[code] OTS logfile created on: 19/02/2011 18:31:08 - Run 2 OTS by OldTimer - Version 3.1.41.4 Folder = C:\Users\owner\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.34 Gb Total Space | 202.91 Gb Free Space | 71.61% Space Free | Partition Type: NTFS Drive D: | 176.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Y: | 14.65 Gb Total Space | 9.15 Gb Free Space | 62.49% Space Free | Partition Type: NTFS Computer Name: OWNER-PC Current User Name: owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\owner\Desktop\OTS.exe -> [2011/02/19 18:26:06 | 000,642,560 | ---- | M] (OldTimer Tools) nvsvc32.exe -> C:\Users\Public\nvsvc32.exe -> [2011/02/15 19:48:32 | 000,094,208 | RHS- | M] () utorrent.exe -> C:\Program Files (x86)\uTorrent\uTorrent.exe -> [2011/02/05 22:39:33 | 000,396,152 | ---- | M] (BitTorrent, Inc.) applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2010/12/15 22:19:55 | 000,039,408 | ---- | M] (Google Inc.) flashutil10h_activex.exe -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -> [2010/10/29 04:30:51 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) wirelesscard.exe -> C:\Program Files (x86)\Telit\H9 HSPA Modem\WirelessCard.exe -> [2010/10/09 18:12:22 | 002,048,000 | ---- | M] () sftservice.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -> [2010/08/21 01:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) stservice.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe -> [2010/07/21 18:36:02 | 000,783,680 | ---- | M] () wrtray.exe -> C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe -> [2010/06/25 02:20:52 | 001,259,120 | ---- | M] (Webroot Software, Inc. ) wrconsumerservice.exe -> C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -> [2010/06/25 02:16:40 | 002,998,560 | ---- | M] (Webroot Software, Inc. ) aei.exe -> C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe -> [2010/06/17 14:49:06 | 003,857,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) ssu.exe -> C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe -> [2010/06/17 14:48:58 | 000,157,536 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) sftvsa.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -> [2010/04/24 09:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) sftlist.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -> [2010/04/24 09:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) detectwireless.exe -> C:\Program Files (x86)\Telit\H9 HSPA Modem\DetectWireless.exe -> [2010/02/09 22:35:54 | 000,061,440 | ---- | M] () kmprocess.exe -> C:\Program Files (x86)\Keyboard & Mouse Driver\KMProcess.exe -> [2009/09/22 19:51:56 | 000,339,968 | ---- | M] (UASSOFT.COM) kmconfig.exe -> C:\Program Files (x86)\Keyboard & Mouse Driver\KMCONFIG.exe -> [2009/09/22 19:45:58 | 000,391,168 | ---- | M] (UASSOFT.COM) kmwdsrv.exe -> C:\Program Files (x86)\Keyboard & Mouse Driver\KMWDSrv.exe -> [2009/09/01 06:14:58 | 001,823,744 | ---- | M] (UASSOFT.COM) webcamdell2.exe -> C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe -> [2009/06/24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) docklogin.exe -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2009/06/09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) sprtsvc.exe -> C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -> [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) sprtsvc.exe -> C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -> [2009/05/05 12:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) startautorun.exe -> C:\Program Files (x86)\Keyboard & Mouse Driver\StartAutorun.exe -> [2008/05/30 09:22:38 | 000,212,992 | ---- | M] (UASSOFT.COM) [Modules - Safe List] ots.exe -> C:\Users\owner\Desktop\OTS.exe -> [2011/02/19 18:26:06 | 000,642,560 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll -> [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) wpdshext.dll -> C:\Windows\SysWOW64\wpdshext.dll -> [2009/07/14 03:16:20 | 002,311,168 | ---- | M] (Microsoft Corporation) fontext.dll -> C:\Windows\SysWOW64\fontext.dll -> [2009/07/14 03:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) fms.dll -> C:\Windows\SysWOW64\fms.dll -> [2009/07/14 03:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) gdiplus.dll -> C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll -> [2009/07/14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) (GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -> [2010/12/17 21:57:57 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) (SftService) SoftThinks Agent Service [Auto | Running] -> C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -> [2010/08/21 01:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) (WRConsumerService) Webroot Client Service [Auto | Running] -> C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -> [2010/06/25 02:16:40 | 002,998,560 | ---- | M] (Webroot Software, Inc. ) (WebrootSpySweeperService) Webroot Spy Sweeper Engine [Auto | Running] -> C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -> [2010/06/17 14:49:06 | 003,857,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) (sftvsa) Application Virtualization Service Agent [On_Demand | Running] -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -> [2010/04/24 09:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) (sftlist) Application Virtualization Client [Auto | Running] -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -> [2010/04/24 09:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (KMWDSERVICE) Keyboard And