 | 00,038,400 | ---- | M] () wow64main.exe -> C:\Users\Kevin\AppData\Local\Temp\wow64main.exe -> [2009/11/08 17:11:43 | 01,187,840 | ---- | M] () wscsvc32.exe -> C:\Users\Kevin\AppData\Local\Temp\wscsvc32.exe -> [2009/11/08 17:11:43 | 00,949,760 | ---- | M] (Microsoft Corporation) ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/08/27 00:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/08/27 00:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/08/27 00:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) datasafeonline.exe -> C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe -> [2009/07/07 09:23:00 | 01,779,952 | ---- | M] () applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) sprtcmd.exe -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe -> [2009/06/03 13:46:38 | 00,206,064 | ---- | M] (SupportSoft, Inc.) realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2009/05/21 20:12:40 | 00,198,160 | ---- | M] (RealNetworks, Inc.) wmiprvse.exe -> C:\Windows\System32\wbem\WmiPrvSE.exe -> [2009/03/02 21:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) reader_sl.exe -> C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe -> [2009/02/27 16:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) wltrysvc.exe -> C:\Windows\System32\WLTRYSVC.EXE -> [2008/10/27 04:54:20 | 00,024,064 | ---- | M] () wltray.exe -> C:\Windows\System32\WLTRAY.EXE -> [2008/10/27 04:54:18 | 03,563,520 | ---- | M] (Dell Inc.) bcmwltry.exe -> C:\Windows\System32\BCMWLTRY.EXE -> [2008/10/27 04:52:16 | 02,654,208 | ---- | M] (Dell Inc.) sprtsvc.exe -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/10/04 14:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) docklogin.exe -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2008/09/23 23:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) xaudio.exe -> C:\Windows\System32\drivers\XAudio.exe -> [2008/06/23 07:45:42 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) hidfind.exe -> C:\Program Files\DellTPad\hidfind.exe -> [2008/05/04 04:25:32 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) apoint.exe -> C:\Program Files\DellTPad\Apoint.exe -> [2008/05/04 04:25:26 | 00,167,936 | ---- | M] (Alps Electric Co., Ltd.) apmsgfwd.exe -> C:\Program Files\DellTPad\ApMsgFwd.exe -> [2008/05/04 04:25:26 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) apntex.exe -> C:\Program Files\DellTPad\ApntEx.exe -> [2008/05/04 04:25:26 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) igfxsrvc.exe -> C:\Windows\System32\igfxsrvc.exe -> [2008/03/06 02:58:24 | 00,256,536 | ---- | M] (Intel Corporation) igfxpers.exe -> C:\Windows\System32\igfxpers.exe -> [2008/03/06 02:58:14 | 00,133,656 | ---- | M] (Intel Corporation) hkcmd.exe -> C:\Windows\System32\hkcmd.exe -> [2008/03/06 02:58:10 | 00,166,424 | ---- | M] (Intel Corporation) quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> [2008/02/22 18:01:38 | 01,193,240 | ---- | M] (Dell Inc.) wmpnscfg.exe -> C:\Program Files\Windows Media Player\wmpnscfg.exe -> [2008/01/20 21:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation) wmiadap.exe -> \\?\C:\Windows\System32\wbem\WMIADAP.EXE -> [2008/01/20 21:33:24 | 00,117,248 | ---- | M] () msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2008/01/20 21:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) pcmservice.exe -> C:\Program Files\Dell\MediaDirect\PCMService.exe -> [2007/12/21 11:58:06 | 00,184,320 | ---- | M] (CyberLink Corp.) wkcalrem.exe -> C:\Program Files\Microsoft Works\WkCalRem.exe -> [2007/11/28 05:33:30 | 00,046,432 | ---- | M] (Microsoft® Corporation) stacsv.exe -> C:\Windows\System32\stacsv.exe -> [2007/11/12 06:07:20 | 00,102,400 | ---- | M] (IDT, Inc.) aestsrv.exe -> C:\Windows\System32\AEstSrv.exe -> [2007/11/12 06:07:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2007/03/21 14:00:04 | 00,355,096 | ---- | M] (Intel Corporation) iaanotif.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2007/03/21 14:00:00 | 00,174,872 | ---- | M] (Intel Corporation) viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2006/11/03 19:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) [Modules - Safe List] ots.exe -> C:\Users\Kevin\Desktop\OTS.exe -> [2009/11/09 17:36:16 | 00,525,312 | ---- | M] (OldTimer Tools) dadkeyb.dll -> C:\Program Files\Dell\QuickSet\dadkeyb.dll -> [2008/02/22 17:55:54 | 00,103,704 | ---- | M] (Dell Inc.) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll -> [2008/01/20 21:33:14 | 01,684,480 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (iPod Service) iPod Service [On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/07/16 19:42:25 | 00,655,624 | ---- | M] (Acresso Software Inc.) (Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) (Bonjour Service) Bonjour Service [Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) (odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) (wltrysvc) Dell Wireless WLAN Tray Service [Auto | Running] -> C:\Windows\System32\WLTRYSVC.EXE -> [2008/10/27 04:54:20 | 00,024,064 | ---- | M] () (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) [Auto | Running] -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/10/04 14:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) (DockLoginService) Dock Login Service [Auto | Running] -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2008/09/23 23:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) (XAudioService) XAudioService [Auto | Running] -> C:\Windows\System32\drivers\XAudio.exe -> [2008/06/23 07:45:42 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 20:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) (idsvc) Windows CardSpace [Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 20:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) (NetTcpPortSharing) Net.Tcp Port Sharing Service [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/06/19 20:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) (stllssvr) stllssvr [On_Demand | Stopped] -> C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -> [2008/03/24 08:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) (WMPNetworkSvc) Windows Media Player Network Sharing Service [On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 21:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) (WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 21:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) (STacSV) SigmaTel Audio Service [Auto | Running] -> C:\Windows\System32\stacsv.exe -> [2007/11/12 06:07:20 | 00,102,400 | ---- | M] (IDT, Inc.) (AESTFilters) Andrea ST Filters Service [Auto | Running] -> C:\Windows\System32\AEstSrv.exe -> [2007/11/12 06:07:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) (IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2007/03/21 14:00:04 | 00,355,096 | ---- | M] (Intel Corporation) (Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) (ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbaapl.sys -> [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\GEARAspiWDM.sys -> [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) (BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2008/10/27 04:53:36 | 01,207,288 | ---- | M] (Broadcom Corporation) (BCM42RLY) BCM42RLY [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\bcm42rly.sys -> [2008/10/27 04:52:00 | 00,018,424 | ---- | M] (Broadcom Corporation) (adfs) adfs [Kernel | Auto | Running] -> C:\Windows\System32\drivers\adfs.sys -> [2008/08/14 06:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) (XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\drivers\XAudio.sys -> [2008/06/23 07:45:44 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_DPV.sys -> [2008/06/23 07:45:40 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_CNXT.sys -> [2008/06/23 07:45:40 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\mdmxsdk.sys -> [2008/06/23 07:45:40 | 00,012,672 | ---- | M] (Conexant) (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSXHWAZL.sys -> [2008/06/23 07:45:38 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0016unic.sys -> [2008/05/16 11:33:14 | 00,115,752 | ---- | M] (MCCI Corporation) (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0016nd5.sys -> [2008/05/16 11:33:14 | 00,025,512 | ---- | M] (MCCI Corporation) (s0016mdfl) Sony Ericsson Device 0016 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0016mdfl.sys -> [2008/05/16 11:33:14 | 00,015,016 | ---- | M] (MCCI Corporation) (s0016mdm) Sony Ericsson Device 0016 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0016mdm.sys -> [2008/05/16 11:33:12 | 00,120,744 | ---- | M] (MCCI Corporation) (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0016mgmt.sys -> [2008/05/16 11:33:12 | 00,114,216 | ---- | M] (MCCI Corporation) (s0016obex) Sony Ericsson Device 0016 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0016obex.sys -> [2008/05/16 11:33:12 | 00,110,632 | ---- | M] (MCCI Corporation) (s0016bus) Sony Ericsson Device 0016 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s0016bus.sys -> [2008/05/16 11:33:12 | 00,089,256 | ---- | M] (MCCI Corporation) (ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Apfiltr.sys -> [2008/05/04 04:25:24 | 00,164,400 | ---- | M] (Alps Electric Co., Ltd.) (IntcHdmiAddService) Intel(R) High Definition Audio HDMI Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\IntcHdmi.sys -> [2008/03/06 02:58:44 | 00,111,616 | ---- | M] (Intel(R) Corporation) (igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2008/03/06 02:58:12 | 02,016,256 | ---- | M] (Intel Corporation) (adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2008/01/20 21:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) (megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2008/01/20 21:32:53 | 00,031,288 | ---- | M] (LSI Corporation) (MegaSR) MegaSR [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasr.sys -> [2008/01/20 21:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2008/01/20 21:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2008/01/20 21:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2008/01/20 21:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) (adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2008/01/20 21:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\e1e6032.sys -> [2008/01/20 21:32:51 | 00,220,672 | ---- | M] (Intel Corporation) (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2008/01/20 21:32:51 | 00,089,656 | ---- | M] (LSI Logic) (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2008/01/20 21:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2008/01/20 21:32:50 | 00,118,784 | ---- | M] (Intel Corporation) (arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2008/01/20 21:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2008/01/20 