[code] OTS logfile created on: 8/2/2011 1:53:30 AM - Run 2 OTS by OldTimer - Version 3.1.44.0 Folder = C:\Users\Preston\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 55.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 217.79 Gb Total Space | 183.89 Gb Free Space | 84.44% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 3.68 Gb Total Space | 2.14 Gb Free Space | 58.10% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SIRMAXX Current User Name: Preston Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Preston\Desktop\OTS.exe -> [2011/08/02 00:54:20 | 000,645,120 | ---- | M] (OldTimer Tools) avastui.exe -> C:\Program Files\AVAST Software\Avast\AvastUI.exe -> [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) avastsvc.exe -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) lmanager.exe -> C:\Program Files (x86)\Launch Manager\LManager.exe -> [2010/12/31 05:05:26 | 001,029,200 | ---- | M] (Dritek System Inc.) dsiwmis.exe -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2010/12/31 05:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) lmworker.exe -> C:\Program Files (x86)\Launch Manager\LMworker.exe -> [2010/12/31 05:05:26 | 000,289,360 | ---- | M] (Dritek System Inc.) clear.fiagent.exe -> C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe -> [2010/12/23 15:46:44 | 000,120,104 | ---- | M] (CyberLink Corp.) dmrengine.exe -> C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe -> [2010/12/23 15:46:40 | 000,181,632 | ---- | M] () ischedulesvc.exe -> C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -> [2010/11/11 18:21:52 | 000,257,344 | ---- | M] (NTI Corporation) backupmanagertray.exe -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -> [2010/11/11 18:21:36 | 000,296,768 | ---- | M] (NTI Corporation) suitetray.exe -> C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe -> [2010/09/27 20:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) pmmupdate.exe -> C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe -> [2010/09/17 17:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) egisupdate.exe -> C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -> [2010/09/17 17:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) sftvsa.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -> [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) sftlist.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -> [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) updaterservice.exe -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) gregsvc.exe -> C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -> [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Modules - Safe List] ots.exe -> C:\Users\Preston\Desktop\OTS.exe -> [2011/08/02 00:54:20 | 000,645,120 | ---- | M] (OldTimer Tools) guard32.dll -> C:\Windows\SysWOW64\guard32.dll -> [2011/07/05 17:45:52 | 000,285,256 | ---- | M] (COMODO) snxhk.dll -> C:\Program Files\AVAST Software\Avast\snxhk.dll -> [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) wpdshext.dll -> C:\Windows\SysWOW64\wpdshext.dll -> [2010/11/20 05:21:38 | 002,311,168 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll -> [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) gdiplus.dll -> C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll -> [2010/11/20 04:55:08 | 001,624,576 | ---- | M] (Microsoft Corporation) normaliz.dll -> C:\Windows\SysWOW64\normaliz.dll -> [2009/07/13 18:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(cmdAgent) [Auto | Running] -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -> [2011/07/05 17:41:26 | 002,528,096 | ---- | M] (COMODO) 64bit-(avast! Antivirus) [Auto | Running] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) 64bit-(!SASCORE) [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2011/05/04 10:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) 64bit-(CxAudMsg) [Auto | Running] -> C:\Windows\SysNative\CxAudMsg64.exe -> [2010/12/16 16:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) 64bit-(AMD FUEL Service) [Auto | Running] -> C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -> [2010/11/18 17:14:36 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) 64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2010/11/09 06:55:50 | 000,203,776 | ---- | M] (AMD) 64bit-(ePowerSvc) [Auto | Running] -> C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -> [2010/10/29 11:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) 64bit-(wlcrasvc) [Disabled | Stopped] -> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -> [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) 64bit-(AMD Reservation Manager) [Auto | Running] -> C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -> [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) 64bit-(Updater Service) [Auto | Running] -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) 64bit-(WinDefend) [Disabled | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) (AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2011/02/16 07:05:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) (DsiWMIService) Dritek WMI Service [Auto | Running] -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2010/12/31 05:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) (NTI IScheduleSvc) NTI IScheduleSvc [Auto | Running] -> C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -> [2010/11/11 18:21:52 | 000,257,344 | ---- | M] (NTI Corporation) (EgisTec Ticket Service) EgisTec Ticket Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -> [2010/09/27 19:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) (sftvsa) Application Virtualization Service Agent [On_Demand | Running] -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -> [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) (sftlist) Application Virtualization Client [Auto | Running] -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -> [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (GREGService) GREGService [Auto | Running] -> C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -> [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] 64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) 64bit-(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -> [2011/01/17 17:02:58 | 000,062,584 | ---- | M] (Egis Technology Inc.) 64bit-(mwlPSDFilter) mwlPSDFilter [File_System | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDFilter.sys -> [2011/01/17 17:02:58 | 000,022,912 | ---- | M] (Egis Technology Inc.) 64bit-(mwlPSDNServ) mwlPSDNServ [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDNserv.sys -> [2011/01/17 17:02:58 | 000,020,328 | ---- | M] (Egis Technology Inc.) 64bit-(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CHDRT64.sys -> [2011/01/11 00:01:32 | 001,495,680 | ---- | M] (Conexant Systems Inc.) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) 64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) 64bit-(AtiHDAudioService) ATI Function Driver for HD Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtihdW76.sys -> [2010/11/16 16:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) 64bit-(ETD) ELAN PS/2 Port Input Device [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ETD.sys -> [2010/11/11 23:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) 64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2010/11/09 07:34:04 | 008,013,312 | ---- | M] (ATI Technologies Inc.) 64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2010/11/09 06:18:54 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) 64bit-(L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\L1C62x64.sys -> [2010/09/27 00:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) 64bit-(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UBHelper.sys -> [2010/07/08 20:51:50 | 000,017,408 | ---- | M] (NTI Corporation) 64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2010/06/17 02:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) 64bit-(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\BCMWL664.SYS -> [2010/06/03 12:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) 64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2010/04/28 13:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) 64bit-(Sftvol) Sftvol [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftvollh.sys -> [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) 64bit-(Sftplay) Sftplay [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftplaylh.sys -> [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) 64bit-(Sftredir) Sftredir [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftredirlh.sys -> [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) 64bit-(Sftfs) Sftfs [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftfslh.sys -> [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) 64bit-(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NTIDrvr.sys -> [2010/04/19 19:35:14 | 000,018,432 | ---- | M] (NTI Corporation) 64bit-(amdiox64) AMD IO Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\amdiox64.sys -> [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) 64bit-(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -> [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 64bit-(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\saskutil64.sys -> [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 64bit-(RTL8187) Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\RTL8187.sys -> [2010/01/07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://acer.msn.com -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://acer.msn.com -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://acer.msn.com -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://acer.msn.com -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\] > -> -> HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\: Main\\"Default_Page_URL" -> http://acer.msn.com -> HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\: Main\\"Start Page" -> http://www.yahoo.com -> HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\: Main\\"Start Page Restore" -> http://www.mystart.com?pr=photopos2_0 -> HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\Preston\AppData\Roaming\Mozilla\FireFox\Profiles\zywd2fdt.default\prefs.js -> browser.startup.homepage -> "http://www.yahoo.com/" -> keyword.URL -> "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=" -> < FireFox Settings [User.js] > -> C:\Users\Preston\AppData\Roaming\Mozilla\FireFox\Profiles\zywd2fdt.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/07/06 03:33:42 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 5.0\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/06/23 17:00:02 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS -> < FireFox Extensions [User Folders] > -> -> C:\Users\Preston\AppData\Roaming\Mozilla\Extensions -> [2011/05/21 17:21:10 | 000,000,000 | ---D | M] -> C:\Users\Preston\AppData\Roaming\Mozilla\Firefox\Profiles\zywd2fdt.default\extensions -> [2011/07/09 13:37:20 | 000,000,000 | ---D | M] WOT -> C:\Users\Preston\AppData\Roaming\Mozilla\Firefox\Profiles\zywd2fdt.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2011/07/09 13:37:20 | 000,000,000 | ---D | M] < FireFox SearchPlugins [User Folders] > -> bing-zugo.xml -> C:\Users\Preston\AppData\Roaming\Mozilla\Firefox\Profiles\zywd2fdt.default\searchplugins\bing-zugo.xml -> [2011/06/02 15:15:10 | 000,001,919 | ---- | M] () < FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2011/05/21 17:20:30 | 000,000,000 | ---D | M] No name found -> -> File not found < HOSTS File > ([2009/06/10 14:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [avast! WebRep] -> [2011/07/04 04:43:43 | 000,978,496 | ---- | M] (AVAST Software) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} [HKLM] -> C:\Program Files (x86)\PhotoposComTbr\PhotoposComTbrLib.dll [PhotoPos Toolbar] -> [2009/09/30 08:33:54 | 000,091,584 | ---- | M] () {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/07/04 04:43:50 | 000,820,864 | ---- | M] (AVAST Software) {9D425283-D487-4337-BAB6-AB8354A81457} [HKLM] -> C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll [Search Toolbar] -> [2010/04/08 07:52:20 | 000,271,024 | ---- | M] () < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [avast! WebRep] -> [2011/07/04 04:43:43 | 000,978,496 | ---- | M] (AVAST Software) "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}" [HKLM] -> C:\Program Files (x86)\PhotoposComTbr\PhotoposComTbrLib.dll [PhotoPos Toolbar] -> [2009/09/30 08:33:54 | 000,091,584 | ---- | M] () "{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/07/04 04:43:50 | 000,820,864 | ---- | M] (AVAST Software) "{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll [Search Toolbar] -> [2010/04/08 07:52:20 | 000,271,024 | ---- | M] () "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\] > -> HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Acer ePower Management" -> C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe] -> [2010/10/29 11:22:14 | 000,860,040 | ---- | M] (Acer Incorporated) "COMODO Internet Security" -> C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ["C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h] -> [2011/07/05 17:42:12 | 009,048,392 | ---- | M] (COMODO) "ETDCtrl" -> C:\Program Files\Elantech\ETDCtrl.exe [%ProgramFiles%\Elantech\ETDCtrl.exe] -> [2010/11/11 23:23:46 | 002,588,968 | ---- | M] (ELAN Microelectronics Corp.