WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Several Problems w/hjt and others

Started by Bryan A , Jun 03 2010 03:39 PM

This topic is locked

30 replies to this topic

#1 Bryan A

Authentic Member

Authentic Member
163 posts

Interests:Fantasy Football, Raising my Grand Kids, Chess, Golf and Basketball

Posted 03 June 2010 - 03:39 PM

When I ran the latest Mbam scan it stops at this point: c:windows\system32\NOISE.CHT and then everything locks up and I have to manually force a shut down. I've run it under administrator and regular user. When I ran it under safe mode w/networking the scan completed and found nothing, I rebooted and ran it again and got the NOISE.CHT result again.

I ran a HJT scan and it stopped first and displayed this : HJT-Denied write access to hosts file.
I am running Online Armor++ beta v4.00.050 for Win7 64x. I just installed this new version last night but it seemed to be working ok then. When I first logged on this morning OA++ asked for permission to allow
C:\windows\system32\OEM\NowintoDT.vbs. When I googled it it came up in Dutch and translated to unknown file. I scanned nowintoDT.vbs with mbam and mse and both came up clean.

This is all the info I can recall about the problem here is the hjt log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:48:11 AM, on 5/16/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files (x86)\Tall Emu\Online Armor\oaui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
c:\Windows\System32\oem\SetEvent.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Bryan\PSI\psi.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...28v1j5w45j1t539
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...28v1j5w45j1t539
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...28v1j5w45j1t539
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support....veX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.syste...ri_4.1.71.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{473F86ED-FB55-42E5-8A1F-9FC700C929D6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{473F86ED-FB55-42E5-8A1F-9FC700C929D6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{473F86ED-FB55-42E5-8A1F-9FC700C929D6}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Encrypting File System (EFS) (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files (x86)\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files (x86)\Tall Emu\Online Armor\oasrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12752 bytes

I'm using the OA++ for firewall and mse for malware and antivirus. the OA++ antivirus is compatable with mse and offers no conflicts. I have other scanners I use for on demand only. Since getting this new computer I have been struggling to learn the Win7 home premium and the 64x systems so please bear with me. Thanks much

Also, my mail in the hotmail account is now being opened before I open them, does anyone know anything about this type of problem? It has me very worried that my system is severely compromised.

Edited by Bryan A, 03 June 2010 - 04:32 PM.

Advertisements

Register to Remove

#2 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 03 June 2010 - 04:37 PM

Hello and welcome to the forums! My name is SweetTech, it's a pleasure to meet you.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running OTS

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans click the "Extras" button
In the custom scans section copy and paste in the following

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post the contents of the log in your next post.

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTS scan.
3. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Proud Graduate of the WTT Classroom

Posted Image

#3 Bryan A

Authentic Member

Authentic Member
163 posts

Interests:Fantasy Football, Raising my Grand Kids, Chess, Golf and Basketball

Posted 04 June 2010 - 12:19 AM

It isn't good news. The OTS scan also stopped in mid scan at this point: C:\Windows\system32\ntdll.dll in the scan and would go no further. I double checked that everything you asked for me to do was done in the order you asked. At this point I can only say that the computer is not working properly because of the halt in the scan. My questions are self evident, whats wrong? And how did it get to this point? I leave all up to you to decide what you need me to do next. I've never had this problem before, before I sent the original post to you I had disabled OA++ and had to manually enable the windows firewall, that has also never happened before, it has always come on automatically. Sorry for forgetting to mention in in my original post. With OA++ disabled the mbam scan still froze at the same spot, leading me to think that perhaps it was not related to the beta OA++.I re-enabled OA and still had the same problem, it was at that time that I asked for help from your site.

#4 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 04 June 2010 - 07:18 AM

Try running the OTS scan in Safe Mode.

Entering Safe Mode

Restart your computer.
As the computer starts to boot-up, Tap the F8 KEY repeatedly,
This will bring up a menu.
Use the Up and Down Arrow Keys to scroll to Safe Mode
Then press the Enter Key on your Keyboard
Go into your usual account

Proud Graduate of the WTT Classroom

Posted Image

#5 Bryan A

Authentic Member

Authentic Member
163 posts

Interests:Fantasy Football, Raising my Grand Kids, Chess, Golf and Basketball

Posted 04 June 2010 - 10:18 AM

Hello Sweetech, Here is the log file from the OTS scan run in safe mode. Just as mbam was able to complete its scan in safe mode so was OTS. Awaiting the next orders.