21:32:49 | 00,235,064 | ---- | M] (Intel Corporation) (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2008/01/20 21:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2008/01/20 21:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2008/01/20 21:32:49 | 00,096,312 | ---- | M] (LSI Logic) (arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2008/01/20 21:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) (elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2008/01/20 21:32:48 | 00,342,584 | ---- | M] (Emulex) (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2008/01/20 21:32:48 | 00,096,312 | ---- | M] (LSI Logic) (nvraid) NVIDIA nForce RAID Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2008/01/20 21:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) (nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2008/01/20 21:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2008/01/20 21:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) (uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2008/01/20 21:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) (viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2008/01/20 21:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) (cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2008/01/20 21:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) (aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2008/01/20 21:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2007/11/14 04:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\stwrt.sys -> [2007/11/12 06:07:28 | 00,330,240 | ---- | M] (IDT, Inc.) (yukonwlh) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\yk60x86.sys -> [2007/09/29 00:31:54 | 00,278,528 | ---- | M] (Marvell) (iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iastor.sys -> [2007/09/06 11:43:26 | 00,304,920 | ---- | M] (Intel Corporation) (rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rixdptsk.sys -> [2007/09/06 11:35:16 | 00,037,376 | ---- | M] (REDC) (rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimmptsk.sys -> [2007/09/06 11:35:14 | 00,039,936 | ---- | M] (REDC) (rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimsptsk.sys -> [2007/09/06 11:35:12 | 00,042,496 | ---- | M] (REDC) (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s616unic.sys -> [2007/04/03 13:59:42 | 00,099,080 | ---- | M] (MCCI Corporation) (s616obex) Sony Ericsson Device 616 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s616obex.sys -> [2007/04/03 13:59:42 | 00,098,568 | ---- | M] (MCCI Corporation) (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s616nd5.sys -> [2007/04/03 13:59:42 | 00,023,176 | ---- | M] (MCCI Corporation) (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s616mgmt.sys -> [2007/04/03 13:59:40 | 00,100,360 | ---- | M] (MCCI Corporation) (s616mdm) Sony Ericsson Device 616 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s616mdm.sys -> [2007/04/03 13:59:38 | 00,108,680 | ---- | M] (MCCI Corporation) (s616mdfl) Sony Ericsson Device 616 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s616mdfl.sys -> [2007/04/03 13:59:36 | 00,015,112 | ---- | M] (MCCI Corporation) (s616bus) Sony Ericsson Device 616 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\s616bus.sys -> [2007/04/03 13:59:30 | 00,083,208 | ---- | M] (MCCI Corporation) (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) (UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) (iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) (R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atikmdag.sys -> [2006/11/02 02:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) (secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> HKEY_USERS\.DEFAULT\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-18\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\] > -> -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\: Main\\"Default_Page_URL" -> http://g.msn.com/USCON/1 -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\: Main\\"Start Page" -> http://www.dyestat.com/ -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\: Main\\"StartPageCache" -> 1 -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\: "ProxyOverride" -> *.local -> < FireFox Settings [Prefs.js] > -> C:\Users\Kevin\AppData\Roaming\Mozilla\FireFox\Profiles\npkqmhpe.default\prefs.js -> browser.startup.homepage -> "http://apps.collegeboard.com/qotd/question.do" -> extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 -> extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 -> extensions.enabledItems -> {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1 -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 -> network.proxy.no_proxies_on -> "*.local" -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/07/07 21:39:26 | 00,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\Program Files\Real\RealPlayer\browserrecord [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2009/05/21 20:12:53 | 00,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/09/27 15:42:03 | 00,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/09/27 15:42:03 | 00,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions -> [2009/06/18 19:25:42 | 00,000,000 | ---D | M] -> C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/06/18 19:25:42 | 00,000,000 | ---D | M] -> C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org -> [2009/02/18 15:56:14 | 00,000,000 | ---D | M] -> C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\npkqmhpe.default\extensions -> [2009/10/04 17:26:50 | 00,000,000 | ---D | M] -> C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\npkqmhpe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/07/11 09:34:59 | 00,000,000 | ---D | M] -> C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\npkqmhpe.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} -> [2009/07/11 09:36:39 | 00,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2009/06/18 19:25:38 | 00,000,000 | ---D | M] -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/06/18 19:25:38 | 00,000,000 | ---D | M] < FireFox Components [Program Folders] > -> browserdirprovider.dll -> C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll -> [2009/06/02 22:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) brwsrcmp.dll -> C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll -> [2009/06/02 22:00:59 | 00,134,648 | ---- | M] (Mozilla Foundation) < HOSTS File > (1692 bytes and 47 lines) -> C:\Windows\System32\drivers\etc\hosts -> First 25 entries... Reset Hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 11:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated) {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2009/05/21 20:12:52 | 00,312,928 | ---- | M] (RealPlayer) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 05:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/02/17 16:11:04 | 00,408,440 | ---- | M] (Microsoft Corporation) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\] > -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 16:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) "AdobeCS4ServiceManager" -> C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe ["C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin] -> [2008/08/14 06:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated) "Apoint" -> C:\Program Files\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> [2008/05/04 04:25:26 | 00,167,936 | ---- | M] (Alps Electric Co., Ltd.) "Broadcom Wireless Manager UI" -> C:\Windows\System32\WLTRAY.EXE [C:\Windows\system32\WLTRAY.exe] -> [2008/10/27 04:54:18 | 03,563,520 | ---- | M] (Dell Inc.) "Dell DataSafe Online" -> C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ["C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m] -> [2009/07/07 09:23:00 | 01,779,952 | ---- | M] () "dellsupportcenter" -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter] -> [2009/06/03 13:46:38 | 00,206,064 | ---- | M] (SupportSoft, Inc.) "HotKeysCmds" -> C:\Windows\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2008/03/06 02:58:10 | 00,166,424 | ---- | M] (Intel Corporation) "IAAnotif" -> C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe ["C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"] -> [2007/03/21 14:00:00 | 00,174,872 | ---- | M] (Intel Corporation) "IgfxTray" -> C:\Windows\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2008/03/06 02:58:24 | 00,141,848 | ---- | M] (Intel Corporation) "iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) "PCMService" -> C:\Program Files\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2007/12/21 11:58:06 | 00,184,320 | ---- | M] (CyberLink Corp.) "Persistence" -> C:\Windows\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2008/03/06 02:58:14 | 00,133,656 | ---- | M] (Intel Corporation) "QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) "TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2009/05/21 20:12:40 | 00,198,160 | ---- | M] (RealNetworks, Inc.) "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 21:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 21:32:56 | 01,233,920 | ---- | M] (Microsoft Corporation) "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 21:33:07 | 02,153,472 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 21:32:56 | 01,233,920 | ---- | M] (Microsoft Corporation) "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 21:33:07 | 02,153,472 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\] > -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AIM" -> C:\Program Files\AIM\aim.exe -cnetwait.odl [C:\Program Files\AIM\aim.exe -cnetwait.odl] -> File not found "Aim6" -> [] -> File not found "AntiMalware" -> C:\Program Files\AntiMalware\antimalware.exe ["C:\Program Files\AntiMalware\antimalware.exe" -noscan] -> File not found "msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> File not found "winhbt.exe" -> C:\Users\Kevin\AppData\Local\Temp\winhbt.exe [C:\Users\Kevin\AppData\Local\Temp\winhbt.exe] -> [2009/11/08 17:11:52 | 00,038,400 | ---- | M] () "WMPNSCFG" -> C:\Program Files\Windows Media Player\wmpnscfg.