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) "BackupManagerTray" -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe ["C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k] -> [2010/11/11 18:21:36 | 000,296,768 | ---- | M] (NTI Corporation) "EgisTecPMMUpdate" -> C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe ["C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"] -> [2010/09/17 17:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) "EgisUpdate" -> C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe ["C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d] -> [2010/09/17 17:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) "LManager" -> C:\Program Files (x86)\Launch Manager\LManager.exe [C:\Program Files (x86)\Launch Manager\LManager.exe] -> [2010/12/31 05:05:26 | 001,029,200 | ---- | M] (Dritek System Inc.) "MDS_Menu" -> C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"] -> [2009/05/19 23:16:16 | 000,222,504 | ---- | M] (CyberLink Corp.) "StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2010/11/18 16:55:44 | 000,336,384 | ---- | M] (Advanced Micro Devices, Inc.) "SuiteTray" -> C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe ["C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"] -> [2010/09/27 20:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 05:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 05:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\] > -> HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2011/07/02 22:53:49 | 002,988,928 | ---- | M] (SUPERAntiSpyware.com) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found \\"NoActiveDesktopChanges" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found \\"PromptOnSecureDesktop" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {7578ADEA-D65F-4C89-A249-B1C88B6FFC20}:Exec [HKLM] -> C:\Program Files (x86)\ICQ7.5\ICQ.exe [Button: ICQ7.5] -> [2011/07/28 12:03:18 | 000,124,216 | ---- | M] (ICQ, LLC.) {7578ADEA-D65F-4C89-A249-B1C88B6FFC20}:Exec [HKLM] -> C:\Program Files (x86)\ICQ7.5\ICQ.exe [Menu: ICQ7.5] -> [2011/07/28 12:03:18 | 000,124,216 | ---- | M] (ICQ, LLC.) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\] > -> HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\] > -> HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 68.94.156.1 68.94.157.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {5D09B8CA-6E28-4D6C-8228-123D47F4A0F5}\\DhcpNameServer -> 68.94.156.1 68.94.157.1 (Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter) -> {FC97EE8F-4F9D-4814-8578-8F79DA5F1A19}\\DhcpNameServer -> 68.94.156.1 206.13.28.12 (Broadcom 802.11n Network Adapter) -> < 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\Windows\system32\guard64.dll -> C:\Windows\SysNative\guard64.dll -> [2011/07/05 17:45:53 | 000,363,560 | ---- | M] (COMODO) *MultiFile Done* -> -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\Windows\SysWOW64\guard32.dll -> C:\Windows\SysWOW64\guard32.dll -> [2011/07/05 17:45:52 | 000,285,256 | ---- | M] (COMODO) *MultiFile Done* -> -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 18:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {0B27729A-4655-4AF7-BB37-531D18CBED7A} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {1FBE5258-7692-4FF5-A33E-83DE12EAEA00} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {2072311F-6B78-4A2D-98B3-45A048B4F394} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {3A1B5006-C419-4EB8-B789-FE2B9E5AF6BF} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {3F606FC1-0956-46BC-BDD8-04E619E27A32} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {4B3CE70F-2415-4BD7-B315-DE9B218DAC35} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {4E4F884C-ECBB-4199-BE24-3D410D575F01} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {6131CEC8-9D5E-4CE0-BB56-8294171194EA} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {6270FFB4-4C74-4874-9951-963B5E555218} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {6DCB1249-CC0E-4E66-91A2-FF039359C676} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | {74403A8C-7358-4596-A180-8C4545F33D67} -> lport=808 | protocol=6 | dir=in | action=allow | name=@c:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelevents.dll,-2000 | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | svc=nettcpactivator | {78E11E0A-9D02-4AC8-8B63-81482982EAF7} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {7E6C4BDC-C6A9-4BC5-9835-DEF26A4246EF} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {859CF8C3-48EF-4A6C-B6A6-4F763C741E35} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {909E8F2E-2CCC-49A1-8575-63B96D3C66C7} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {999679D2-33C3-40CF-B0D1-57A1843E2354} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {AEAC2CB5-E7EA-4CA7-B284-2E89BF21F35E} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {C7537E32-1013-4AF4-89B7-38C4C3E71B09} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {D401F778-4F3E-4335-A5BF-11AFB68F8AEC} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {DD9E3DAB-9AF5-4BC0-96F1-AE942A335D85} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {E4932879-89EC-4870-A1AD-60D2F5EFFBC0} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {ED752A9B-1332-4943-ABCE-3B40C7BE4B67} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {F6E94F78-EEB0-4ED1-81B8-DCB7C1478211} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | {F897C4DE-6F93-4BA5-9638-0231C75B1E15} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {03D3DAD8-8C8F-43BC-AAFF-2FFE2D9848D9} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {1852BD18-1A3F-44A5-B6F8-9A864BEDC36D} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | {208F422B-C0F4-45C3-B58E-8530A54E5F69} -> profile=private | dir=in | action=allow | name=clear.fi dmrengine | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | {20E70CB0-A9A0-485C-BC09-8BB392B6E13D} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {34A7E65C-9C18-4B3D-9307-FDCDCFE8759E} -> protocol=17 | dir=in | action=allow | name=bittorrent (udp-in) | app=c:\program files (x86)\bittorrent\bittorrent.exe | {38BB4185-4800-4EB0-A90C-438AA69424E5} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {4DAE2581-04CE-47F9-B2E1-F1757BD1D678} -> dir=in | action=allow | name=windows live mesh | app=c:\program files (x86)\windows live\mesh\moe.exe | {4E07C3DE-13D9-4EDB-B425-372E1AC24BAE} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {53839279-53EE-4C0D-B130-90E9340A7E8D} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {5467784F-9108-46BB-96D1-5126A32D2098} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {62583AC2-B0C8-4193-8953-DC2D6DCDEF22} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {6F30551C-CCED-4E38-9295-BF197057D614} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {77700232-E0C8-4762-85BD-6553DF6E6B3D} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {7835E5AB-C711-4119-81E3-D4D37E2B3C73} -> profile=public | dir=in | action=block | name=clear.fi dmrengine | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | {98E94EE7-D15F-4106-98F0-8B6A3B47E8D3} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {9A9FC11D-7922-4D50-922E-BB7ED4DF6A68} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {9B07C6EE-7AA5-49CF-8BD3-B00D54748CE6} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {9EA86EA8-4B8C-4C2C-AA2A-407546AD6AE0} -> dir=in | action=allow | name=clear.fi | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | {A3DD9E7E-D4BD-4662-BDF8-C7DA3B2D4921} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {AACA2460-F523-4969-92A1-0D4244A73F14} -> profile=domain | dir=in | action=allow | name=clear.fi dmrengine | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | {AE1040AC-6967-4C38-9729-9817E5957275} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {BDA829A0-D292-4619-B86E-F374FDD30D2D} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {C69977F8-9024-4690-B8C1-285BC5DEBA3D} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {C9BEE5E4-2CEF-43A8-8BF5-A1EC3DEB29E7} -> dir=in | action=allow | name=clear.fi medialibray service | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | {D22478F6-4993-4C21-A567-5C338FAC7FF1} -> dir=in | action=allow | name=clear.fi resident program | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | {D71C0828-FB3B-4376-88D5-5942772BB575} -> protocol=6 | dir=in | action=allow | name=bittorrent (tcp-in) | app=c:\program files (x86)\bittorrent\bittorrent.exe | {E38063E4-5F2F-4B37-A1F7-CDC9CEB8D15F} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {E4D6859F-6BD8-48D2-90E2-677D20E576E7} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {EE1E9467-E500-42D7-886E-C1959FB4A46E} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {FACF1C81-FD2C-491D-97DA-D35D227539D1} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [\SystemRoot\system32\drivers\cdrom.sys] -> File not found < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < 64bit-Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> ArcadeMovieService hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe -> [2010/12/09 23:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) BitTorrent hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\BitTorrent\BitTorrent.exe -> [2011/06/20 23:46:52 | 004,771,184 | ---- | M] (BitTorrent, Inc.) < 64bit-Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.l3acm" -> C:\Windows\SysNative\l3codeca.acm [C:\Windows\System32\l3codeca.acm] -> [2009/07/13 18:38:53 | 000,081,408 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) < Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.l3acm" -> C:\Windows\SysWow64\l3codecp.acm [l3codecp.acm] -> [2009/07/13 18:14:10 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "msacm.l3codecp" -> C:\Windows\SysWow64\l3codecp.acm [l3codecp.acm] -> [2009/07/13 18:14:10 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "vidc.cvid" -> C:\Windows\SysWow64\iccvid.dll [iccvid.dll] -> [2010/11/20 05:19:17 | 000,082,944 | ---- | M] (Radius Inc.) < 64bit-SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> !SASCORE -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2011/05/04 10:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices {D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices AppMgmt -> Service Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> Service MCODS -> Reg Error: Value error. NTDS -> 32bit -> File not found PCI Configuration -> Driver Group PNP Filter -> Driver Group Primary disk -> Driver Group sacsvr -> Service SCSI Class -> Driver Group System Bus Extender -> Driver Group TrustedInstaller -> 32bit -> File not found vmms -> Service WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> !SASCORE -> 64bit -> File not found {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices {D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices AppInfo -> 64bit -> File not found AppMgmt -> Service Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group DcomLaunch -> 64bit -> File not found EFS -> 64bit -> File not found EventLog -> 64bit -> File not found File system -> Driver Group Filter -> Driver Group HelpSvc -> Service KeyIso -> 64bit -> File not found MCODS -> Reg Error: Value error. Netlogon -> 64bit -> File not found NTDS -> 64bit -> File not found PCI Configuration -> Driver Group PlugPlay -> 64bit -> File not found PNP Filter -> Driver Group Power -> 64bit -> File not found Primary disk -> Driver Group ProfSvc -> 64bit -> File not found RpcEptMapper -> 64bit -> File not found RpcSs -> 64bit -> File not found sacsvr -> Service SCSI Class -> Driver Group sermouse.sys -> 64bit -> File not found SWPRV -> 64bit -> File not found System Bus Extender -> Driver Group TabletInputService -> 64bit -> File not found TBS -> 64bit -> File not found VDS -> 64bit -> File not found vga.sys -> 64bit -> File not found vgasave.sys -> 64bit -> File not found vmms -> Service volmgr.sys -> 64bit -> File not found volmgrx.sys -> 64bit -> File not found WinDefend -> 64bit -> File not found WinMgmt -> 64bit -> File not found WudfPf -> 64bit -> File not found WudfRd -> 64bit -> File not found WudfSvc -> 64bit -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* -> File not found 64bit-cmdfile [open] -> "%1" %* -> File not found 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found 64bit-htmlfile [print] -> rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" -> File not found 64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 18:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2009/07/13 18:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2009/07/13 18:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) 64bit-piffile [open] -> "%1" %* -> File not found 64bit-scrfile [config] -> "%1" -> File not found 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> File not found 64bit-scrfile [open] -> "%1" /S -> File not found 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found 64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2010/11/20 06:24:33 | 000,345,088 | ---- | M] (Microsoft Corporation) 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) 64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 18:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> htmlfile [print] -> rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" -> inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 18:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2010/11/20 05:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe -> [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 7/2/2011 1:30:13 AM Computer Name = sirMAXX | Source = Application Error | ID = 1000 -> Description = Faulting application name: GameConsole-wt.exe, version: 3.0.4870.0, time stamp: 0x4bb7c9b5 Faulting module name: GameConsole-wt.exe, version: 3.0.4870.0, time stamp: 0x4bb7c9b5 Exception code: 0xc0000005 Fault offset: 0x00026d7d Faulting process id: 0xd74 Faulting application start time: 0x01cc38790bcbb997 Faulting application path: C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsole-wt.exe Faulting module path: C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsole-wt.exe Report Id: 5bb42eed-a46c-11e0-82db-1c7508cdaedc Application [ Error ] 7/2/2011 4:13:53 AM Computer Name = sirMAXX | Source = VSS | ID = 8194 -> Description = Application [ Error ] 7/7/2011 11:30:11 PM Computer Name = sirMAXX | Source = Application Error | ID = 1000 -> Description = Faulting application name: Photo Pos Pro.exe, version: 1.8.0.5, time stamp: 0x4dda6c47 Faulting module name: MSVBVM60.DLL, version: 6.0.98.15, time stamp: 0x4a5bda6c Exception code: 0xc0000005 Fault offset: 0x0004c8b1 Faulting process id: 0x14b8 Faulting application start time: 0x01cc3d0b17750bee Faulting application path: C:\Program Files (x86)\Photo Pos Pro\Photo Pos Pro.exe Faulting module path: C:\Windows\system32\MSVBVM60.DLL Report Id: 95468cff-a912-11e0-9ccc-1c7508cdaedc Application [ Error ] 7/10/2011 12:03:19 AM Computer Name = sirMAXX | Source = Application Error | ID = 1000 -> Description = Faulting application name: Photo Pos Pro.exe, version: 1.8.0.5, time stamp: 0x4dda6c47 Faulting module name: MSVBVM60.DLL, version: 6.0.98.15, time stamp: 0x4a5bda6c Exception code: 0xc0000005 Fault offset: 0x0004ca08 Faulting process id: 0x95c Faulting application start time: 0x01cc3eab7192fa54 Faulting application path: C:\Program Files (x86)\Photo Pos Pro\Photo Pos Pro.exe Faulting module path: C:\Windows\system32\MSVBVM60.DLL Report Id: 8b9abd3f-aaa9-11e0-8da9-1c7508cdaedc Application [ Error ] 7/11/2011 4:19:24 PM Computer Name = sirMAXX | Source = RasClient | ID = 20227 -> Description = Application [ Error ] 7/11/2011 4:21:07 PM Computer Name = sirMAXX | Source = RasClient | ID = 20227 -> Description = Application [ Error ] 7/11/2011 11:53:55 PM Computer Name = sirMAXX | Source = CVHSVC | ID = 100 -> Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Application [ Error ] 7/13/2011 2:22:08 PM Computer Name = sirMAXX | Source = CVHSVC | ID = 100 -> Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved Application [ Error ] 7/14/2011 12:32:47 PM Computer Name = sirMAXX | Source = MsiInstaller | ID = 11935 -> Description = Application [ Error ] 7/14/2011 12:33:24 PM Computer Name = sirMAXX | Source = MsiInstaller | ID = 11935 -> Description = System [ Error ] 7/27/2011 3:40:41 AM Computer Name = sirMAXX | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 12:39:16 AM on ?7/?27/?2011 was unexpected. System [ Error ] 7/27/2011 3:40:49 AM Computer Name = sirMAXX | Source = BugCheck | ID = 1001 -> Description = System [ Error ] 7/27/2011 7:38:47 AM Computer Name = sirMAXX | Source = Disk | ID = 262155 -> Description = The driver detected a controller error on \Device\Harddisk1\DR1. System [ Error ] 7/28/2011 5:52:46 AM Computer Name = sirMAXX | Source = Disk | ID = 262155 -> Description = The driver detected a controller error on \Device\Harddisk1\DR1. System [ Error ] 7/28/2011 11:08:53 PM Computer Name = sirMAXX | Source = Disk | ID = 262155 -> Description = The driver detected a controller error on \Device\Harddisk1\DR1. System [ Error ] 7/29/2011 5:39:19 PM Computer Name = sirMAXX | Source = Disk | ID = 262155 -> Description = The driver detected a controller error on \Device\Harddisk1\DR1. System [ Error ] 8/1/2011 5:18:20 PM Computer Name = sirMAXX | Source = Disk | ID = 262155 -> Description = The driver detected a controller error on \Device\Harddisk1\DR1. System [ Error ] 8/2/2011 1:11:22 AM Computer Name = sirMAXX | Source = Disk | ID = 262155 -> Description = The driver detected a controller error on \Device\Harddisk1\DR1. System [ Error ] 8/2/2011 2:49:06 AM Computer Name = sirMAXX | Source = Disk | ID = 262155 -> Description = The driver detected a controller error on \Device\Harddisk1\DR1. System [ Error ] 8/2/2011 4:46:10 AM Computer Name = sirMAXX | Source = Disk | ID = 262155 -> Description = The driver detected a controller error on \Device\Harddisk1\DR1. [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Preston\Desktop\OTS.exe -> [2011/08/02 00:58:24 | 000,645,120 | ---- | C] (OldTimer Tools) HyperCam 2 -> C:\Users\Preston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 -> [2011/08/01 23:34:33 | 000,000,000 | ---D | C] HyperCam 2 -> C:\Program Files (x86)\HyperCam 2 -> [2011/08/01 23:22:41 | 000,000,000 | ---D | C] Digital Space Traveler -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Space Traveler -> [2011/07/28 20:07:36 | 000,000,000 | ---D | C] ICQ7.5 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 -> [2011/07/28 12:04:16 | 000,000,000 | ---D | C] ICQ -> C:\Users\Preston\AppData\Roaming\ICQ -> [2011/07/28 12:03:22 | 000,000,000 | ---D | C] ICQ7.5 -> C:\Program Files (x86)\ICQ7.5 -> [2011/07/28 12:03:14 | 000,000,000 | ---D | C] DSTrav -> C:\Program Files (x86)\DSTrav -> [2011/07/28 02:49:53 | 000,000,000 | ---D | C] bootdelete.exe -> C:\Windows\SysNative\bootdelete.exe -> [2011/07/28 01:14:47 | 000,012,872 | ---- | C] (SurfRight B.V.) {4DAAB0B0-71BC-45F7-99DC-BE3F6897B29E} -> C:\Users\Preston\AppData\Local\{4DAAB0B0-71BC-45F7-99DC-BE3F6897B29E} -> [2011/07/25 00:11:14 | 000,000,000 | ---D | C] mIRC -> C:\Users\Preston\AppData\Roaming\mIRC -> [2011/07/15 11:05:18 | 000,000,000 | ---D | C] mIRC -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC -> [2011/07/15 11:05:18 | 000,000,000 | ---D | C] mIRC -> C:\Program Files (x86)\mIRC -> [2011/07/15 11:05:16 | 000,000,000 | ---D | C] MSXML 4.0 -> C:\Program Files (x86)\MSXML 4.0 -> [2011/07/14 09:47:26 | 000,000,000 | ---D | C] KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2011/07/12 23:22:05 | 000,421,888 | ---- | C] (Microsoft Corporation) api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll -> [2011/07/12 23:22:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll -> [2011/07/12 23:22:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll -> [2011/07/12 23:22:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll -> [2011/07/12 23:22:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll -> [2011/07/12 23:22:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll -> [2011/07/12 23:22:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll -> [2011/07/12 23:22:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll -> [2011/07/12 23:22:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll -> [2011/07/12 23:22:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll -> [2011/07/12 23:22:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll -> [2011/07/12 23:22:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll -> [2011/07/12 23:22:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll -> [2011/07/12 23:22:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll -> [2011/07/12 23:22:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll -> [2011/07/12 23:22:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll -> [2011/07/12 23:22:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll -> [2011/07/12 23:21:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) usbport.sys -> C:\Windows\SysNative\drivers\usbport.sys -> [2011/07/12 23:21:55 | 000,325,120 | ---- | C] (Microsoft Corporation) usbd.sys -> C:\Windows\SysNative\drivers\usbd.sys -> [2011/07/12 23:21:54 | 000,007,936 | ---- | C] (Microsoft Corporation) esent.dll -> C:\Windows\SysNative\esent.dll -> [2011/07/12 23:21:36 | 002,565,632 | ---- | C] (Microsoft Corporation) fsutil.exe -> C:\Windows\SysNative\fsutil.exe -> [2011/07/12 23:21:36 | 000,096,768 | ---- | C] (Microsoft Corporation) esent.dll -> C:\Windows\SysWow64\esent.dll -> [2011/07/12 23:21:35 | 001,699,328 | ---- | C] (Microsoft Corporation) amdxata.sys -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/07/12 23:21:35 | 000,027,008 | ---- | C] (Advanced Micro Devices) fsutil.exe -> C:\Windows\SysWow64\fsutil.exe -> [2011/07/12 23:21:34 | 000,074,240 | ---- | C] (Microsoft Corporation) storport.sys -> C:\Windows\SysNative\drivers\storport.sys -> [2011/07/12 23:21:33 | 000,189,824 | ---- | C] (Microsoft Corporation) amdsata.sys -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/07/12 23:21:33 | 000,107,904 | ---- | C] (Advanced Micro Devices) kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2011/07/12 23:21:14 | 001,162,752 | ---- | C] (Microsoft Corporation) wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2011/07/12 23:21:14 | 000,362,496 | ---- | C] (Microsoft Corporation) conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2011/07/12 23:21:14 | 000,338,944 | ---- | C] (Microsoft Corporation) wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2011/07/12 23:21:13 | 000,243,200 | ---- | C] (Microsoft Corporation) winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2011/07/12 23:21:13 | 000,214,528 | ---- | C] (Microsoft Corporation) setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2011/07/12 23:21:13 | 000,025,600 | ---- | C] (Microsoft Corporation) ntvdm64.dll -> C:\Windows\SysNative\ntvdm64.dll -> [2011/07/12 23:21:13 | 000,016,384 | ---- | C] (Microsoft Corporation) ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2011/07/12 23:21:13 | 000,014,336 | ---- | C] (Microsoft Corporation) wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2011/07/12 23:21:13 | 000,013,312 | ---- | C] (Microsoft Corporation) instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2011/07/12 23:21:13 | 000,007,680 | ---- | C] (Microsoft Corporation) wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2011/07/12 23:21:13 | 000,005,120 | ---- | C] (Microsoft Corporation) user.exe -> C:\Windows\SysWow64\user.exe -> [2011/07/12 23:21:10 | 000,002,048 | ---- | C] (Microsoft Corporation) Microsoft Office Starter (English) -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) -> [2011/07/05 00:48:34 | 000,000,000 | ---D | C] VirtualizedApplications -> C:\ProgramData\VirtualizedApplications -> [2011/07/05 00:41:59 | 000,000,000 | ---D | C] MSOCache -> C:\MSOCache -> [2011/07/04 22:35:37 | 000,000,000 | RH-D | C] SoftGrid Client -> C:\Users\Preston\AppData\Local\SoftGrid Client -> [2011/07/04 22:30:22 | 000,000,000 | ---D | C] SoftGrid Client -> C:\Users\Preston\AppData\Roaming\SoftGrid Client -> [2011/07/04 22:30:21 | 000,000,000 | ---D | C] DESIGNER -> C:\Program Files (x86)\Common Files\DESIGNER -> [2011/07/04 22:28:45 | 000,000,000 | ---D | C] Microsoft Office -> C:\Program Files\Microsoft Office -> [2011/07/04 22:28:43 | 000,000,000 | ---D | C] Microsoft Application Virtualization Client -> C:\Program Files (x86)\Microsoft Application Virtualization Client -> [2011/07/04 22:28:42 | 000,000,000 | ---D | C] TP -> C:\Users\Preston\AppData\Roaming\TP -> [2011/07/04 22:28:11 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/08/02 01:56:05 | 000,009,696 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/08/02 01:56:05 | 000,009,696 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011/08/02 01:48:14 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/08/02 01:48:03 | 1392,693,248 | -HS- | M] () OTS.exe -> C:\Users\Preston\Desktop\OTS.exe -> [2011/08/02 00:54:20 | 000,645,120 | ---- | M] (OldTimer Tools) clip0001.avi -> C:\Users\Preston\Documents\clip0001.avi -> [2011/08/01 23:26:30 | 229,688,774 | ---- | M] () cc_20110801_222130.reg -> C:\Users\Preston\Documents\cc_20110801_222130.reg -> [2011/08/01 22:21:39 | 000,002,014 | ---- | M] () hitmanpro35.sys -> C:\Windows\SysNative\drivers\hitmanpro35.sys -> [2011/08/01 14:22:24 | 000,023,112 | ---- | M] () dstrav.ini -> C:\Windows\dstrav.ini -> [2011/07/29 14:28:50 | 000,001,506 | ---- | M] () mime.types -> C:\Windows\mime.types -> [2011/07/29 05:02:22 | 000,000,099 | ---- | M] () bootdelete.exe -> C:\Windows\SysNative\bootdelete.exe -> [2011/07/28 01:14:48 | 000,012,872 | ---- | M] (SurfRight B.V.) FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2011/07/28 00:19:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) cc_20110728_000133.reg -> C:\Users\Preston\Documents\cc_20110728_000133.reg -> [2011/07/28 00:01:50 | 000,006,102 | ---- | M] () config.nt -> C:\Windows\SysWow64\config.nt -> [2011/07/17 16:55:25 | 000,000,000 | ---- | M] () cc_20110714_135146.reg -> C:\Users\Preston\Documents\cc_20110714_135146.reg -> [2011/07/14 13:51:53 | 000,006,102 | ---- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/07/14 09:40:27 | 000,282,960 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/07/13 14:35:10 | 000,886,116 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/07/13 14:35:10 | 000,735,438 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/07/13 14:35:10 | 000,150,770 | ---- | M] () CO-SIGNER APP & AGREEMENT.pdf -> C:\Users\Preston\Documents\CO-SIGNER APP & AGREEMENT.pdf -> [2011/07/13 12:25:28 | 000,017,720 | ---- | M] () .crusader -> C:\Windows\SysNative\.crusader -> [2011/07/13 10:06:37 | 000,000,382 | ---- | M] () cc_20110709_194316.reg -> C:\Users\Preston\Documents\cc_20110709_194316.reg -> [2011/07/09 19:43:28 | 000,003,830 | ---- | M] () mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/07/06 03:01:45 | 000,902,812 | ---- | M] () guard64.dll -> C:\Windows\SysNative\guard64.dll -> [2011/07/05 17:45:53 | 000,363,560 | ---- | M] (COMODO) guard32.dll -> C:\Windows\SysWow64\guard32.dll -> [2011/07/05 17:45:52 | 000,285,256 | ---- | M] (COMODO) cmderd.sys -> C:\Windows\SysNative\drivers\cmderd.sys -> [2011/07/05 17:45:49 | 000,016,016 | ---- | M] (COMODO) avastSS.scr -> C:\Windows\avastSS.scr -> [2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) aswBoot.exe -> C:\Windows\SysNative\aswBoot.exe -> [2011/07/04 04:43:42 | 000,253,888 | ---- | M] (AVAST Software) aswSnx.sys -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2011/07/04 04:36:56 | 000,600,920 | ---- | M] (AVAST Software) aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2011/07/04 04:36:54 | 000,288,088 | ---- | M] (AVAST Software) aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2011/07/04 04:35:28 | 000,045,400 | ---- | M] (AVAST Software) aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2011/07/04 04:32:35 | 000,031,064 | ---- | M] (AVAST Software) aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2011/07/04 04:32:14 | 000,022,360 | ---- | M] (AVAST Software) 3 C:\Users\Preston\AppData\Local\Temp\*.tmp files -> C:\Users\Preston\AppData\Local\Temp\*.tmp -> [Files - No Company Name] clip0001.avi -> C:\Users\Preston\Documents\clip0001.avi -> [2011/08/01 23:23:51 | 229,688,774 | ---- | C] () cc_20110801_222130.reg -> C:\Users\Preston\Documents\cc_20110801_222130.reg -> [2011/08/01 22:21:36 | 000,002,014 | ---- | C] () mime.types -> C:\Windows\mime.types -> [2011/07/28 03:06:20 | 000,000,099 | ---- | C] () cc_20110728_000133.reg -> C:\Users\Preston\Documents\cc_20110728_000133.reg -> [2011/07/28 00:01:41 | 000,006,102 | ---- | C] () cc_20110714_135146.reg -> C:\Users\Preston\Documents\cc_20110714_135146.reg -> [2011/07/14 13:51:50 | 000,006,102 | ---- | C] () CO-SIGNER APP & AGREEMENT.pdf -> C:\Users\Preston\Documents\CO-SIGNER APP & AGREEMENT.pdf -> [2011/07/13 12:25:28 | 000,017,720 | ---- | C] () .crusader -> C:\Windows\SysNative\.crusader -> [2011/07/13 10:06:37 | 000,000,382 | ---- | C] () cc_20110709_194316.reg -> C:\Users\Preston\Documents\cc_20110709_194316.reg -> [2011/07/09 19:43:26 | 000,003,830 | ---- | C] () WSYS049.SYS -> C:\Windows\WSYS049.SYS -> [2011/06/02 15:03:51 | 000,000,098 | -HS- | C] () Photo Pos Pro Uninstaller.exe -> C:\Windows\Photo Pos Pro Uninstaller.exe -> [2011/05/31 01:58:05 | 000,212,985 | ---- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/05/28 23:43:41 | 000,902,812 | ---- | C] () nsreg.dat -> C:\Windows\nsreg.dat -> [2011/05/21 17:21:05 | 000,000,000 | ---- | C] () ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2011/02/16 06:57:50 | 000,000,000 | ---- | C] () atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2011/01/17 15:55:53 | 000,002,888 | ---- | C] () PosPrKpLib.dll -> C:\Windows\SysWow64\PosPrKpLib.dll -> [2010/04/06 03:10:15 | 000,225,411 | ---- | C] () PosTickerLib.dll -> C:\Windows\SysWow64\PosTickerLib.dll -> [2010/04/06 03:10:07 | 000,020,480 | ---- | C] () bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/13 22:38:36 | 000,067,584 | --S- | C] () NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 19:35:51 | 000,000,741 | ---- | C] () dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 19:34:42 | 000,215,943 | ---- | C] () mib.bin -> C:\Windows\mib.bin -> [2009/07/13 17:10:29 | 000,043,131 | ---- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 14:03:59 | 000,364,544 | ---- | C] () mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () OneWay.dll -> C:\Windows\SysWow64\OneWay.dll -> [2005/09/23 04:52:14 | 000,078,848 | ---- | C] () ologger2.exe -> C:\Windows\SysWow64\ologger2.exe -> [2003/04/05 01:08:15 | 000,376,161 | ---- | C] () ologger.exe -> C:\Windows\SysWow64\ologger.exe -> [2003/04/05 01:07:58 | 000,376,161 | ---- | C] () Olwcdec.dll -> C:\Windows\SysWow64\Olwcdec.dll -> [2003/03/25 09:38:48 | 000,039,424 | ---- | C] () olsdk2.dll -> C:\Windows\SysWow64\olsdk2.dll -> [2003/03/25 09:38:22 | 000,039,936 | ---- | C] () olrpc2.dll -> C:\Windows\SysWow64\olrpc2.dll -> [2003/03/25 09:38:07 | 000,009,216 | ---- | C] () OLRPC.DLL -> C:\Windows\SysWow64\OLRPC.DLL -> [2003/03/25 09:37:49 | 000,009,216 | ---- | C] () dstrav.ini -> C:\Windows\dstrav.ini -> [2003/03/24 20:34:00 | 000,001,506 | ---- | C] () Olcodec.dll -> C:\Windows\SysWow64\Olcodec.dll -> [2003/03/20 23:32:49 | 000,084,992 | ---- | C] () OLSBMIX.DLL -> C:\Windows\SysWow64\OLSBMIX.DLL -> [2003/03/20 23:32:49 | 000,023,040 | ---- | C] () 1Way.dll -> C:\Windows\SysWow64\1Way.dll -> [2002/06/02 07:05:40 | 000,038,912 | ---- | C] () [File - Lop Check] BitTorrent -> C:\Users\Preston\AppData\Roaming\BitTorrent -> [2011/07/09 19:42:01 | 000,000,000 | ---D | M] Blender Foundation -> C:\Users\Preston\AppData\Roaming\Blender Foundation -> [2011/05/31 02:03:59 | 000,000,000 | ---D | M] ICQ -> C:\Users\Preston\AppData\Roaming\ICQ -> [2011/07/28 15:29:06 | 000,000,000 | ---D | M] IMSIDesign -> C:\Users\Preston\AppData\Roaming\IMSIDesign -> [2011/05/31 02:20:04 | 000,000,000 | ---D | M] IrfanView -> C:\Users\Preston\AppData\Roaming\IrfanView -> [2011/05/31 01:49:50 | 000,000,000 | ---D | M] Mael -> C:\Users\Preston\AppData\Roaming\Mael -> [2011/06/02 14:54:37 | 000,000,000 | ---D | M] Notepad++ -> C:\Users\Preston\AppData\Roaming\Notepad++ -> [2011/05/29 18:45:05 | 000,000,000 | ---D | M] PE Explorer -> C:\Users\Preston\AppData\Roaming\PE Explorer -> [2011/05/28 01:47:12 | 000,000,000 | ---D | M] Photopos -> C:\Users\Preston\AppData\Roaming\Photopos -> [2011/05/31 01:58:11 | 000,000,000 | ---D | M] PowerCinema -> C:\Users\Preston\AppData\Roaming\PowerCinema -> [2011/05/24 22:09:49 | 000,000,000 | ---D | M] SoftGrid Client -> C:\Users\Preston\AppData\Roaming\SoftGrid Client -> [2011/07/14 16:45:03 | 000,000,000 | ---D | M] TP -> C:\Users\Preston\AppData\Roaming\TP -> [2011/07/04 22:30:39 | 000,000,000 | ---D | M] WildTangent -> C:\Users\Preston\AppData\Roaming\WildTangent -> [2011/07/01 22:37:13 | 000,000,000 | ---D | M] SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/07/06 03:36:29 | 000,032,602 | ---- | M] () [Custom Scans] < %SYSTEMDRIVE%\*.exe > < MD5 Scans Start> < %systemdrive%\EXPLORER.EXE /md5 /s > explorer.exe : MD5=0FB9C74046656D1579A64660AD67B746 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe -> [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=332FEAB1435662FC6C672E25BEB37BE3 -> C:\Windows\explorer.exe -> [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=332FEAB1435662FC6C672E25BEB37BE3 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe -> [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=3B69712041F3D63605529BD66DC00C48 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe -> [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=40D777B7A95E00593EB1568C68514493 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe -> [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=8B88EBBB05A0E56B7DCC708498C02B3E -> C:\Windows\SysWOW64\explorer.exe -> [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=8B88EBBB05A0E56B7DCC708498C02B3E -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe -> [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) explorer.exe : MD5=AC4C51EB24AA95B77F705AB159189E24 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe -> [2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) < %systemdrive%\SVCHOST.EXE /md5 /s > svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\SysWOW64\svchost.exe -> [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe -> [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) svchost.exe : MD5=C78655BC80301D76ED4FEF1C1EA40A7D -> C:\Windows\SysNative\svchost.exe -> [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) svchost.exe : MD5=C78655BC80301D76ED4FEF1C1EA40A7D -> C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe -> [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) < %systemdrive%\USERINIT.EXE /md5 /s > userinit.exe : MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) userinit.exe : MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe -> [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) userinit.exe : MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) userinit.exe : MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -> C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe -> [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) < %systemdrive%\VOLSNAP.INF /md5 /s > volsnap.inf : MD5=593691C1DC069091778C2FD849031976 -> C:\Windows\inf\volsnap.inf -> [2009/07/13 22:31:48 | 000,001,686 | ---- | M] () volsnap.inf : MD5=593691C1DC069091778C2FD849031976 -> C:\Windows\SysNative\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.inf -> [2009/07/13 13:17:30 | 000,001,686 | ---- | M] () volsnap.inf : MD5=593691C1DC069091778C2FD849031976 -> C:\Windows\winsxs\amd64_volsnap.inf_31bf3856ad364e35_6.1.7600.16385_none_c994a0d049937743\volsnap.inf -> [2009/07/13 13:17:30 | 000,001,686 | ---- | M] () < %systemdrive%\VOLSNAP.INF_LOC /md5 /s > volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\SysNative\DriverStore\en-US\volsnap.inf_loc -> [2009/07/13 19:28:02 | 000,000,198 | ---- | M] () volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\winsxs\amd64_volsnap.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6f581c9c9aef0771\volsnap.inf_loc -> [2009/07/13 19:28:02 | 000,000,198 | ---- | M] () < %systemdrive%\VOLSNAP.PNF /md5 /s > volsnap.PNF : MD5=54353746A0A6B4B9AC86EB7C43F16D0F -> C:\Windows\inf\volsnap.PNF -> [2011/05/21 16:55:31 | 000,005,120 | ---- | M] () volsnap.PNF : MD5=EAD92392723316801433419E3B0F4B32 -> C:\Windows\SysNative\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.PNF -> [2011/05/21 16:55:31 | 000,005,120 | ---- | M] () < %systemdrive%\VOLSNAP.SYS /md5 /s > volsnap.sys : MD5=0D08D2F3B3FF84E433346669B5E0F639 -> C:\Windows\SysNative\drivers\volsnap.sys -> [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) volsnap.sys : MD5=0D08D2F3B3FF84E433346669B5E0F639 -> C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys -> [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) volsnap.sys : MD5=0D08D2F3B3FF84E433346669B5E0F639 -> C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys -> [2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) < %systemdrive%\VOLSNAP.SYS.MUI /md5 /s > volsnap.sys.mui : MD5=308E04CFA8407B0C7099C9D40BC19023 -> C:\Windows\SysNative\drivers\en-US\volsnap.sys.mui -> [2009/07/13 19:28:14 | 000,023,552 | ---- | M] (Microsoft Corporation) volsnap.sys.mui : MD5=308E04CFA8407B0C7099C9D40BC19023 -> C:\Windows\winsxs\amd64_volume.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d71b3bdfd9a663dc\volsnap.sys.mui -> [2009/07/13 19:28:14 | 000,023,552 | ---- | M] (Microsoft Corporation) < %systemdrive%\WINLOGON.EXE /md5 /s > winlogon.exe : MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -> C:\Windows\SysNative\winlogon.exe -> [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) winlogon.exe : MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe -> [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2011/06/23 17:00:00 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2011/06/23 17:00:00 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2011/06/23 17:00:00 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE] -> [2011/06/23 17:00:01 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2011/06/23 17:00:01 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2011/06/23 17:00:01 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\SysWow64\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/05/23 04:29:54 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\SysWow64\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/05/23 04:29:54 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\SysWow64\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/05/23 04:29:54 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2011/05/23 04:29:55 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\Program Files (x86)\Internet Explorer\iexplore.exe [C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE] -> [2011/05/23 04:29:55 | 000,748,336 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2011/06/23 17:00:00 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2011/06/23 17:00:00 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2011/06/23 17:00:00 | 000,712,976 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE] -> [2011/06/23 17:00:01 | 000,924,632 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2011/06/23 17:00:01 | 000,924,632 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2011/06/23 17:00:01 | 000,924,632 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\SysNative\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/05/23 04:29:52 | 000,089,088 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\SysNative\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/05/23 04:29:52 | 000,089,088 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\SysNative\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/05/23 04:29:52 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2011/05/23 04:29:55 | 000,748,336 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> -> HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\Program Files (x86)\Internet Explorer\iexplore.exe [C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE] -> [2011/05/23 04:29:55 | 000,748,336 | ---- | M] (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTS Restore Point [Files/Folders - Unicode - All] C:\Windows\SysNative\?3 -> C:\Windows\SysNative\ꌐ3 -> [2011/05/21 18:40:11 | 000,000,040 | ---- | C] () C:\Windows\SysNative\?3 -> C:\Windows\SysNative\ꌐ3 -> [2011/05/21 18:40:11 | 000,000,040 | ---- | M] () [Alternate Data Streams] @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:54FC943C @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:7EE134B6 < End of report > [/code]