Mouse Communication Service [Auto | Running] -> C:\Program Files (x86)\Keyboard & Mouse Driver\KMWDSrv.exe -> [2009/09/01 06:14:58 | 001,823,744 | ---- | M] (UASSOFT.COM) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) [Auto | Running] -> C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -> [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms) [Auto | Running] -> C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -> [2009/05/05 12:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Driver Services - Safe List] (bsusbser) Basecom USB Device for Legacy Serial Communication [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\drivers\bsusbser.sys -> [2008/01/24 01:09:28 | 000,113,664 | ---- | M] (QUALCOMM Incorporated) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{3796e649-4334-4cbf-89d3-a927554ad438}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\] > -> -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\: Main\\"Start Page Redirect Cache" -> http://il.msn.com/?ocid=iehp -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> he -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> B8 9F C5 52 C7 CE CB 01 [binary data] -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\: URLSearchHooks\\"{3796e649-4334-4cbf-89d3-a927554ad438}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\: URLSearchHooks\\"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\: URLSearchHooks\\"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\: "ProxyEnable" -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla < FireFox Extensions [User Folders] > -> < HOSTS File > ([2011/02/18 17:47:03 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/12/15 22:19:02 | 000,297,648 | ---- | M] (Google Inc.) {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Plug-In] -> [2010/11/23 03:05:52 | 001,242,504 | ---- | M] (Skype Technologies S.A.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [Google Toolbar Notifier BHO] -> [2010/12/15 22:19:55 | 000,843,832 | ---- | M] (Google Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/12/15 22:19:02 | 000,297,648 | ---- | M] (Google Inc.) < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/12/15 22:19:02 | 000,297,648 | ---- | M] (Google Inc.) WebBrowser\\"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/12/15 22:19:02 | 000,297,648 | ---- | M] (Google Inc.) WebBrowser\\"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\] > -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/12/15 22:19:02 | 000,297,648 | ---- | M] (Google Inc.) WebBrowser\\"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Dell Webcam Central" -> C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe ["C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2] -> [2009/06/24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) "KMCONFIG" -> ["C:\Program Files (x86)\Keyboard & Mouse Driver\StartAutorun.exe" KMConfig.exe] -> File not found "StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2010/03/24 04:44:10 | 000,102,400 | ---- | M] (Advanced Micro Devices, Inc.) "WebrootTrayApp" -> C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe ["C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"] -> [2010/06/25 02:20:52 | 001,259,120 | ---- | M] (Webroot Software, Inc. ) < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "DSUpdateLauncher" -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"] -> [2010/07/21 18:35:26 | 000,018,240 | ---- | M] (Dell) "Launcher" -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe"] -> [2010/07/21 18:36:00 | 000,165,184 | ---- | M] (Softthinks) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\] > -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "MyDetectWireless" -> C:\Program Files (x86)\Telit\H9 HSPA Modem\DetectWireless.exe ["C:\Program Files (x86)\Telit\H9 HSPA Modem\DetectWireless.exe"] -> [2010/02/09 22:35:54 | 000,061,440 | ---- | M] () "MyWirelessCard" -> C:\Program Files (x86)\Telit\H9 HSPA Modem\WirelessCard.exe ["C:\Program Files (x86)\Telit\H9 HSPA Modem\WirelessCard.exe"] -> [2010/10/09 18:12:22 | 002,048,000 | ---- | M] () "NVIDIA driver monitor" -> c:\users\public\nvsvc32.exe ["c:\users\public\nvsvc32.exe"] -> [2011/02/15 19:48:32 | 000,094,208 | RHS- | M] () "swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2010/12/15 22:19:55 | 000,039,408 | ---- | M] (Google Inc.) "uTorrent" -> C:\Program Files (x86)\uTorrent\uTorrent.exe ["C:\Program Files (x86)\uTorrent\uTorrent.exe"] -> [2011/02/05 22:39:33 | 000,396,152 | ---- | M] (BitTorrent, Inc.) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found \\"NoActiveDesktopChanges" -> [1] -> File not found \\"NoCDBurning" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000] > -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDesktopCleanupWizard" -> [1] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html] -> [2010/12/15 22:19:15 | 001,866,416 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html] -> [2010/12/15 22:19:15 | 001,866,416 | ---- | M] (Google Inc.) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Plug-In] -> [2010/11/23 03:05:52 | 001,242,504 | ---- | M] (Skype Technologies S.A.) {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype Plug-In] -> [2010/11/23 03:05:52 | 001,242,504 | ---- | M] (Skype Technologies S.A.) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\] > -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\] > -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-699966497-1914629666-2531190101-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {D45632B6-096C-475E-8FCF-82A71585D9D7}\\DhcpNameServer -> 168.94.0.15 168.94.0.14 (Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)) -> IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles "MaxScriptStatements" -> Reg Error: Invalid data type. "Use My Stylesheet" -> Reg Error: Invalid data type. < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2010/10/29 04:15:48 | 002,614,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> t fou -> -> File not found *MultiFile Done* -> -> < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {093EFA70-0B94-4FA4-8745-DD4DDD8C080A} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {179BDEFC-E276-4F50-932F-9296CAAF3565} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {246CD5EA-BFD3-4168-9119-6EB3AB7DD246} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | {365CF4E1-A82E-4318-B2FD-593C2842E021} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {481A7C02-280E-45F4-A7EB-D11F9C0A357C} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {4CF6A138-AA35-4BEC-BA80-8F855CCAD95A} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {4D023B5F-6168-49BC-997F-38044760E78D} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {6F7BED08-53B2-4D63-99CA-BF9F61FBFE92} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {7CC4F1BE-8D2D-4DAD-8DFD-F335746AA6AD} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {91864217-DDE1-4C58-9CC4-A058E55C8566} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {9B9056CD-6940-4500-9E67-8CDA8ED94FE4} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {9B9B2865-190E-45BE-8BBA-77B9323AC54B} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {9BA835BC-CC95-4529-A087-52B6244B0BE8} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {A16B59A3-C77B-4CF4-876A-10D3601C0166} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {0D6082EE-E15E-4370-96CC-86E6C823EEFB} -> profile=public | protocol=6 | dir=in | action=allow | name=mcafee shared service host | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | {46120F8F-56BF-497B-96E0-A414E523217A} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {64F016CF-9869-47F9-8137-37A079884834} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {73A447FA-D661-4EBD-813A-041951CD95AA} -> profile=public | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {796B7691-1481-437B-BF42-5AFB49C4C076} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {858A39FE-C71E-49EC-8ADD-CE37B010E182} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {8D4AC627-172A-42CC-822A-84518BC08E6D} -> profile=public | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {982DF5B5-29A8-40BD-BDE1-C2DF2B2D0A55} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | {B9E3796F-9A6A-4473-A7EE-3CA88FF2BD4B} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {C1B3FF2F-808B-4A6E-BAFE-5B1DEDA79071} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | {C44B102C-80D8-40F5-AC3B-FEFA2922FB0E} -> profile=public | protocol=6 | dir=in | action=allow | name=juiced2_hin | app=c:\program files (x86)\thq\juiced2_hin\juiced2_hin.exe | {D2B8DD54-159D-40DE-9CA1-30F9CFAA9F8A} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {D4BC96F5-443C-47FC-BE3A-4B5B9A3B2FE5} -> profile=public | protocol=17 | dir=in | action=allow | name=juiced2_hin | app=c:\program files (x86)\thq\juiced2_hin\juiced2_hin.exe | {E886C090-3EFE-4C65-BACA-3128A3F24613} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {E990E83F-40C3-4FB7-93E0-E9F6599DBF07} -> profile=public | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {EA5D365E-C4AE-461C-AF0D-8CAE4F04143E} -> profile=public | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {EBAAA858-1605-472B-805D-4EF95ACDAC2B} -> profile=public | protocol=17 | dir=in | action=allow | name=mcafee shared service host | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | TCP Query User{4FCC0DDE-4696-4272-BB3F-1D6D948443DA}C:\program files (x86)\emule\emule.exe -> profile=public | protocol=6 | dir=in | action=allow | name=emule | app=c:\program files (x86)\emule\emule.exe | TCP Query User{6DB8609C-5F2B-4724-833B-BD777FFD79CE}C:\program files (x86)\activision\call of duty - black ops\blackops.exe -> profile=public | protocol=6 | dir=in | action=allow | name=blackops | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe | TCP Query User{EB30286A-1B0A-424C-882F-FAFAC7EDA02E}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | UDP Query User{4525B3D1-776E-4D74-B714-1AE1D0CA60B4}C:\program files (x86)\activision\call of duty - black ops\blackops.exe -> profile=public | protocol=17 | dir=in | action=allow | name=blackops | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe | UDP Query User{8C97BADF-6A0B-41D1-BCA2-DCBC7134767D}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | UDP Query User{F69D5031-9BAC-444D-9500-CEDE5FD5A35C}C:\program files (x86)\emule\emule.exe -> profile=public | protocol=17 | dir=in | action=allow | name=emule | app=c:\program files (x86)\emule\emule.