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2008/01/20 21:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation) "wow64main.exe" -> C:\Users\Kevin\AppData\Local\Temp\wow64main.exe [C:\Users\Kevin\AppData\Local\Temp\wow64main.exe] -> [2009/11/08 17:11:43 | 01,187,840 | ---- | M] () < Software Policy Settings [HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000] > -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\Software\Policies\Microsoft\Internet Explorer\Recovery \Recovery\\"NoReopenLastSession" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [2] -> File not found \\"ConsentPromptBehaviorUser" -> [1] -> File not found \\"EnableInstallerDetection" -> [1] -> File not found \\"EnableLUA" -> [0] -> File not found \\"EnableSecureUIAPaths" -> [1] -> File not found \\"EnableVirtualization" -> [1] -> File not found \\"PromptOnSecureDesktop" -> [1] -> File not found \\"ValidateAdminCodeSignatures" -> [0] -> File not found \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"scforceoption" -> [0] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"FilterAdministratorToken" -> [0] -> File not found \\"EnableUIADesktopToggle" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats \UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\] > -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/05/04 07:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 05:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 03:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation) {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> C:\Program Files\AIM\aim.exe [Button: AIM] -> File not found < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\] > -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\] > -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [Symantec AntiVirus scanner] -> {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab [DLM Control] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Symantec RuFSI Utility Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 209.18.47.61 209.18.47.62 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {4006D846-4B00-41F4-B0E6-F03944FDEC84}\\DhcpNameServer -> 209.18.47.61 209.18.47.62 (Dell Wireless 1395 WLAN Mini-Card) -> {D3993C9E-F3E0-42F6-BCE1-B512B6733E73}\\DhcpNameServer -> 172.168.1.161 (Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> C:\Windows\System32\igfxdev.dll -> [2008/03/06 02:58:12 | 00,200,704 | ---- | M] (Intel Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2009/11/08 14:18:39 | 00,654,128 | ---- | M] (BitTorrent, Inc.) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{49567e99-68c6-11de-9d23-0023ae1c3f7b} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49567e99-68c6-11de-9d23-0023ae1c3f7b}\shell\AutoRun\command \{49567e99-68c6-11de-9d23-0023ae1c3f7b}\shell\AutoRun\command\\"" -> F:\setupSNK.exe [F:\setupSNK.exe] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> File not found exefile [open] -> "%1" %* -> File not found [Registry - Additional Scans - Safe List] < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{00020D75-0000-0000-C000-000000000046}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\MLSHEXT.DLL [Microsoft Office Outlook Desktop Icon Handler] -> [2009/02/26 11:09:28 | 00,020,352 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{0006F045-0000-0000-C000-000000000046}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\OLKFSTUB.DLL [Microsoft Office Outlook Custom Icon Handler] -> [2009/03/11 17:01:24 | 00,253,808 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{00f20eb5-8fd6-4d9d-b75e-36801766c8f1}" [HKLM] -> C:\Program Files\Windows Photo Gallery\PhotoAcq.dll [PhotoAcqDropTarget] -> [2008/01/20 21:35:17 | 01,030,144 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}" [HKLM] -> [Microsoft.ScannersAndCameras] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{031EE060-67BC-460d-8847-E4A7C5E45A27}" [HKLM] -> [Windows Media Player Rich Preview Handler] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{0a4286ea-e355-44fb-8086-af3df7645bd9}" [HKLM] -> C:\Program Files\Windows Media Player\wmpband.dll [Windows Media Player] -> [2008/01/20 21:35:06 | 00,099,328 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}" [HKLM] -> Reg Error: Key error. [Contacts folder] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{11dbb47c-a525-400b-9e80-a54615a090c0}" [HKLM] -> C:\Windows\System32\ExplorerFrame.dll [Execute Folder] -> [2008/01/20 21:34:03 | 00,020,992 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{13D3C4B8-B179-4ebb-BF62-F704173E7448}" [HKLM] -> C:\Program Files\Common Files\System\wab32.dll [Windows Contact Preview Handler] -> [2008/01/20 21:33:46 | 00,707,584 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{16C2C29D-0E5F-45f3-A445-03E03F587B7D}" [HKLM] -> C:\Program Files\Common Files\System\wab32.dll [group_wab_auto_file] -> [2008/01/20 21:33:46 | 00,707,584 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{176d6597-26d3-11d1-b350-080036a75b03}" [HKLM] -> C:\Windows\System32\colorui.dll [ICM Scanner Management] -> [2008/01/20 21:34:20 | 00,686,592 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{1b24a030-9b20-49bc-97ac-1be4426f9e59}" [HKLM] -> Reg Error: Key error. [ActiveDirectory Folder] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{1FA9085F-25A2-489B-85D4-86326EEDCD87}" [HKLM] -> C:\Windows\System32\wlanpref.dll [Manage Wireless Networks] -> [2008/01/20 21:32:55 | 01,671,680 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Program Files\Common Files\System\Ole DB\oledb32.dll [Microsoft Data Link] -> [2008/01/20 21:34:51 | 00,688,128 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{2781761E-28E0-4109-99FE-B9D127C57AFE}" [HKLM] -> C:\Program Files\Windows Defender\MpOAV.dll [Windows Defender IOfficeAntiVirus implementation] -> [2008/01/20 21:33:00 | 00,090,680 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{289978AC-A101-4341-A817-21EBA7FD046D}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Conflict Folder] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{2C2577C2-63A7-40e3-9B7F-586602617ECB}" [HKLM] -> Reg Error: Key error. [Explorer Query Band] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{2E9E59C0-B437-4981-A647-9C34B9B90891}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Setup Folder] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Program Files\Windows Mail\wabfind.dll [For &People...] -> [2006/11/02 04:46:13 | 00,033,280 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{327669A0-59A7-4be9-B99E-1C9F3A57611A}" [HKLM] -> Reg Error: Key error. [Haali Matroska Thumbnail Exctractor] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{34449847-FD14-4fc8-A75A-7432F5181EFB}" [HKLM] -> Reg Error: Key error. [ActiveDirectory Folder] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{37efd44d-ef8d-41b1-940d-96973a50e9e0}" [HKLM] -> C:\Program Files\Windows Sidebar\sidebar.exe [Windows Sidebar Properties] -> [2008/01/20 21:32:56 | 01,233,920 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}" [HKLM] -> C:\Windows\System32\van.DLL [View Available Networks] -> [2008/01/20 21:33:53 | 00,257,024 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{3e7efb4c-faf1-453d-89eb-56026875ef90}" [HKLM] -> [Get Programs Online] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{3F30C968-480A-4C6C-862D-EFC0897BB84B}" [HKLM] -> C:\Windows\System32\PhotoMetadataHandler.dll [Photo Thumbnail Extractor] -> [2008/08/27 22:40:09 | 00,425,472 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{4026492f-2f69-46b8-b9bf-5654fc07e423}" [HKLM] -> C:\Windows\System32\FirewallControlPanel.exe [Windows Firewall] -> [2008/01/20 21:34:31 | 02,585,088 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" [HKLM] -> C:\Windows\System32\MediaMetadataHandler.dll [Video Media Properties Handler] -> [2008/01/20 21:35:08 | 00,356,864 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{42042206-2D85-11D3-8CFF-005004838597}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL [Microsoft Office HTML Icon Handler] -> [2008/10/25 05:18:56 | 00,061,816 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}" [HKLM] -> C:\Windows\System32\icsigd.dll [IGD Property Sheet Handler] -> [2006/11/02 04:46:05 | 00,195,584 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{4B534112-3AF6-4697-A77C-D62CE9B9E7CF}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Event Properties Extension] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}" [HKLM] -> C:\Windows\System32\gameux.dll [GameUX.RichGameMediaThumbnail] -> [2009/02/11 07:37:41 | 01,695,744 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{4F58F63F-244B-4c07-B29F-210BE59BE9B4}" [HKLM] -> C:\Program Files\Common Files\System\wab32.dll [.group shell extension handler] -> [2008/01/20 21:33:46 | 00,707,584 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" [HKLM] -> C:\Windows\System32\acppage.dll [Compatibility Property Page] -> [2006/11/02 04:46:02 | 00,038,912 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" [HKLM] -> C:\Windows\System32\control.exe [Control Panel command object for Start menu] -> [2006/11/02 04:44:59 | 00,211,968 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{53BEDF0B-4E5B-4183-8DC9-B844344FA104}" [HKLM] -> C:\Windows\System32\mssvp.dll [Microsoft Windows MAPI Preview Handler] -> [2009/02/11 07:46:07 | 00,670,208 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{576C9E85-1300-4EF5-BF6B-D00509F4EDCD}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Handler Properties Extension] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" [HKLM] -> C:\Windows\System32\colorui.dll [ICM Monitor Management] -> [2008/01/20 21:34:20 | 00,686,592 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{5E2121EE-0300-11D4-8D3B-444553540000}" [HKLM] -> Reg Error: Key error. [AntiMalware extension] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{5ea4f148-308c-46d7-98a9-49041b1dd468}" [HKLM] -> C:\Windows\System32\mblctr.exe [Mobility Center Control Panel] -> [2008/01/20 21:35:08 | 00,939,008 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{675F097E-4C4D-11D0-B6C1-0800091AA605}" [HKLM] -> C:\Windows\System32\colorui.dll [ICM Printer Management] -> [2008/01/20 21:34:20 | 00,686,592 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{67718415-c450-4f3c-bf8a-b487642dc39b}" [HKLM] -> C:\Windows\System32\OptionalFeatures.exe [Windows Features] -> [2008/01/20 21:33:11 | 00,097,280 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" [HKLM] -> C:\Windows\System32\shwebsvc.dll [Shell Publishing Wizard Object] -> [2008/01/20 21:33:14 | 00,425,472 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{6b9228da-9c15-419e-856c-19e768a13bdc}" [HKLM] -> C:\Program Files\Windows Sidebar\sbdrop.dll [Windows gadget DropTarget] -> [2006/11/02 07:34:31 | 00,066,048 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{71D99464-3B6B-475C-B241-E15883207529}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Results Folder] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{74246bfc-4c96-11d0-abef-0020af6b0b7a}" [HKLM] -> C:\Windows\System32\devmgr.dll [Device Manager] -> [2008/01/20 21:33:24 | 00,377,344 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{7A0F6AB7-ED84-46B6-B47E-02AA159A152B}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Simple Conflict