OTS logfile created on: 6/4/2010 9:06:20 AM - Run 2
OTS by OldTimer - Version 3.1.31.2	 Folder = C:\Users\Bryan\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.87 Gb Total Space | 597.07 Gb Free Space | 87.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FAMILY
Current User Name: Bryan
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Bryan\Desktop\OTS.exe -> [2010/06/04 08:47:32 | 000,640,000 | ---- | M] (OldTimer Tools)
 
[Modules - Safe List]
ots.exe -> C:\Users\Bryan\Desktop\OTS.exe -> [2010/06/04 08:47:32 | 000,640,000 | ---- | M] (OldTimer Tools)
comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(WatAdminSvc)  [Unknown | Stopped] -> C:\Windows\SysNative\Wat\WatAdminSvc.exe -> [2010/05/03 00:56:51 | 001,255,736 | ---- | M] (Microsoft Corporation)
64bit-(SbieSvc)  [Auto | Stopped] -> C:\Program Files\Sandboxie\SbieSvc.exe -> [2010/04/17 03:56:30 | 000,094,440 | ---- | M] (tzuk)
64bit-(MsMpSvc)  [Auto | Running] -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2009/12/09 20:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation)
64bit-(wlidsvc)  [Auto | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation)
64bit-(WwanSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wwansvc.dll -> [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation)
64bit-(WbioSrvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbiosrvc.dll -> [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation)
64bit-(Power)  [Auto | Running] -> C:\Windows\SysNative\umpo.dll -> [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation)
64bit-(Themes)  [Auto | Stopped] -> C:\Windows\SysNative\themeservice.dll -> [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation)
64bit-(sppuinotify)  [On_Demand | Stopped] -> C:\Windows\SysNative\sppuinotify.dll -> [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation)
64bit-(SensrSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\sensrsvc.dll -> [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation)
64bit-(PNRPsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)
64bit-(p2pimsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupProvider)  [On_Demand | Stopped] -> C:\Windows\SysNative\provsvc.dll -> [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation)
64bit-(RpcEptMapper)  [Unknown | Running] -> C:\Windows\SysNative\RpcEpMap.dll -> [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation)
64bit-(PNRPAutoReg)  [On_Demand | Stopped] -> C:\Windows\SysNative\pnrpauto.dll -> [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend)  [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupListener)  [On_Demand | Stopped] -> C:\Windows\SysNative\ListSvc.dll -> [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation)
64bit-(FontCache)  [On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation)
64bit-(Dhcp)  [Auto | Running] -> C:\Windows\SysNative\dhcpcore.dll -> [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation)
64bit-(defragsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\defragsvc.dll -> [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation)
64bit-(bthserv)  [Disabled | Stopped] -> C:\Windows\SysNative\bthserv.dll -> [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation)
64bit-(BDESVC)  [Unknown | Stopped] -> C:\Windows\SysNative\bdesvc.dll -> [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation)
64bit-(AxInstSV)  [On_Demand | Stopped] -> C:\Windows\SysNative\AxInstSv.dll -> [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation)
64bit-(AppIDSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\appidsvc.dll -> [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation)
64bit-(wbengine)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation)
64bit-(sppsvc)  [Auto | Stopped] -> C:\Windows\SysNative\sppsvc.exe -> [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation)
64bit-(Fax)  [On_Demand | Stopped] -> C:\Windows\SysNative\FXSSVC.exe -> [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation)
64bit-(Updater Service)  [Auto | Stopped] -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer)
64bit-(ForceWare Intelligent Application Manager (IAM))  [Auto | Stopped] -> C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -> [2009/04/19 08:34:48 | 000,625,184 | ---- | M] ()
64bit-(nSvcIp)  [Auto | Stopped] -> C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -> [2009/04/19 08:34:48 | 000,207,904 | ---- | M] ()
(GoogleDesktopManager-051210-111108) Google Desktop Manager 5.9.1005.12335 [On_Demand | Stopped] -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -> [2010/05/28 10:12:19 | 000,030,192 | ---- | M] (Google)
(SvcOnlineArmor) Online Armor [Auto | Stopped] -> C:\Program Files (x86)\Tall Emu\Online Armor\oasrv.exe -> [2010/05/27 07:06:46 | 003,522,320 | ---- | M] (Tall Emu)