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> D:\AUTORUN.INF [[autorun] | OPEN=install.exe | ICON=installer.ico | ] -> D:\AUTORUN.INF [ UDF ] -> [2010/06/23 21:19:29 | 000,000,049 | R--- | M] () Y:\AUTORUN.INF [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> Y:\AUTORUN.INF [ NTFS ] -> [2004/05/01 00:01:00 | 000,000,053 | -HS- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \E HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell \E\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\AutoRun\command \E\shell\AutoRun\command\\"" -> [E:\Setup.exe] -> File not found \{2688c977-e300-11df-acd8-806e6f6e6963} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2688c977-e300-11df-acd8-806e6f6e6963}\shell \{2688c977-e300-11df-acd8-806e6f6e6963}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2688c977-e300-11df-acd8-806e6f6e6963}\shell\AutoRun\command \{2688c977-e300-11df-acd8-806e6f6e6963}\shell\AutoRun\command\\"" -> D:\install.exe [D:\install.exe] -> [2010/06/22 18:40:40 | 001,259,192 | R--- | M] (Webroot Software, Inc.) \{35f62394-1646-11e0-a537-f04da2a5e848} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35f62394-1646-11e0-a537-f04da2a5e848}\shell \{35f62394-1646-11e0-a537-f04da2a5e848}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35f62394-1646-11e0-a537-f04da2a5e848}\shell\AutoRun\command \{35f62394-1646-11e0-a537-f04da2a5e848}\shell\AutoRun\command\\"" -> [E:\Setup.exe] -> File not found \{4cad2b4e-27d1-11e0-bc2b-f04da2a5e848} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cad2b4e-27d1-11e0-bc2b-f04da2a5e848}\shell \{4cad2b4e-27d1-11e0-bc2b-f04da2a5e848}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cad2b4e-27d1-11e0-bc2b-f04da2a5e848}\shell\AutoRun\command \{4cad2b4e-27d1-11e0-bc2b-f04da2a5e848}\shell\AutoRun\command\\"" -> [F:\start.exe] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - All] < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> Ias -> C:\Windows\SysWow64\ias.dll -> [2009/07/14 03:15:26 | 000,019,456 | ---- | M] (Microsoft Corporation) Remoteaccess -> C:\Windows\SysWOW64\mprdim.dll -> [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) SENS -> C:\Windows\SysWOW64\Sens.dll -> [2009/07/14 03:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) Tapisrv -> C:\Windows\SysWOW64\tapisrv.dll -> [2009/07/14 03:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) Wmi -> C:\Windows\SysWow64\wmi.dll -> [2009/07/14 03:11:09 | 000,005,120 | ---- | M] (Microsoft Corporation) ShellHWDetection -> C:\Windows\SysWOW64\shsvcs.dll -> [2009/07/14 03:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) SessionEnv -> C:\Windows\SysWOW64\SessEnv.dll -> [2009/07/14 03:16:13 | 000,099,328 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> [2009/07/14 03:39:12 | 000,016,896 | ---- | M] (Microsoft Corporation) cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) cmdfile [open] -> "%1" %* -> cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/14 03:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2009/07/14 03:14:45 | 000,009,728 | ---- | M] (Microsoft Corporation) htafile [open] -> C:\Windows\SysWOW64\mshta.exe "%1" %* -> [2009/07/14 03:14:25 | 000,047,104 | ---- | M] (Microsoft Corporation) htmlfile [open] -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome -> [2010/12/18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) htmlfile [opennew] -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 -> [2010/12/18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) htmlfile [print] -> rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" -> http [open] -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome -> [2010/12/18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) https [open] -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome -> [2010/12/18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/14 03:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation) inffile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) inffile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) inifile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) inifile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2009/07/14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2009/07/14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) jsfile [edit] -> C:\Windows\System32\Notepad.exe %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) jsfile [open] -> C:\Windows\System32\WScript.exe "%1" %* -> [2009/07/14 03:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) jsfile [print] -> C:\Windows\System32\Notepad.exe /p %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) jsefile [edit] -> C:\Windows\System32\Notepad.exe %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) jsefile [open] -> C:\Windows\System32\WScript.exe "%1" %* -> [2009/07/14 03:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) jsefile [print] -> C:\Windows\System32\Notepad.exe /p %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> regfile [edit] -> %SystemRoot%\system32\notepad.exe "%1" -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) regfile [open] -> regedit.exe "%1" -> [2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) regfile [print] -> %SystemRoot%\system32\notepad.exe /p "%1" -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> scrfile [open] -> "%1" /S -> txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) vbefile [edit] -> "%SystemRoot%\System32\Notepad.exe" %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) vbefile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> [2009/07/14 03:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) vbefile [print] -> "%SystemRoot%\System32\Notepad.exe" /p %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) vbsfile [edit] -> "%SystemRoot%\System32\Notepad.exe" %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) vbsfile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> [2009/07/14 03:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) vbsfile [print] -> "%SystemRoot%\System32\Notepad.exe" /p %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) wsffile [edit] -> "%SystemRoot%\System32\Notepad.exe" %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) wsffile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> [2009/07/14 03:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) wsffile [print] -> "%SystemRoot%\System32\Notepad.exe" /p %1 -> [2009/07/14 03:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) wshfile [open] -> "%SystemRoot%\System32\WScript.exe" "%1" %* -> [2009/07/14 03:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2011/01/30 23:27:10 | 000,107,008 | ---- | M] () Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009/07/14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2010/10/29 04:15:48 | 002,870,272 | ---- | M] (Microsoft Corporation) Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2011/01/30 23:27:10 | 000,107,008 | ---- | M] () Folder [open] -> %SystemRoot%\Explorer.exe -> [2010/10/29 04:15:48 | 002,870,272 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2010/10/29 04:15:48 | 002,870,272 | ---- | M] (Microsoft Corporation) Applications\iexplore.exe [open] -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 -> [2010/12/18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -> [2010/12/18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 08/02/2011 14:51:00 Computer Name = owner-PC | Source = SideBySide | ID = 16842787 -> Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 08/02/2011 14:51:30 Computer Name = owner-PC | Source = SideBySide | ID = 16842811 -> Description = Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2. Invalid Xml syntax. Application [ Error ] 09/02/2011 02:53:58 Computer Name = owner-PC | Source = EventSystem | ID = 4621 -> Description = Application [ Error ] 09/02/2011 12:45:20 Computer Name = owner-PC | Source = Application Error | ID = 1000 -> Description = Faulting application name: SetMUILanguage.exe, version: 1.0.83.18, time stamp: 0x4c21bb04 Faulting module name: STString.dll, version: 1.1.0.5, time stamp: 0x47e11d41 Exception code: 0xc0000005 Fault offset: 0x0000abcc Faulting process id: 0xf68 Faulting application start time: 0x01cbc878b17a025e Faulting application path: C:\Program Files (x86)\Dell DataSafe Local Backup\SetMUILanguage.exe Faulting module path: C:\Program Files (x86)\Dell DataSafe Local Backup\STString.dll Report Id: fa8dec3a-346b-11e0-a5c6-f04da2a5e848 Application [ Error ] 09/02/2011 14:11:47 Computer Name = owner-PC | Source = SideBySide | ID = 16842787 -> Description = Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 09/02/2011 14:11:49 Computer Name = owner-PC | Source = SideBySide | ID = 16842787 -> Description = Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 09/02/2011 14:11:49 Computer Name = owner-PC | Source = SideBySide | ID = 16842787 -> Description = Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 09/02/2011 19:18:04 Computer Name = owner-PC | Source = SideBySide | ID = 16842787 -> Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 09/02/2011 19:18:31 Computer Name = owner-PC | Source = SideBySide | ID = 16842811 -> Description = Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2. Invalid Xml syntax. Application [ Error ] 10/02/2011 00:15:19 Computer Name = owner-PC | Source = EventSystem | ID = 4621 -> Description = Dell [ Error ] 15/02/2011 09:46:48 Computer Name = owner-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion. Dell [ Error ] 16/02/2011 11:23:35 Computer Name = owner-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion. Dell [ Error ] 16/02/2011 11:23:36 Computer Name = owner-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion. Dell [ Error ] 17/02/2011 13:21:35 Computer Name = owner-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion. Dell [ Error ] 17/02/2011 13:21:35 Computer Name = owner-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion. Dell [ Error ] 18/02/2011 11:10:49 Computer Name = owner-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion. Dell [ Error ] 18/02/2011 11:10:49 Computer Name = owner-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion. Dell [ Error ] 18/02/2011 12:03:11 Computer Name = owner-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion. Dell [ Error ] 18/02/2011 12:03:11 Computer Name = owner-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion. Dell [ Error ] 19/02/2011 12:05:24 Computer Name = owner-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion. Media Center [ Error ] 10/02/2011 11:19:02 Computer Name = owner-PC | Source = MCUpdate | ID = 0 -> Description = 9:19:02 AM - Error connecting to the internet. 9:19:02 AM - Unable to contact server.. Media Center [ Error ] 10/02/2011 11:19:18 Computer Name = owner-PC | Source = MCUpdate | ID = 0 -> Description = 9:19:07 AM - Error connecting to the internet. 9:19:07 AM - Unable to contact server.. Media Center [ Error ] 10/02/2011 12:19:23 Computer Name = owner-PC | Source = MCUpdate | ID = 0 -> Description = 10:19:23 AM - Error connecting to the internet. 10:19:23 AM - Unable to contact server.. Media Center [ Error ] 10/02/2011 12:19:30 Computer Name = owner-PC | Source = MCUpdate | ID = 0 -> Description = 10:19:28 AM - Error connecting to the internet. 10:19:28 AM - Unable to contact server.. Media Center [ Error ] 10/02/2011 13:19:34 Computer Name = owner-PC | Source = MCUpdate | ID = 0 -> Description = 11:19:34 AM - Error connecting to the internet. 