Presenter] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{7A979262-40CE-46ff-AEEE-7884AC3B6136}" [HKLM] -> C:\Windows\System32\hdwwiz.exe [Add New Hardware] -> [2006/11/02 04:45:12 | 00,080,384 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{7A9D77BD-5403-11d2-8785-2E0420524153}" [HKLM] -> C:\Windows\System32\Netplwiz.exe [User Accounts] -> [2008/01/20 21:33:17 | 00,025,600 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{8082C5E6-4C27-48ec-A809-B8E1122E8F97}" [HKLM] -> C:\Program Files\Common Files\System\wab32.dll [.contact shell extension handler] -> [2008/01/20 21:33:46 | 00,707,584 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" [HKLM] -> C:\Windows\System32\MediaMetadataHandler.dll [Audio Media Properties Handler] -> [2008/01/20 21:35:08 | 00,356,864 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{877ca5ac-cb41-4842-9c69-9136e42d47e2}" [HKLM] -> C:\Windows\System32\sdshext.dll [File Backup Index] -> [2008/01/20 21:32:53 | 00,098,816 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{89D83576-6BD1-4c86-9454-BEB04E94C819}" [HKLM] -> C:\Windows\System32\mssvp.dll [MAPI Search Namespace Extension] -> [2009/02/11 07:46:07 | 00,670,208 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{8E25992B-373E-486E-80E5-BD23AE417E66}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Device Notification Sink] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{90b9bce2-b6db-4fd3-8451-35917ea1081b}" [HKLM] -> C:\Windows\System32\ExplorerFrame.dll [Search Execute Command] -> [2008/01/20 21:34:03 | 00,020,992 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{911051fa-c21c-4246-b470-070cd8df6dc4}" [HKLM] -> Reg Error: Key error. [.cab or .zip files] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{91ADC906-6722-4B05-A12B-471ADDCCE132}" [HKLM] -> C:\Windows\System32\TouchX.dll [Touch Band] -> [2006/11/02 07:34:40 | 02,073,600 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{92337A8C-E11D-11D0-BE48-00C04FC30DF6}" [HKLM] -> C:\Windows\System32\oleprn.dll [OlePrn.PrinterURL] -> [2008/01/20 21:33:55 | 00,096,768 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" [HKLM] -> C:\Program Files\Common Files\microsoft shared\OFFICE12\msoshext.dll [Microsoft Office Metadata Handler] -> [2008/11/20 23:02:30 | 00,988,040 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Folder] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{9D687A4C-1404-41ef-A089-883B6FBECDE6}" [HKLM] -> [Windows Photo Gallery Viewer Autoplay Handler] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{a304259d-52b8-4526-8b1a-a1d6cecc8243}" [HKLM] -> C:\Windows\System32\iscsicpl.exe [iSCSI Initiator] -> [2006/11/02 04:45:17 | 00,120,320 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{a38b883c-1682-497e-97b0-0a3a9e801682}" [HKLM] -> C:\Windows\System32\PhotoMetadataHandler.dll [IPropertyStore Handler for Images] -> [2008/08/27 22:40:09 | 00,425,472 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{add36aa8-751a-4579-a266-d66f5202ccbb}" [HKLM] -> C:\Windows\System32\shwebsvc.dll [Print Ordering via the Web] -> [2008/01/20 21:33:14 | 00,425,472 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{b2c761c6-29bc-4f19-9251-e6195265baf1}" [HKLM] -> C:\Windows\System32\colorcpl.exe [Color Control Panel Applet] -> [2006/11/02 04:44:59 | 00,084,992 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{B32D3949-ED98-4DBB-B347-17A144969BBA}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Item Properties Extension] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [2009/07/10 12:27:20 | 00,141,312 | ---- | M] () < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" [HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> [2009/09/21 15:36:12 | 00,124,192 | ---- | M] (Apple Inc.) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{BC48B32F-5910-47F5-8570-5074A8A5636A}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Results Delegate Folder] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{BC65FB43-1958-4349-971A-210290480130}" [HKLM] -> C:\Windows\System32\NcdProp.dll [Network Explorer Property Sheet Handler] -> [2008/01/20 21:33:17 | 00,019,968 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}" [HKLM] -> C:\Windows\System32\mssvp.dll [Client Side Cache Namespace Extension] -> [2009/02/11 07:46:07 | 00,670,208 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" [HKLM] -> C:\Program Files\Common Files\microsoft shared\Web Folders\MSONSEXT.DLL [Web Folders] -> [2005/09/20 12:33:08 | 01,293,008 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" [HKLM] -> C:\Program Files\Common Files\microsoft shared\OFFICE12\msoshext.dll [Microsoft Office Thumbnail Handler] -> [2008/11/20 23:02:30 | 00,988,040 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{c5a40261-cd64-4ccf-84cb-c394da41d590}" [HKLM] -> C:\Windows\System32\MediaMetadataHandler.dll [Video Thumbnail Extractor] -> [2008/01/20 21:35:08 | 00,356,864 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{C7657C4A-9F68-40fa-A4DF-96BC08EB3551}" [HKLM] -> C:\Windows\System32\PhotoMetadataHandler.dll [Photo Thumbnail Provider] -> [2008/08/27 22:40:09 | 00,425,472 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{C8494E42-ACDD-4739-B0FB-217361E4894F}" [HKLM] -> Reg Error: Key error. [Sam Account Folder] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1}" [HKLM] -> C:\Windows\System32\oobefldr.dll [Welcome Center] -> [2008/01/20 21:33:07 | 02,153,472 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" [HKLM] -> C:\Windows\System32\shwebsvc.dll [Web Publishing Wizard] -> [2008/01/20 21:33:14 | 00,425,472 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{CF67796C-F57F-45F8-92FB-AD698826C602}" [HKLM] -> C:\Program Files\Common Files\System\wab32.dll [contact_wab_auto_file] -> [2008/01/20 21:33:46 | 00,707,584 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{d3e34b21-9d75-101a-8c3d-00aa001a1652}" [HKLM] -> C:\Windows\System32\mspaint.exe [Bitmap Image] -> [2008/01/20 21:34:45 | 00,485,376 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{d8559eb9-20c0-410e-beda-7ed416aecc2a}" [HKLM] -> C:\Program Files\Windows Defender\MSASCui.exe [Windows Defender] -> [2008/01/20 21:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{da67b8ad-e81b-4c70-9b91b417b5e33527}" [HKLM] -> Reg Error: Key error. [Windows Search Shell Service] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" [HKLM] -> C:\Windows\System32\colorui.dll [ICC Profile] -> [2008/01/20 21:34:20 | 00,686,592 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{E29F9716-5C08-4FCD-955A-119FDB5A522D}" [HKLM] -> Reg Error: Key error. [Sam Account Folder] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{E413D040-6788-4C22-957E-175D1C513A34}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Conflict Delegate Folder] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{E44E5D18-0652-4508-A4E2-8A090067BCB0}" [HKLM] -> C:\Windows\System32\control.exe [Default Programs command object for Start menu] -> [2006/11/02 04:44:59 | 00,211,968 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{E598560B-28D5-46aa-A14A-8A3BEA34B576}" [HKLM] -> C:\Program Files\Windows Photo Gallery\PhotoViewer.dll [Windows Photo Gallery Viewer Video Verbs] -> [2008/01/20 21:35:18 | 02,314,240 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60}" [HKLM] -> C:\Windows\System32\gameux.dll [RichGameMediaPropertyStore Class] -> [2009/02/11 07:37:41 | 01,695,744 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}" [HKLM] -> C:\Windows\System32\gameux.dll [Games Folder] -> [2009/02/11 07:37:41 | 01,695,744 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}" [HKLM] -> C:\Windows\System32\networkexplorer.dll [Computers and Devices] -> [2008/01/20 21:33:45 | 02,226,688 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{F04CC277-03A2-4277-96A9-77967471BDFF}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Center Conflict Properties Extension] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" [HKLM] -> C:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> [2009/05/21 20:12:48 | 00,063,016 | ---- | M] (RealNetworks, Inc.) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C}" [HKLM] -> C:\Windows\System32\SyncCenter.dll [Sync Setup Delegate Folder] -> [2008/01/20 21:32:58 | 02,204,672 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" [HKLM] -> Reg Error: Key error. [IE User Assist] -> File not found < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{fcfeecae-ee1b-4849-ae50-685dcf7717ec}" [HKLM] -> C:\Windows\System32\wercon.exe [Problem Reports and Solutions] -> [2008/01/20 21:33:26 | 01,143,296 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}" [HKLM] -> C:\Program Files\Windows Photo Gallery\PhotoViewer.dll [Windows Photo Gallery Viewer Image Verbs] -> [2008/01/20 21:35:18 | 02,314,240 | ---- | M] (Microsoft Corporation) < Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.divxa32" -> C:\Windows\System32\divxa32.acm [divxa32.acm] -> [2007/06/08 14:39:44 | 00,287,744 | ---- | M] (Kristal StudioDFileDescription) "msacm.l3acm" -> C:\Windows\System32\l3codeca.acm [C:\Windows\System32\l3codeca.acm] -> [2008/01/20 21:35:08 | 00,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "msacm.sl_anet" -> C:\Windows\System32\sl_anet.acm [sl_anet.acm] -> [2004/09/08 13:03:48 | 00,086,016 | ---- | M] (Sipro Lab Telecom Inc.) "vidc.cvid" -> C:\Windows\System32\iccvid.dll [iccvid.dll] -> [2006/11/02 07:33:57 | 00,081,920 | ---- | M] (Radius Inc.) "vidc.DIVX" -> C:\Windows\System32\DivX.dll [DivX.dll] -> [2009/04/15 15:24:38 | 00,684,032 | ---- | M] (DivX, Inc.) "vidc.yv12" -> C:\Windows\System32\DivX.dll [DivX.dll] -> [2009/04/15 15:24:38 | 00,684,032 | ---- | M] (DivX, Inc.) < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> "%1" %* -> .chm [@ = chm.file] -> "%SystemRoot%\hh.exe" %1 -> .