11:19:34 AM - Unable to contact server.. Media Center [ Error ] 10/02/2011 13:19:40 Computer Name = owner-PC | Source = MCUpdate | ID = 0 -> Description = 11:19:39 AM - Error connecting to the internet. 11:19:39 AM - Unable to contact server.. Media Center [ Error ] 11/02/2011 08:43:21 Computer Name = owner-PC | Source = MCUpdate | ID = 0 -> Description = 6:43:21 AM - Error connecting to the internet. 6:43:21 AM - Unable to contact server.. Media Center [ Error ] 11/02/2011 08:43:35 Computer Name = owner-PC | Source = MCUpdate | ID = 0 -> Description = 6:43:26 AM - Error connecting to the internet. 6:43:26 AM - Unable to contact server.. Media Center [ Error ] 17/02/2011 15:17:11 Computer Name = owner-PC | Source = MCUpdate | ID = 0 -> Description = 9:17:11 PM - Error connecting to the internet. 9:17:11 PM - Unable to contact server.. Media Center [ Error ] 17/02/2011 15:17:30 Computer Name = owner-PC | Source = MCUpdate | ID = 0 -> Description = 9:17:17 PM - Error connecting to the internet. 9:17:17 PM - Unable to contact server.. System [ Error ] 06/02/2011 10:47:40 Computer Name = owner-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 4:05:45 AM on ?2/?6/?2011 was unexpected. System [ Error ] 07/02/2011 01:49:02 Computer Name = owner-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 9:07:29 AM on ?2/?6/?2011 was unexpected. System [ Error ] 09/02/2011 02:08:07 Computer Name = owner-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 12:07:07 AM on ?2/?9/?2011 was unexpected. System [ Error ] 10/02/2011 05:09:42 Computer Name = owner-PC | Source = VDS Basic Provider | ID = 33554433 -> Description = System [ Error ] 10/02/2011 05:09:43 Computer Name = owner-PC | Source = VDS Basic Provider | ID = 33554433 -> Description = System [ Error ] 10/02/2011 10:11:19 Computer Name = owner-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 4:25:33 AM on ?2/?10/?2011 was unexpected. System [ Error ] 12/02/2011 06:03:43 Computer Name = owner-PC | Source = Service Control Manager | ID = 7038 -> Description = The FontCache service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: %%1352 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). System [ Error ] 12/02/2011 06:03:43 Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 -> Description = The Windows Font Cache Service service failed to start due to the following error: %%1069 System [ Error ] 12/02/2011 06:03:43 Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 -> Description = The ????? Google Update (gupdate) service failed to start due to the following error: %%109 System [ Error ] 12/02/2011 08:56:59 Computer Name = owner-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 12:56:19 PM on ?2/?12/?2011 was unexpected. [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\owner\Desktop\OTS.exe -> [2011/02/19 18:26:03 | 000,642,560 | ---- | C] (OldTimer Tools) Webroot -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot -> [2011/02/18 17:44:29 | 000,000,000 | ---D | C] Webroot -> C:\Program Files (x86)\Webroot -> [2011/02/18 17:44:29 | 000,000,000 | ---D | C] {94E7A161-5A7B-460F-BD45-76DE70D977A9} -> C:\ProgramData\{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> [2011/02/18 17:44:21 | 000,000,000 | -H-D | C] Webroot -> C:\ProgramData\Webroot -> [2011/02/18 17:39:38 | 000,000,000 | ---D | C] iTunes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes -> [2011/02/15 23:05:05 | 000,000,000 | ---D | C] GEARAspi.dll -> C:\Windows\SysWow64\GEARAspi.dll -> [2011/02/15 23:04:58 | 000,107,368 | ---- | C] (GEAR Software Inc.) iTunes -> C:\Program Files (x86)\iTunes -> [2011/02/15 23:04:28 | 000,000,000 | ---D | C] {93E26451-CD9A-43A5-A2FA-C42392EA4001} -> C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> [2011/02/15 23:04:28 | 000,000,000 | ---D | C] Apple Software Update -> C:\Program Files (x86)\Apple Software Update -> [2011/02/15 23:03:41 | 000,000,000 | ---D | C] Bonjour -> C:\Program Files (x86)\Bonjour -> [2011/02/15 23:03:11 | 000,000,000 | ---D | C] Apple Computer -> C:\Users\owner\AppData\Roaming\Apple Computer -> [2011/02/15 23:02:41 | 000,000,000 | ---D | C] Tracing -> C:\Users\owner\Tracing -> [2011/02/15 19:48:44 | 000,000,000 | ---D | C] Apple Computer -> C:\Users\owner\AppData\Local\Apple Computer -> [2011/02/15 16:52:31 | 000,000,000 | ---D | C] QuickTime -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime -> [2011/02/15 16:20:26 | 000,000,000 | ---D | C] QuickTime -> C:\Program Files (x86)\QuickTime -> [2011/02/15 16:20:14 | 000,000,000 | ---D | C] Apple Computer -> C:\ProgramData\Apple Computer -> [2011/02/15 16:20:13 | 000,000,000 | ---D | C] Apple -> C:\Program Files (x86)\Common Files\Apple -> [2011/02/15 16:19:30 | 000,000,000 | ---D | C] Apple -> C:\Users\owner\AppData\Local\Apple -> [2011/02/15 16:19:20 | 000,000,000 | ---D | C] Apple -> C:\ProgramData\Apple -> [2011/02/15 16:19:19 | 000,000,000 | ---D | C] msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2011/02/10 02:25:22 | 000,599,040 | ---- | C] (Microsoft Corporation) iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2011/02/10 02:25:19 | 000,185,856 | ---- | C] (Microsoft Corporation) mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2011/02/10 02:25:19 | 000,067,072 | ---- | C] (Microsoft Corporation) licmgr10.dll -> C:\Windows\SysWow64\licmgr10.dll -> [2011/02/10 02:25:18 | 000,044,544 | ---- | C] (Microsoft