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = comfile] -> "%1" %* -> .cpl [@ = cplfile] -> C:\Windows\System32\control.exe -> [2006/11/02 04:44:59 | 00,211,968 | ---- | M] (Microsoft Corporation) .exe [@ = exefile] -> "%1" %* -> .hlp [@ = hlpfile] -> C:\Windows\winhlp32.exe -> [2006/11/02 04:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation) .html [@ = htmlfile] -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/08/27 00:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) .pif [@ = piffile] -> "%1" %* -> .scr [@ = scrfile] -> "%1" /S -> < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> FastUserSwitchingCompatibility -> [] -> Ias -> [] -> Irmon -> [] -> Nla -> [] -> Ntmssvc -> [] -> NWCWorkstation -> [] -> Nwsapagent -> [] -> SRService -> [] -> Wmi -> [] -> WmdmPmSp -> [] -> LogonHours -> [] -> PCAudit -> [] -> helpsvc -> [] -> uploadmgr -> [] -> *MultiFile Done* -> -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> File not found chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> File not found cmdfile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> File not found cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2006/11/02 04:44:59 | 00,211,968 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> File not found helpfile [open] -> Reg Error: Key error. hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 04:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation) htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 09:50:30 | 00,068,472 | ---- | M] (Microsoft Corporation) htmlfile [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome -> [2009/08/27 00:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) htmlfile [opennew] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 -> [2009/08/27 00:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) htmlfile [print] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 09:50:30 | 00,068,472 | ---- | M] (Microsoft Corporation) http [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome -> [2009/08/27 00:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) https [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome -> [2009/08/27 00:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2008/01/20 21:34:19 | 00,011,776 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> File not found regfile [merge] -> Reg Error: Key error. scrfile [config] -> "%1" -> File not found scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/01/20 21:33:21 | 00,368,640 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> File not found txtfile [edit] -> Reg Error: Key error. Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/20 21:33:22 | 00,318,976 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 -> [2009/08/27 00:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" -> [2009/08/27 00:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} -> Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 {00ADFB20-AE75-46F4-AD2C-F48B15AC3100} -> Adobe Color NA Recommended Settings CS4 {05308C4E-7285-4066-BAE3-6B50DA6ED755} -> Adobe Update Manager CS4 {054EFA56-2AC1-48F4-A883-0AB89874B972} -> Adobe Extension Manager CS4 {07287123-B8AC-41CE-8346-3D777245C35B} -> Bonjour {08E81ABD-79F7-49C2-881F-FD6CB0975693} -> Roxio Creator Data {09760D42-E223-42AD-8C3E-55B47D0DDAC3} -> Roxio Creator DE {098727E1-775A-4450-B573-3F441F1CA243} -> kuler {0C34B801-6AEC-4667-B053-03A67E2D0415} -> Apple Application Support {0D6013AB-A0C7-41DC-973C-E93129C9A29F} -> Adobe Color JA Extra Settings CS4 {0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23} -> Adobe Setup {0F723FC1-7606-4867-866C-CE80AD292DAF} -> Adobe CSI CS4 {10B39DCD-0325-49FE-BFBC-8EC011CB7CA8} -> ACID Pro 7.0 {13766F76-6C8C-4E57-A9F3-3212D1C6E0D1} -> Dell DataSafe Online {13F3917B56CD4C25848BDC69916971BB} -> DivX Converter {15BC8CD0-A65B-47D0-A2DD-90A824590FA8} -> Microsoft Works {1618734A-3957-4ADD-8199-F973763109A8} -> Adobe Anchor Service CS4 {16E16F01-2E2D-4248-A42F-76261C147B6C} -> Adobe Drive CS4 {16E6D2C1-7C90-4309-8EC4-D2212690AAA4} -> AdobeColorCommonSetRGB {18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate {1F54DAFA-9261-4A62-B59D-6C9F26B48FE4} -> Roxio Creator Tools {205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool {287ECFA4-719A-2143-A09B-D6A12DE54E40} -> Acrobat.com {294EAADF-E50F-4DD8-AD8D-19587EA10512} -> Modem Diagnostic Tool {2FFE93F0-BB72-4E52-8761-354D1AAA9387} -> Sony Ericsson PC Suite 4.010.00 {30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Roxio Update Manager {3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7 {35D94F92-1D3A-43C5-8605-EA268B1A7BD9} -> PDF Settings CS4 {39F6E2B4-CFE8-C30A-66E8-489651F0F34C} -> Adobe Media Player {3A4E8896-C2E7-4084-A4A4-B8FD1894E739} -> Adobe XMP Panels CS4 {3D2C9DE6-9ADE-4252-A241-E43723B0CE02} -> Adobe Color - Photoshop Specific CS4 {3D8F9830-D6A3-413A-9A54-993827A73E47} -> DELL0604 {3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} -> Adobe WinSoft Linguistics Plugin {3FC7CBBC4C1E11DCA1A752EA55D89593} -> DivX Version Checker {42D68A86-DB1C-4256-B8C9-5D0D92919AF5} -> Banctec Service Agreement {4943EFF5-229F-435D-BEA9-BE3CAEA783A7} -> Adobe Service Manager Extension {4B6AD248-D3BF-426A-8D64-847288154F13} -> QuickSet {5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} -> Adobe Color EU Extra Settings CS4 {63C24A08-70F3-4C8E-B9FB-9F21A903801D} -> Adobe Color Video Profiles CS CS4 {63E5CDBF-8214-4F03-84F8-CD3CE48639AD} -> Adobe Photoshop CS4 Support {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} -> Roxio Express Labeler 3 {669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E} -> Cisco PEAP Module {67F0E67A-8E93-4C2C-B29D-47C48262738A} -> Adobe Device Central CS4 {68243FF8-83CA-466B-B2B8-9F99DA5479C4} -> AdobeColorCommonSetCMYK {6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} -> Windows Media Player Firefox Plugin {6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22} -> EDocs {6D3963B0-E13B-4FC3-B0FF-506A304BB043} -> Cisco EAP-FAST Module {7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable {73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83} -> Roxio Creator Audio {767CC44C-9BBC-438D-BAD3-FD4595DD148B} -> VC80CRTRedist - 8.0.50727.762 {76E41F43-59D2-4F30-BA42-9A762EE1E8DE} -> Avanquest update {770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 {7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec {7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045} -> Dell Getting Started Guide {820D3F45-F6EE-4AAF-81EF-CE21FF21D230} -> Adobe Type Support CS4 {83770D14-21B9-44B3-8689-F7B523F94560} -> Cisco LEAP Module {83877DB1-8B77-45BC-AB43-2BAC22E093E0} -> Adobe Bridge CS4 {842B4B72-9E8F-4962-B3C1-1C422A5C4434} -> Suite Shared Configuration CS4 {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight {8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player {90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 {90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007 {90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007 {90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007 {90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007 {90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007 {90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007 {90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007 {90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) {90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007 {90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) {90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007 {90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) {90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system {90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007 {90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007 {90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007 {90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007 {90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} -> Intel(R) Matrix Storage Manager {91120000-0014-0000-0000-0000000FF1CE} -> Microsoft Office Professional 2007 {91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2) {91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581) {931AB7EA-3656-4BB7-864D-022B09E3DD67} -> Adobe Linguistics CS4 {9422C8EA-B0C6-4197-B8FC-DC797658CA00} -> Windows Live Sign-in Assistant {94D398EB-D2FD-4FD1-B8C4-592635E8A191} -> Adobe CMaps CS4 {95120000-00AF-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (English) {95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting {9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 {9BDEF074-020E-458D-ADC5-8FF68E0C9B56} -> OutlookAddinSetup {9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745} -> MediaDirect {9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} -> Dell Touchpad {A2BCA9F1-566C-4805-97D1-7FDC93386723} -> Adobe AIR {A429C2AE-EBF1-4F81-A221-1C115CAADDAD} -> QuickTime {AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} -> Apple Mobile Device Support {AC76BA86-7AD7-1033-7B44-A91000000001} -> Adobe Reader 9.1.3 {AC76BA86-7AD7-5464-3428-900000000004} -> Spelling Dictionaries Support For Adobe Reader 9 {B13A7C41581B411290FBC0395694E2A9} -> DivX Converter {B29AD377-CC12-490A-A480-1452337C618D} -> Connect {B5695705-9A0B-4FBA-84AD-5F44F3596082} -> Jing {B65BA85C-0A27-4BC0-A22D-A66F0E5B9494} -> Adobe Photoshop CS4 {B6A26DE5-F2B5-4D58-9570-4FC760E00FCD} -> Roxio Creator Copy {B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player {BB4E33EC-8181-4685-96F7-8554293DEC6A} -> Adobe Output Module {C4124E95-5061-4776-8D5D-E3D931C778E1} -> Microsoft VC9 runtime libraries {C52E3EC1-048C-45E1-8D53-10B0C6509683} -> Adobe Default Language CS4 {CC75AB5C-2110-4A7F-AF52-708680D22FE8} -> Photoshop Camera Raw {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1 {D103C4BA-F905-437A-8049-DB24763BBE36} -> Skype™ 4.1 {DA34FE93-5DC5-48E0-ACC8-A5389E05BB51} -> iTunes {DC785DB7-D389-48C3-B146-96FE99BF4E2B} -> Vegas Pro 9.0 {E3BFEE55-39E2-4BE0-B966-89FE583822C1} -> Dell Support Center (Support Software) {E4848436-0345-47E2-B648-8B522FCDA623} -> Adobe Photoshop CS4 {E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect {ECA1A3B6-898F-4DCE-9F04-714CF3BA126B} -> Adobe Flash Player 10 Plugin {ED439A64-F018-4DD4-8BA5-328D85AB09AB} -> Roxio Creator DE {F0E64E2E-3A60-40D8-A55D-92F6831875DA} -> Adobe Search for Help {F6CB42B9-F033-4152-8813-FF11DA8E6A78} -> Dell Dock {F8EF2B3F-C345-4F20-8FE4-791A20333CD5} -> Adobe ExtendScript Toolkit CS4 {F93C84A6-0DC6-42AF-89FA-776F7C377353} -> Adobe PDF Library Files CS4 {F9FD80CE-0448-4D4F-8BCD-77FC514C3F99} -> Vista Codec Package {FA54AFB1-5745-4389-B8C1-9F7509672ED1} -> iPhone Configuration Utility {FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} -> Adobe Fonts All {FDD810CA-D5E3-40E9-AB7B-36440B0D41EF} -> Windows Live Sync Adobe AIR -> Adobe AIR Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX Adobe Shockwave Player -> Adobe Shockwave Player Adobe_faf656ef605427ee2f42989c3ad31b8 -> Adobe Photoshop CS4 AIM_6 -> AIM 6 BitTorrent -> BitTorrent Broadcom 802.11b Network Adapter -> Dell Wireless WLAN Card Utility CCleaner -> CCleaner CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F -> Conexant HDA D330 MDC V.92 Modem com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Adobe Media Player FLV Player -> FLV Player 2.0 (build 25) LimeWire -> LimeWire 5.3.6 Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1 Move Networks Player - IE -> Move Networks Media Player for Internet Explorer Mozilla Firefox (3.0.11) -> Mozilla Firefox (3.0.11) PROR -> Microsoft Office Professional 2007 RealPlayer 6.0 -> RealPlayer Videora iPod touch Converter -> Videora iPod touch Converter 4.07 ViewpointMediaPlayer -> Viewpoint Media Player WinRAR archiver -> WinRAR archiver winscp3_is1 -> WinSCP 4.1.8 YouTube Downloader App -> YouTube Downloader App 1.02 < Uninstall List [HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\] > -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 10/26/2009 8:50:52 PM Computer Name = Kevin-PC | Source = Application Hang | ID = 1002 -> Description = The program iexplore.exe version 8.0.6001.18828 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 2740 Start Time: 01ca569020d78110 Termination Time: 23 Application [ Error ] 10/26/2009 8:52:07 PM Computer Name = Kevin-PC | Source = Application Hang | ID = 1002 -> Description = The program iexplore.exe version 8.0.6001.18828 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 2168 Start Time: 01ca569f902acf90 Termination Time: 98 Application [ Error ] 10/26/2009 8:55:16 PM Computer Name = Kevin-PC | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp 0x4a9600c9, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3, exception code 0xc0000005, fault offset 0x0012adb7, process id 0x22dc, application start time 0x01ca569fb53e3c40. Application [ Error ] 10/27/2009 6:20:19 AM Computer Name = Kevin-PC | Source = WinMgmt | ID = 10 -> Description = Application [ Error ] 10/27/2009 6:21:02 AM Computer Name = Kevin-PC | Source = Swapdrive Backup | ID = 0 -> Description = Swapdrive Backup: Web Service Error: System.ArgumentOutOfRangeException: startIndex cannot be larger than length of string. Parameter name: startIndex at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy) at Swapdrive.Shared.BackupUtils.Reverse(String strParam) at Swapdrive.Shared.BackupUtils.TacoEncode(String str) at Swapdrive.Shared.ActivationWsvcs.GetInfo() Application [ Error ] 10/27/2009 6:00:00 PM Computer Name = Kevin-PC | Source = WinMgmt | ID = 10 -> Description = Application [ Error ] 10/27/2009 6:00:13 PM Computer Name = Kevin-PC | Source = Swapdrive Backup | ID = 0 -> Description = Swapdrive Backup: Web Service Error: System.ArgumentOutOfRangeException: startIndex cannot be larger than length of string. Parameter name: startIndex at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy) at Swapdrive.Shared.BackupUtils.Reverse(String strParam) at Swapdrive.Shared.BackupUtils.TacoEncode(String str) at Swapdrive.Shared.ActivationWsvcs.GetInfo() Application [ Error ] 10/27/2009 6:50:39 PM Computer Name = Kevin-PC | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp 0x4a9600c9, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3, exception code 0xc0000005, fault offset 0x0012adb7, process id 0x1320, application start time 0x01ca5755dd4ca705. Application [ Error ] 10/27/2009 10:20:31 PM Computer Name = Kevin-PC | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp 0x4a9600c9, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3, exception code 0xc0000005, fault offset 0x0012adb7, process id 0x28c, application start time 0x01ca5772dbddf5a5. Application [ Error ] 10/27/2009 10:25:46 PM Computer Name = Kevin-PC | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp 0x4a9600c9, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3, exception code 0xc0000005, fault offset 0x0012adb7, process id 0x1374, application start time 0x01ca577261f43e25. Broadcom Wireless LAN [ Error ] 7/27/2009 10:18:35 PM Computer Name = Kevin-PC | Source = WLAN-Tray | ID = 0 -> Description = 22:18:35, Mon, Jul 27, 09 Error - User "" does not have administrative privileges on this system Broadcom Wireless LAN [ Error ] 7/27/2009 10:18:35 PM Computer Name = Kevin-PC | Source = WLAN-Tray | ID = 0 -> Description = 22:18:35, Mon, Jul 27, 09 Error - User "" does not have administrative privileges on this system Broadcom Wireless LAN [ Error ] 7/28/2009 10:20:42 PM Computer Name = Kevin-PC | Source = WLAN-Tray | ID = 0 -> Description = 22:20:42, Tue, Jul 28, 09 Error - User "" does not have administrative privileges on this system Broadcom Wireless LAN [ Error ] 7/28/2009 10:20:42 PM Computer Name = Kevin-PC | Source = WLAN-Tray | ID = 0 -> Description = 22:20:42, Tue, Jul 28, 09 Error - User "" does not have administrative privileges on this system Broadcom Wireless LAN [ Error ] 7/29/2009 10:20:37 PM Computer Name = Kevin-PC | Source = WLAN-Tray | ID = 0 -> Description = 22:20:37, Wed, Jul 29, 09 Error - User "" does not have administrative privileges on this system Broadcom Wireless LAN [ Error ] 7/29/2009 10:20:37 PM Computer Name = Kevin-PC | Source = WLAN-Tray | ID = 0 -> Description = 22:20:37, Wed, Jul 29, 09 Error - User "" does not have administrative privileges on this system Broadcom Wireless LAN [ Error ] 8/1/2009 1:24:57 PM Computer Name = Kevin-PC | Source = WLAN-Tray | ID = 0 -> Description = 13:24:57, Sat, Aug 01, 09 Error - User "" does not have administrative privileges on this system Broadcom Wireless LAN [ Error ] 8/1/2009 1:24:57 PM Computer Name = Kevin-PC | Source = WLAN-Tray | ID = 0 -> Description = 13:24:57, Sat, Aug 01, 09 Error - User "" does not have administrative privileges on this system Broadcom Wireless LAN [ Error ] 8/1/2009 1:32:33 PM Computer Name = Kevin-PC | Source = WLAN-Tray | ID = 0 -> Description = 13:32:33, Sat, Aug 01, 09 Error - User "" does not have administrative privileges on this system Broadcom Wireless LAN [ Error ] 8/1/2009 1:32:33 PM Computer Name = Kevin-PC | Source = WLAN-Tray | ID = 0 -> Description = 13:32:33, Sat, Aug 01, 09 Error - User "" does not have administrative privileges on this system System [ Error ] 6/6/2009 6:46:14 AM Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000 -> Description = System [ Error ] 6/6/2009 6:49:37 AM Computer Name = Kevin-PC | Source = BROWSER | ID = 8032 -> Description = System [ Error ] 6/6/2009 2:04:40 PM Computer Name = Kevin-PC | Source = HTTP | ID = 15016 -> Description = System [ Error ] 6/6/2009 2:04:50 PM Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000 -> Description = System [ Error ] 6/6/2009 2:08:06 PM Computer Name = Kevin-PC | Source = BROWSER | ID = 8032 -> Description = System [ Error ] 6/7/2009 9:57:23 AM Computer Name = Kevin-PC | Source = BROWSER | ID = 8032 -> Description = System [ Error ] 6/8/2009 3:30:33 PM Computer Name = Kevin-PC | Source = HTTP | ID = 15016 -> Description = System [ Error ] 6/8/2009 3:30:49 PM Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000 -> Description = System [ Error ] 6/8/2009 3:34:29 PM Computer Name = Kevin-PC | Source = BROWSER | ID = 8032 -> Description = System [ Error ] 6/8/2009 5:10:21 PM Computer Name = Kevin-PC | Source = bowser | ID = 8003 -> Description = [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Kevin\Desktop\OTS.exe -> [2009/11/09 17:36:05 | 00,525,312 | ---- | C] (OldTimer Tools) C:\Program Files\CCleaner -> C:\Program Files\CCleaner -> [2009/11/08 20:53:20 | 00,000,000 | ---D | C] C:\Program Files\AntiMalware -> C:\Program Files\AntiMalware -> [2009/11/08 18:34:15 | 00,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/11/08 18:23:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/11/08 18:23:37 | 00,019,160 | ---- | C] (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/11/08 18:23:37 | 00,000,000 | ---D | C] mshtml.dll -> C:\Windows\System32\mshtml.dll -> [2009/11/04 17:52:28 | 05,939,712 | ---- | C] (Microsoft Corporation) mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2009/11/04 17:52:27 | 01,638,912 | ---- | C] (Microsoft Corporation) wmp.dll -> C:\Windows\System32\wmp.dll -> [2009/10/27 17:05:43 | 10,626,048 | ---- | C] (Microsoft Corporation) unregmp2.exe -> C:\Windows\System32\unregmp2.exe -> [2009/10/27 17:05:42 | 00,310,784 | ---- | C] (Microsoft Corporation) wmploc.DLL -> C:\Windows\System32\wmploc.DLL -> [2009/10/27 17:05:41 | 08,147,456 | ---- | C] (Microsoft Corporation) C:\Users\Kevin\AppData\Local\AIM -> C:\Users\Kevin\AppData\Local\AIM -> [2009/10/14 19:54:22 | 00,000,000 | ---D | C] Config.Msi -> C:\Config.Msi -> [2009/10/14 17:27:49 | 00,000,000 | -HSD | C] C:\Program Files\iPod -> C:\Program Files\iPod -> [2009/10/14 05:35:35 | 00,000,000 | ---D | C] msv1_0.dll -> C:\Windows\System32\msv1_0.dll -> [2009/10/14 01:09:42 | 00,213,504 | ---- | C] (Microsoft Corporation) ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2009/10/14 01:09:39 | 03,599,960 | ---- | C] (Microsoft Corporation) ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2009/10/14 01:09:39 | 03,547,736 | ---- | C] (Microsoft Corporation) ieframe.dll -> C:\Windows\System32\ieframe.dll -> [2009/10/14 01:09:04 | 11,069,440 | ---- | C] (Microsoft Corporation) iertutil.dll -> C:\Windows\System32\iertutil.dll -> [2009/10/14 01:09:03 | 01,985,536 | ---- | C] (Microsoft Corporation) inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2009/10/14 01:09:03 | 01,469,440 | ---- | C] (Microsoft Corporation) urlmon.dll -> C:\Windows\System32\urlmon.dll -> [2009/10/14 01:09:03 | 01,208,832 | ---- | C] (Microsoft Corporation) wininet.dll -> C:\Windows\System32\wininet.dll -> [2009/10/14 01:09:03 | 00,916,480 | ---- | C] (Microsoft Corporation) msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2009/10/14 01:09:03 | 00,594,432 | ---- | C] (Microsoft Corporation) iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2009/10/14 01:09:03 | 00,387,584 | ---- | C] (Microsoft Corporation) occache.dll -> C:\Windows\System32\occache.dll -> [2009/10/14 01:09:03 | 00,206,848 | ---- | C] (Microsoft Corporation) iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2009/10/14 01:09:02 | 00,184,320 | ---- | C] (Microsoft Corporation) ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2009/10/14 01:09:02 | 00,173,056 | ---- | C] (Microsoft Corporation) ieui.dll -> C:\Windows\System32\ieui.dll -> [2009/10/14 01:09:02 | 00,164,352 | ---- | C] (Microsoft Corporation) ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2009/10/14 01:09:02 | 00,133,632 | ---- | C] (Microsoft Corporation) iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2009/10/14 01:09:02 | 00,109,056 | ---- | C] (Microsoft Corporation) iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2009/10/14 01:09:02 | 00,071,680 | ---- | C] (Microsoft Corporation) iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2009/10/14 01:09:02 | 00,055,808 | ---- | C] (Microsoft Corporation) msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2009/10/14 01:09:02 | 00,055,296 | ---- | C] (Microsoft Corporation) jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2009/10/14 01:09:02 | 00,025,600 | ---- | C] (Microsoft Corporation) msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2009/10/14 01:09:02 | 00,013,312 | ---- | C] (Microsoft Corporation) msasn1.dll -> C:\Windows\System32\msasn1.dll -> [2009/10/14 01:08:10 | 00,061,440 | ---- | C] (Microsoft Corporation) srv2.sys -> C:\Windows\System32\drivers\srv2.sys -> [2009/10/14 01:08:08 | 00,144,896 | ---- | C] (Microsoft Corporation) WMSPDMOD.DLL -> C:\Windows\System32\WMSPDMOD.DLL -> [2009/10/14 01:06:41 | 00,604,672 | ---- | C] (Microsoft Corporation) C:\Users\Kevin\AppData\Local\Yahoo! -> C:\Users\Kevin\AppData\Local\Yahoo! -> [2009/10/11 21:19:05 | 00,000,000 | ---D | C] C:\Users\Kevin\AppData\Roaming\skypePM -> C:\Users\Kevin\AppData\Roaming\skypePM -> [2009/10/11 18:17:55 | 00,000,000 | ---D | C] C:\Users\Kevin\AppData\Roaming\Skype -> C:\Users\Kevin\AppData\Roaming\Skype -> [2009/10/11 18:16:03 | 00,000,000 | ---D | C] C:\Program Files\Common Files\Skype -> C:\Program Files\Common Files\Skype -> [2009/10/11 18:12:40 | 00,000,000 | ---D | C] C:\Program Files\Skype -> C:\Program Files\Skype -> [2009/10/11 18:12:38 | 00,000,000 | R--D | C] Skype -> C:\ProgramData\Skype -> [2009/10/11 18:12:34 | 00,000,000 | ---D | C] C:\ProgramData\Skype -> C:\ProgramData\Skype -> [2009/10/11 18:12:34 | 00,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] ntuser.dat -> C:\Users\Kevin\ntuser.dat -> [2009/11/09 17:38:16 | 04,456,448 | -HS- | M] () User_Feed_Synchronization-{21AB535A-570C-4477-9AD4-EAFA22BEDC8C}.job -> C:\Windows\tasks\User_Feed_Synchronization-{21AB535A-570C-4477-9AD4-EAFA22BEDC8C}.job -> [2009/11/09 17:38:05 | 00,000,418 | -H-- | M] () OTS.exe -> C:\Users\Kevin\Desktop\OTS.exe -> [2009/11/09 17:36:16 | 00,525,312 | ---- | M] (OldTimer Tools) wininit.dll -> C:\Windows\System32\wininit.dll -> [2009/11/09 17:34:46 | 00,000,826 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/09 17:32:11 | 00,003,616 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/09 17:32:11 | 00,003,616 | -H-- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/11/09 17:32:08 | 00,000,006 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2009/11/09 17:32:04 | 00,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2009/11/09 17:32:02 | 32,107,84768 | -HS- | M] () NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Kevin\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms -> [2009/11/09 06:20:45 | 00,524,288 | -HS- | M] () NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf -> C:\Users\Kevin\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf -> [2009/11/09 06:20:45 | 00,065,536 | -HS- | M] () IconCache.db -> C:\Users\Kevin\AppData\Local\IconCache.db -> [2009/11/09 06:20:42 | 03,384,266 | -H-- | M] () d3d9caps.dat -> C:\Users\Kevin\AppData\Local\d3d9caps.dat -> [2009/11/09 06:18:43 | 00,005,972 | ---- | M] () Microsoft Office Word 2007.lnk -> C:\Users\Kevin\Desktop\Microsoft Office Word 2007.lnk -> [2009/11/08 21:19:40 | 00,002,627 | ---- | M] () PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/11/08 20:54:35 | 00,694,964 | ---- | M] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/11/08 20:54:35 | 00,598,588 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/11/08 20:54:35 | 00,102,194 | ---- | M] () CCleaner.lnk -> C:\Users\Kevin\Desktop\CCleaner.lnk -> [2009/11/08 20:53:20 | 00,001,672 | ---- | M] () Microsoft Office PowerPoint 2007.lnk -> C:\Users\Kevin\Desktop\Microsoft Office PowerPoint 2007.lnk -> [2009/11/08 13:54:51 | 00,002,595 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/11/06 18:00:50 | 00,074,752 | ---- | M] () Our_Hot_Parents_-_Family_Incest,_Blowjob,_Mature,_Teen.wmv -> C:\Users\Kevin\Documents\Our_Hot_Parents_-_Family_Incest,_Blowjob,_Mature,_Teen.wmv -> [2009/11/03 22:32:25 | 56,448,618 | ---- | M] () Microsoft Works Calendar.lnk -> C:\Users\Kevin\Desktop\Microsoft Works Calendar.lnk -> [2009/11/02 21:31:28 | 00,002,421 | ---- | M] () MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) Marketing Plan.ppt -> C:\Users\Kevin\Documents\Marketing Plan.ppt -> [2009/10/25 10:41:31 | 00,501,760 | ---- | M] () LimeWire 5.3.6.lnk -> C:\Users\Kevin\Desktop\LimeWire 5.3.6.lnk -> [2009/10/25 08:48:04 | 00,001,702 | ---- | M] () Presentation1.pptx -> C:\Users\Kevin\Documents\Presentation1.pptx -> [2009/10/23 20:57:51 | 00,787,468 | ---- | M] () Coach.doc -> C:\Users\Kevin\Documents\Coach.doc -> [2009/10/23 18:26:49 | 00,026,624 | ---- | M] () mshtml.dll -> C:\Windows\System32\mshtml.dll -> [2009/10/21 05:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2009/10/21 03:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) WkCalRem.LNK -> C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WkCalRem.LNK -> [2009/10/18 19:21:48 | 00,000,851 | ---- | M] () iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2009/10/14 05:36:41 | 00,001,804 | ---- | M] () Skype.lnk -> C:\Users\Public\Desktop\Skype.lnk -> [2009/10/11 18:37:36 | 00,002,377 | ---- | M] () ezsidmv.dat -> C:\Windows\System32\ezsidmv.dat -> [2009/10/11 18:17:57 | 00,000,056 | -H-- | M] () 24 C:\Users\Kevin\AppData\Local\Temp\*.tmp files -> C:\Users\Kevin\AppData\Local\Temp\*.tmp -> 24 C:\Users\Kevin\AppData\Local\Temp\*.tmp files -> C:\Users\Kevin\AppData\Local\Temp\*.tmp -> [Files - No Company Name] CCleaner.lnk -> C:\Users\Kevin\Desktop\CCleaner.lnk -> [2009/11/08 20:53:20 | 00,001,672 | ---- | C] () wininit.dll -> C:\Windows\System32\wininit.dll -> [2009/11/08 17:11:54 | 00,000,826 | ---- | C] () Our_Hot_Parents_-_Family_Incest,_Blowjob,_Mature,_Teen.wmv -> C:\Users\Kevin\Documents\Our_Hot_Parents_-_Family_Incest,_Blowjob,_Mature,_Teen.wmv -> [2009/11/03 22:32:22 | 56,448,618 | ---- | C] () LimeWire 5.3.6.lnk -> C:\Users\Kevin\Desktop\LimeWire 5.3.6.lnk -> [2009/10/25 08:48:04 | 00,001,702 | ---- | C] () Marketing Plan.ppt -> C:\Users\Kevin\Documents\Marketing Plan.ppt -> [2009/10/24 11:24:18 | 00,501,760 | ---- | C] () Presentation1.pptx -> C:\Users\Kevin\Documents\Presentation1.pptx -> [2009/10/23 20:57:51 | 00,787,468 | ---- | C] () Coach.doc -> C:\Users\Kevin\Documents\Coach.doc -> [2009/10/23 18:26:49 | 00,026,624 | ---- | C] () WkCalRem.LNK -> C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WkCalRem.LNK -> [2009/10/18 19:21:48 | 00,000,851 | ---- | C] () iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2009/10/14 05:36:41 | 00,001,804 | ---- | C] () ezsidmv.dat -> C:\Windows\System32\ezsidmv.dat -> [2009/10/11 18:17:57 | 00,000,056 | -H-- | C] () Skype.lnk -> C:\Users\Public\Desktop\Skype.lnk -> [2009/10/11 18:12:40 | 00,002,377 | ---- | C] () libmplayer.dll -> C:\Windows\System32\libmplayer.dll -> [2009/06/07 19:04:31 | 00,404,480 | ---- | C] () TomsMoComp_ff.dll -> C:\Windows\System32\TomsMoComp_ff.dll -> [2009/06/07 19:04:31 | 00,200,704 | ---- | C] () libmpeg2_ff.dll -> C:\Windows\System32\libmpeg2_ff.dll -> [2009/06/07 19:04:31 | 00,114,688 | ---- | C] () libavcodec.dll -> C:\Windows\System32\libavcodec.dll -> [2009/06/07 19:04:30 | 03,049,984 | ---- | C] () ff_vfw.dll -> C:\Windows\System32\ff_vfw.dll -> [2009/04/27 22:25:08 | 00,084,480 | ---- | C] () lame_enc.dll -> C:\Windows\System32\lame_enc.dll -> [2009/04/25 16:02:49 | 00,237,568 | ---- | C] () wininit.ini -> C:\Windows\wininit.ini -> [2009/04/24 16:51:52 | 00,000,066 | ---- | C] () ODBC.INI -> C:\Windows\ODBC.INI -> [2009/02/18 19:25:18 | 00,000,376 | ---- | C] () igklg400.dll -> C:\Windows\System32\igklg400.dll -> [2009/02/11 07:49:40 | 01,953,696 | ---- | C] () igklg450.dll -> C:\Windows\System32\igklg450.dll -> [2009/02/11 07:49:40 | 01,533,360 | ---- | C] () igfxCoIn_v1409.dll -> C:\Windows\System32\igfxCoIn_v1409.dll -> [2009/02/11 07:49:40 | 00,147,456 | ---- | C] () igmedcompkrn.dll -> C:\Windows\System32\igmedcompkrn.dll -> [2009/02/11 07:49:40 | 00,104,636 | ---- | C] () HdmiCoin.dll -> C:\Windows\System32\HdmiCoin.dll -> [2009/02/11 07:49:40 | 00,004,608 | ---- | C] () rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2009/02/11 07:49:37 | 00,016,480 | ---- | C] () bcmwlrmt.dll -> C:\Windows\System32\bcmwlrmt.dll -> [2009/02/11 06:13:57 | 00,055,808 | ---- | C] () ff_vfw.dll.manifest -> C:\Windows\System32\ff_vfw.dll.manifest -> [2008/09/12 15:21:02 | 00,000,547 | ---- | C] () xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2008/04/27 09:33:36 | 00,765,952 | ---- | C] () unrar.dll -> C:\Windows\System32\unrar.dll -> [2007/09/04 11:56:10 | 00,164,352 | ---- | C] () AviSplitter.INI -> C:\Windows\AviSplitter.INI -> [2007/02/05 20:05:26 | 00,000,038 | ---- | C] () atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 05:25:44 | 00,159,744 | ---- | C] () win.ini -> C:\Windows\win.ini -> [2006/11/02 05:23:31 | 00,000,240 | ---- | C] () system.ini -> C:\Windows\system.ini -> [2006/11/02 05:23:31 | 00,000,219 | ---- | C] () pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 02:40:29 | 00,013,750 | ---- | C] () [File - Lop Check] C:\Users\Administrator\AppData\Roaming\Dell -> C:\Users\Administrator\AppData\Roaming\Dell -> [2009/08/01 12:28:43 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\acccore -> C:\Users\Kevin\AppData\Roaming\acccore -> [2009/02/18 16:08:31 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Aim -> C:\Users\Kevin\AppData\Roaming\Aim -> [2009/07/13 08:22:24 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\BitTorrent -> C:\Users\Kevin\AppData\Roaming\BitTorrent -> [2009/11/08 14:56:28 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\com.adobe.ExMan -> C:\Users\Kevin\AppData\Roaming\com.adobe.ExMan -> [2009/07/31 19:59:52 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Dell -> C:\Users\Kevin\AppData\Roaming\Dell -> [2009/02/18 14:22:24 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Eltima Software -> C:\Users\Kevin\AppData\Roaming\Eltima Software -> [2009/06/30 11:09:37 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\GetRightToGo -> C:\Users\Kevin\AppData\Roaming\GetRightToGo -> [2009/07/15 11:40:31 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\HandBrake -> C:\Users\Kevin\AppData\Roaming\HandBrake -> [2009/04/25 06:00:09 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\ImTOO Software Studio -> C:\Users\Kevin\AppData\Roaming\ImTOO Software Studio -> [2009/04/25 18:05:13 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\LimeWire -> C:\Users\Kevin\AppData\Roaming\LimeWire -> [2009/11/01 22:18:02 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\NetMedia Providers -> C:\Users\Kevin\AppData\Roaming\NetMedia Providers -> [2009/07/15 12:03:13 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\PeerNetworking -> C:\Users\Kevin\AppData\Roaming\PeerNetworking -> [2009/02/18 18:08:49 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Publish Providers -> C:\Users\Kevin\AppData\Roaming\Publish Providers -> [2009/07/17 13:39:10 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Red Kawa -> C:\Users\Kevin\AppData\Roaming\Red Kawa -> [2009/04/27 18:08:52 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Sony -> C:\Users\Kevin\AppData\Roaming\Sony -> [2009/07/17 12:27:16 | 00,000,000 | ---D | M] SA.DAT -> C:\Windows\Tasks\SA.DAT -> [2009/11/09 17:32:08 | 00,000,006 | -H-- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/11/09 06:20:46 | 00,032,608 | ---- | M] () User_Feed_Synchronization-{21AB535A-570C-4477-9AD4-EAFA22BEDC8C}.job -> C:\Windows\Tasks\User_Feed_Synchronization-{21AB535A-570C-4477-9AD4-EAFA22BEDC8C}.job -> [2009/11/09 17:38:05 | 00,000,418 | -H-- | M] () [File - Purity Scan] [Custom Scans] < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > C:\Users\Kevin\AppData\Roaming\acccore -> C:\Users\Kevin\AppData\Roaming\acccore -> [2009/02/18 16:08:31 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Adobe -> C:\Users\Kevin\AppData\Roaming\Adobe -> [2009/08/18 19:04:20 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Aim -> C:\Users\Kevin\AppData\Roaming\Aim -> [2009/07/13 08:22:24 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Apple Computer -> C:\Users\Kevin\AppData\Roaming\Apple Computer -> [2009/09/27 16:02:13 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\AVS4YOU -> C:\Users\Kevin\AppData\Roaming\AVS4YOU -> [2009/04/25 18:24:46 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\BitTorrent -> C:\Users\Kevin\AppData\Roaming\BitTorrent -> [2009/11/08 14:56:28 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\com.adobe.ExMan -> C:\Users\Kevin\AppData\Roaming\com.adobe.ExMan -> [2009/07/31 19:59:52 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\CyberLink -> C:\Users\Kevin\AppData\Roaming\CyberLink -> [2009/02/19 10:26:38 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Dell -> C:\Users\Kevin\AppData\Roaming\Dell -> [2009/02/18 14:22:24 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\DivX -> C:\Users\Kevin\AppData\Roaming\DivX -> [2009/05/24 11:51:03 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Download Manager -> C:\Users\Kevin\AppData\Roaming\Download Manager -> [2009/07/16 19:59:28 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Eltima Software -> C:\Users\Kevin\AppData\Roaming\Eltima Software -> [2009/06/30 11:09:37 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\GetRightToGo -> C:\Users\Kevin\AppData\Roaming\GetRightToGo -> [2009/07/15 11:40:31 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\HandBrake -> C:\Users\Kevin\AppData\Roaming\HandBrake -> [2009/04/25 06:00:09 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Identities -> C:\Users\Kevin\AppData\Roaming\Identities -> [2009/02/18 14:24:52 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\ImTOO Software Studio -> C:\Users\Kevin\AppData\Roaming\ImTOO Software Studio -> [2009/04/25 18:05:13 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\InstallShield -> C:\Users\Kevin\AppData\Roaming\InstallShield -> [2009/03/07 21:17:36 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\LimeWire -> C:\Users\Kevin\AppData\Roaming\LimeWire -> [2009/11/01 22:18:02 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Macromedia -> C:\Users\Kevin\AppData\Roaming\Macromedia -> [2009/02/18 15:26:38 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Malwarebytes -> C:\Users\Kevin\AppData\Roaming\Malwarebytes -> [2009/03/07 12:26:48 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Microsoft -> C:\Users\Kevin\AppData\Roaming\Microsoft -> [2009/10/11 19:32:46 | 00,000,000 | --SD | M] C:\Users\Kevin\AppData\Roaming\Move Networks -> C:\Users\Kevin\AppData\Roaming\Move Networks -> [2009/07/29 10:25:30 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Mozilla -> C:\Users\Kevin\AppData\Roaming\Mozilla -> [2009/06/18 19:25:40 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\NetMedia Providers -> C:\Users\Kevin\AppData\Roaming\NetMedia Providers -> [2009/07/15 12:03:13 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\PeerNetworking -> C:\Users\Kevin\AppData\Roaming\PeerNetworking -> [2009/02/18 18:08:49 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Publish Providers -> C:\Users\Kevin\AppData\Roaming\Publish Providers -> [2009/07/17 13:39:10 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Real -> C:\Users\Kevin\AppData\Roaming\Real -> [2009/06/12 15:12:49 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Red Kawa -> C:\Users\Kevin\AppData\Roaming\Red Kawa -> [2009/04/27 18:08:52 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Skype -> C:\Users\Kevin\AppData\Roaming\Skype -> [2009/10/11 18:37:45 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\skypePM -> C:\Users\Kevin\AppData\Roaming\skypePM -> [2009/10/13 23:07:50 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Sony -> C:\Users\Kevin\AppData\Roaming\Sony -> [2009/07/17 12:27:16 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Tor -> C:\Users\Kevin\AppData\Roaming\Tor -> [2009/07/19 06:56:49 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\Vidalia -> C:\Users\Kevin\AppData\Roaming\Vidalia -> [2009/07/19 12:02:50 | 00,000,000 | ---D | M] C:\Users\Kevin\AppData\Roaming\WinRAR -> C:\Users\Kevin\AppData\Roaming\WinRAR -> [2009/05/10 19:51:43 | 00,000,000 | ---D | M] < %APPDATA%\*.exe /s > crashreporter.exe -> C:\Users\Kevin\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe -> [2009/02/18 15:56:10 | 00,163,840 | ---- | M] (Mozilla Foundation) updater.exe -> C:\Users\Kevin\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe -> [2009/02/18 15:56:12 | 00,196,608 | ---- | M] (Mozilla Foundation) xpcshell.exe -> C:\Users\Kevin\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe -> [2009/02/18 15:56:12 | 00,014,848 | ---- | M] () xpicleanup.exe -> C:\Users\Kevin\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe -> [2009/02/18 15:56:12 | 00,077,824 | ---- | M] (Mozilla Foundation) xpidl.exe -> C:\Users\Kevin\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe -> [2009/02/18 15:56:12 | 00,266,240 | ---- | M] (Mozilla Foundation) xpt_dump.exe -> C:\Users\Kevin\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe -> [2009/02/18 15:56:12 | 00,018,432 | ---- | M] () xpt_link.exe -> C:\Users\Kevin\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe -> [2009/02/18 15:56:12 | 00,014,336 | ---- | M] () xulrunner-stub.exe -> C:\Users\Kevin\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe -> [2009/02/18 15:56:12 | 00,073,728 | ---- | M] (Mozilla Foundation) xulrunner.exe -> C:\Users\Kevin\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe -> [2009/02/18 15:56:12 | 00,102,400 | ---- | M] (Mozilla Foundation) airappinstaller.exe -> C:\Users\Kevin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe -> [2009/05/14 20:20:06 | 00,038,200 | ---- | M] () MovePlayerUpgrade.exe -> C:\Users\Kevin\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe -> [2009/03/09 12:29:40 | 00,097,144 | ---- | M] () Uninst.exe -> C:\Users\Kevin\AppData\Roaming\Move Networks\ie_bin\Uninst.exe -> [2009/07/29 10:25:30 | 00,034,062 | ---- | M] () realplayer11gold.exe -> C:\Users\Kevin\AppData\Roaming\Real\RealPlayer\Update\realplayer11gold.exe -> [2009/06/23 15:43:24 | 00,390,664 | ---- | M] (RealNetworks, Inc.) realplayer11gold.exe -> C:\Users\Kevin\AppData\Roaming\Real\Update\temp\~Upg0\realplayer11gold.exe -> [2009/06/12 15:12:53 | 00,390,664 | ---- | M] (RealNetworks, Inc.) < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > < %SYSTEMDRIVE%\scecli.dll /s /md5 > scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\Windows\System32\scecli.dll -> [2008/01/20 21:34:39 | 00,177,152 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll -> [2008/01/20 21:34:39 | 00,177,152 | ---- | M] (Microsoft Corporation) < %SYSTEMDRIVE%\netlogon.dll /s /md5 > netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\Windows\System32\netlogon.dll -> [2008/01/20 21:33:41 | 00,592,384 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll -> [2008/01/20 21:33:41 | 00,592,384 | ---- | M] (Microsoft Corporation) < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\System32\cngaudit.dll -> [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll -> [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > iastor.sys : MD5=997E8F5939F2D12CD9F2E6B395724C16 -> C:\Drivers\storage\R166200\iastor.sys -> [2007/09/06 11:43:26 | 00,304,920 | ---- | M] (Intel Corporation) IaStor.sys : MD5=997E8F5939F2D12CD9F2E6B395724C16 -> C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys -> [2007/03/21 13:58:56 | 00,304,920 | ---- | M] (Intel Corporation) IaStor.sys : MD5=9D7ED4275702E2FC409F2CC563245740 -> C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys -> [2007/03/21 13:59:30 | 00,381,720 | ---- | M] (Intel Corporation) iaStor.sys : MD5=997E8F5939F2D12CD9F2E6B395724C16 -> C:\Windows\System32\drivers\iaStor.sys -> [2007/09/06 11:43:26 | 00,304,920 | ---- | M] (Intel Corporation) iaStor.sys : MD5=997E8F5939F2D12CD9F2E6B395724C16 -> C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys -> [2007/09/06 11:43:26 | 00,304,920 | ---- | M] (Intel Corporation) iaStor.sys : MD5=997E8F5939F2D12CD9F2E6B395724C16 -> C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys -> [2007/09/06 11:43:26 | 00,304,920 | ---- | M] (Intel Corporation) < %SYSTEMDRIVE%\nvstor.sys /s /md5 > nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\System32\drivers\nvstor.sys -> [2008/01/20 21:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys -> [2008/01/20 21:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys -> [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys -> [2008/01/20 21:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) < %SYSTEMDRIVE%\atapi.sys /s /md5 > atapi.sys : MD5=0D83C87A801A3DFCD1BF73893FE7518C -> C:\Windows\System32\drivers\atapi.sys -> [2009/02/11 07:29:03 | 00,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=0D83C87A801A3DFCD1BF73893FE7518C -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys -> [2009/02/11 07:29:03 | 00,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys -> [2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys -> [2008/01/20 21:32:21 | 00,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys -> [2008/01/20 21:32:21 | 00,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=0D83C87A801A3DFCD1BF73893FE7518C -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys -> [2009/02/11 07:29:03 | 00,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=96DC4E1A9F90CCD489950A8935425C59 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys -> [2009/02/11 07:29:03 | 00,021,560 | ---- | M] (Microsoft Corporation) < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\drivers\AGP440.sys -> [2008/01/20 21:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys -> [2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys -> [2008/01/20 21:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys -> [2008/01/20 21:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > [Alternate Data Streams] @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5D432CE3 < End of report > [/code]