Corporation) msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2011/02/10 02:25:18 | 000,012,800 | ---- | C] (Microsoft Corporation) html.iec -> C:\Windows\SysWow64\html.iec -> [2011/02/10 02:25:17 | 000,386,048 | ---- | C] (Microsoft Corporation) ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2011/02/10 00:59:01 | 003,911,552 | ---- | C] (Microsoft Corporation) ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2011/02/10 00:59:00 | 003,966,848 | ---- | C] (Microsoft Corporation) upnp.dll -> C:\Windows\SysWow64\upnp.dll -> [2011/02/10 00:56:59 | 000,204,288 | ---- | C] (Microsoft Corporation) davclnt.dll -> C:\Windows\SysWow64\davclnt.dll -> [2011/02/10 00:56:56 | 000,080,384 | ---- | C] (Microsoft Corporation) wscapi.dll -> C:\Windows\SysWow64\wscapi.dll -> [2011/02/10 00:56:55 | 000,051,200 | ---- | C] (Microsoft Corporation) slwga.dll -> C:\Windows\SysWow64\slwga.dll -> [2011/02/10 00:56:55 | 000,014,336 | ---- | C] (Microsoft Corporation) jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2011/02/10 00:49:10 | 000,716,800 | ---- | C] (Microsoft Corporation) atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2011/02/10 00:47:11 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2011/02/10 00:47:11 | 000,034,304 | ---- | C] (Adobe Systems) dvdcss -> C:\Users\owner\AppData\Roaming\dvdcss -> [2011/02/09 20:12:49 | 000,000,000 | ---D | C] vlc -> C:\Users\owner\AppData\Roaming\vlc -> [2011/02/09 19:46:38 | 000,000,000 | ---D | C] VideoLAN -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN -> [2011/02/09 19:46:35 | 000,000,000 | ---D | C] VideoLAN -> C:\Program Files (x86)\VideoLAN -> [2011/02/09 19:46:14 | 000,000,000 | ---D | C] extensions -> C:\extensions -> [2011/02/05 22:42:56 | 000,000,000 | ---D | C] uTorrent -> C:\Program Files (x86)\uTorrent -> [2011/02/05 22:38:21 | 000,000,000 | ---D | C] uTorrent -> C:\Users\owner\AppData\Roaming\uTorrent -> [2011/02/05 22:36:53 | 000,000,000 | ---D | C] New folder -> C:\Users\owner\New folder -> [2011/02/03 07:21:21 | 000,000,000 | ---D | C] Soft -> C:\Users\owner\Soft -> [2011/02/03 07:12:43 | 000,000,000 | ---D | C] NVIDIA Corporation -> C:\Program Files (x86)\NVIDIA Corporation -> [2011/02/01 23:03:57 | 000,000,000 | ---D | C] Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2011/02/01 23:03:10 | 000,000,000 | ---D | C] Microsoft Silverlight -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight -> [2011/01/28 19:51:19 | 000,000,000 | ---D | C] Microsoft Games for Windows Marketplace -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace -> [2011/01/28 19:50:36 | 000,000,000 | ---D | C] xlive -> C:\Windows\SysWow64\xlive -> [2011/01/28 19:49:49 | 000,000,000 | ---D | C] Microsoft Games for Windows - LIVE -> C:\Program Files (x86)\Microsoft Games for Windows - LIVE -> [2011/01/28 19:49:49 | 000,000,000 | ---D | C] Microsoft Office Starter (English) -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) -> [2011/01/28 04:48:24 | 000,000,000 | ---D | C] VirtualizedApplications -> C:\ProgramData\VirtualizedApplications -> [2011/01/28 04:44:44 | 000,000,000 | ---D | C] MSOCache -> C:\MSOCache -> [2011/01/28 02:39:19 | 000,000,000 | RH-D | C] SoftGrid Client -> C:\Users\owner\AppData\Roaming\SoftGrid Client -> [2011/01/28 02:34:04 | 000,000,000 | ---D | C] SoftGrid Client -> C:\Users\owner\AppData\Local\SoftGrid Client -> [2011/01/28 02:34:04 | 000,000,000 | ---D | C] DESIGNER -> C:\Program Files (x86)\Common Files\DESIGNER -> [2011/01/28 02:32:56 | 000,000,000 | ---D | C] Microsoft Application Virtualization Client -> C:\Program Files (x86)\Microsoft Application Virtualization Client -> [2011/01/28 02:32:52 | 000,000,000 | ---D | C] TP -> C:\Users\owner\AppData\Roaming\TP -> [2011/01/28 02:32:28 | 000,000,000 | ---D | C] My Games -> C:\Users\owner\Documents\My Games -> [2011/01/27 05:07:53 | 000,000,000 | ---D | C] THQ -> C:\Users\owner\AppData\Roaming\THQ -> [2011/01/27 05:07:52 | 000,000,000 | ---D | C] SecuROM -> C:\Users\owner\AppData\Roaming\SecuROM -> [2011/01/27 05:06:56 | 000,000,000 | RH-D | C] InstallShield -> C:\ProgramData\InstallShield -> [2011/01/27 05:06:20 | 000,000,000 | ---D | C] ISUSPM.cpl -> C:\Windows\SysWow64\ISUSPM.cpl -> [2011/01/27 04:45:54 | 000,073,728 | ---- | C] (Macrovision Corporation) THQ -> C:\Program Files (x86)\THQ -> [2011/01/27 04:45:54 | 000,000,000 | ---D | C] InstallShield -> C:\Users\owner\AppData\Roaming\InstallShield -> [2011/01/27 04:45:21 | 000,000,000 | ---D | C] d3dx9_32.dll -> C:\Windows\SysWow64\d3dx9_32.dll -> [2011/01/27 04:18:36 | 003,426,072 | ---- | C] (Microsoft Corporation) Keyboard And Mouse Driver -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keyboard And Mouse Driver -> [2011/01/27 04:04:29 | 000,000,000 | ---D | C] Keyboard & Mouse Driver -> C:\Program Files (x86)\Keyboard & Mouse Driver -> [2011/01/27 04:04:27 | 000,000,000 | ---D | C] music -> C:\Users\owner\Desktop\music -> [2011/01/24 20:42:51 | 000,000,000 | ---D | C] Minidump -> C:\Windows\Minidump -> [2011/01/24 17:48:09 | 000,000,000 | ---D | C] PC_Gear_EN_Generic -> C:\Program Files (x86)\PC_Gear_EN_Generic -> [2011/01/22 18:35:52 | 000,000,000 | ---D | C] x3_Codec 1.5.0.0 -> C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x3_Codec 1.5.0.0 -> [2011/01/22 18:35:48 | 000,000,000 | ---D | C] x3_Codec -> C:\Program Files (x86)\x3_Codec -> [2011/01/22 18:35:47 | 000,000,000 | ---D | C] 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> [Files/Folders - Modified Within 30 Days] OTS.exe -> C:\Users\owner\Desktop\OTS.exe -> [2011/02/19 18:26:06 | 000,642,560 | ---- | M] (OldTimer Tools) GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/02/19 18:24:05 | 000,000,886 | ---- | M] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/02/19 18:03:47 | 000,000,882 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011/02/19 18:03:22 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/02/19 18:03:18 | 2211,307,520 | -HS- | M] () Webroot AntiVirus with Spy Sweeper.lnk -> C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2011/02/18 17:44:30 | 000,002,289 | ---- | M] () iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/02/15 23:05:05 | 000,001,785 | ---- | M] () QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2011/02/15 16:20:26 | 000,001,847 | ---- | M] () facebook-pic00320123561.exe -> C:\Users\owner\Desktop\facebook-pic00320123561.exe -> [2011/02/14 13:57:46 | 000,094,208 | RHS- | M] () VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2011/02/09 19:46:35 | 000,001,068 | ---- | M] () µTorrent.lnk -> C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> [2011/02/05 22:39:33 | 000,000,969 | ---- | M] () µTorrent.lnk -> C:\Users\Public\Desktop\µTorrent.lnk -> [2011/02/05 22:39:33 | 000,000,945 | ---- | M] () rent_agreement_a[1].doc -> C:\Users\owner\Documents\rent_agreement_a[1].doc -> [2011/01/29 17:39:22 | 000,052,224 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/01/28 19:48:51 | 000,743,534 | ---- | M] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/01/24 17:48:01 | 353,711,566 | ---- | M] () x3_Codec.lnk -> C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\x3_Codec.lnk -> [2011/01/22 18:35:48 | 000,000,830 | ---- | M] () 243 C:\Users\owner\AppData\Local\Temp\*.tmp files -> C:\Users\owner\AppData\Local\Temp\*.tmp -> 243 C:\Users\owner\AppData\Local\Temp\*.tmp files -> C:\Users\owner\AppData\Local\Temp\*.tmp -> 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> [Files - No Company Name] Windows Live ID.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk -> [2011/02/19 18:08:07 | 000,001,340 | ---- | C] () wrLZMA.dll -> C:\Windows\SysWow64\wrLZMA.dll -> [2011/02/18 17:46:36 | 000,030,424 | ---- | C] () Webroot AntiVirus with Spy Sweeper.lnk -> C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2011/02/18 17:44:30 | 000,002,289 | ---- | C] () iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/02/15 23:05:05 | 000,001,785 | ---- | C] () QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2011/02/15 16:20:26 | 000,001,847 | ---- | C] () Apple Software Update.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> [2011/02/15 16:19:20 | 000,002,519 | ---- | C] () facebook-pic00320123561.exe -> C:\Users\owner\Desktop\facebook-pic00320123561.exe -> [2011/02/14 13:57:42 | 000,094,208 | RHS- | C] () VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2011/02/09 19:46:35 | 000,001,068 | ---- | C] () µTorrent.lnk -> C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> [2011/02/05 22:38:22 | 000,000,969 | ---- | C] () µTorrent.lnk -> C:\Users\Public\Desktop\µTorrent.lnk -> [2011/02/05 22:38:22 | 000,000,945 | ---- | C] () rent_agreement_a[1].doc -> C:\Users\owner\Documents\rent_agreement_a[1].doc -> [2011/01/28 02:56:33 | 000,052,224 | ---- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/01/28 02:33:13 | 000,743,534 | ---- | C] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/01/24 17:48:01 | 353,711,566 | ---- | C] () x3_Codec.lnk -> C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\x3_Codec.lnk -> [2011/01/22 18:35:48 | 000,000,830 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/01/18 00:01:23 | 000,003,584 | ---- | C] () WirelessCard.INI -> C:\Windows\WirelessCard.INI -> [2011/01/02 10:04:14 | 000,003,661 | ---- | C] () ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2010/12/15 22:21:43 | 000,000,056 | -H-- | C] () Prelaunch.ini -> C:\Windows\Prelaunch.ini -> [2010/10/29 06:38:19 | 000,000,325 | ---- | C] () WisPriority.ini -> C:\Windows\WisPriority.ini -> [2010/10/29 06:38:19 | 000,000,271 | ---- | C] () DELL_LANGCODE.ini -> C:\Windows\DELL_LANGCODE.ini -> [2010/10/29 06:38:19 | 000,000,035 | ---- | C] () DELL_OSTYPE.ini -> C:\Windows\DELL_OSTYPE.ini -> [2010/10/29 06:38:19 | 000,000,033 | ---- | C] () WisHWDest.ini -> C:\Windows\WisHWDest.ini -> [2010/10/29 06:38:19 | 000,000,032 | ---- | C] () WisLangCode.ini -> C:\Windows\WisLangCode.ini -> [2010/10/29 06:38:19 | 000,000,028 | ---- | C] () WisSysInfo.ini -> C:\Windows\WisSysInfo.ini -> [2010/10/29 06:38:19 | 000,000,023 | ---- | C] () xlive.dll.cat -> C:\Windows\SysWow64\xlive.dll.cat -> [2010/10/14 09:36:44 | 000,179,263 | ---- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () [File - Lop Check] SoftGrid Client -> C:\Users\owner\AppData\Roaming\SoftGrid Client -> [2011/01/30 19:01:01 | 000,000,000 | ---D | M] TP -> C:\Users\owner\AppData\Roaming\TP -> [2011/01/28 02:34:14 | 000,000,000 | ---D | M] uTorrent -> C:\Users\owner\AppData\Roaming\uTorrent -> [2011/02/19 18:24:09 | 000,000,000 | ---D | M] SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/02/18 17:54:40 | 000,032,592 | ---- | M] () [File - Purity Scan] [Files/Folders - Unicode - All] C:\Users\owner\Desktop\?????? ???? -> C:\Users\owner\Desktop\תמונות שימי -> [2011/01/09 08:58:11 | 000,000,000 | ---D | C] C:\Users\owner\Desktop\?????? ???? -> C:\Users\owner\Desktop\תמונות שימי -> [2011/01/09 08:59:36 | 000,000,000 | ---D | M] < End of report > [/code]