(OAcat) Online Armor Helper Service [Auto | Stopped] -> C:\Program Files (x86)\Tall Emu\Online Armor\OAcat.exe -> [2010/05/27 07:06:46 | 001,278,736 | ---- | M] (Tall Emu)
(PnkBstrA) PnkBstrA [Auto | Stopped] -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2010/05/23 17:29:25 | 000,075,064 | ---- | M] ()
(fsssvc) Windows Live Family Safety Service [On_Demand | Stopped] -> C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -> [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -> [2010/04/16 16:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.)
(MWLService) MyWinLocker Service [Auto | Stopped] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -> [2009/09/10 06:42:46 | 000,305,448 | ---- | M] ()
(Greg_Service) GRegService [Auto | Stopped] -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated)
(Nero BackItUp Scheduler 4.0) Nero BackItUp Scheduler 4.0 [Disabled | Stopped] -> C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -> [2009/08/25 10:38:06 | 000,935,208 | ---- | M] (Nero AG)
(NTI IScheduleSvc) NTI IScheduleSvc [Auto | Stopped] -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -> [2009/08/12 15:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.)
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\Vss -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
(HomeGroupProvider) HomeGroup Provider [On_Demand | Stopped] -> C:\Windows\SysWOW64\provsvc.dll -> [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP Client [Auto | Running] -> C:\Windows\SysWOW64\dhcpcore.dll -> [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2009/07/13 13:30:11 | 000,061,056 | ---- | M] ()
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation)
(SeaPort) SeaPort [Auto | Stopped] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(PSI) PSI [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\psi_mf.sys -> [2010/05/28 04:04:52 | 000,017,456 | ---- | M] (Secunia)
64bit-(OAnet) OnlineArmor Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\OAnet.sys -> [2010/05/27 06:55:58 | 000,043,664 | ---- | M] (Tall Emu Pty Ltd)
64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation)
64bit-(SbieDrv) SbieDrv [Kernel | On_Demand | Stopped] -> C:\Program Files\Sandboxie\SbieDrv.sys -> [2010/04/17 03:56:26 | 000,134,760 | ---- | M] (tzuk)
64bit-(pwdrvio) pwdrvio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\pwdrvio.sys -> [2010/04/09 13:17:04 | 000,019,936 | ---- | M] ()
64bit-(pwdspio) pwdspio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\pwdspio.sys -> [2010/04/09 13:16:58 | 000,013,280 | ---- | M] ()
64bit-(hotcore3) hc3ServiceName [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\hotcore3.sys -> [2010/01/15 12:21:16 | 000,037,392 | ---- | M] (Paragon Software Group)
64bit-(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ksecpkg.sys -> [2009/12/11 03:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation)
64bit-(fvevol) Bitlocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\fvevol.sys -> [2009/09/25 23:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\hwpolicy.sys -> [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation)
64bit-(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fsdepends.sys -> [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wimmount.sys -> [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation)
64bit-(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vhdmp.sys -> [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation)
64bit-(vdrvroot) Microsoft Virtual Drive Enumerator Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\vdrvroot.sys -> [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\rdyboost.sys -> [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation)
64bit-(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pcw.sys -> [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation)
64bit-(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\cng.sys -> [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation)
64bit-(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpbus.sys -> [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation)
64bit-(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Stopped] -> C:\Windows\SysNative\drivers\RDPREFMP.sys -> [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation)
64bit-(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\agilevpn.sys -> [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation)
64bit-(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\wfplwf.sys -> [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation)
64bit-(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ndiscap.sys -> [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation)
64bit-(vwifibus) Virtual WiFi Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vwifibus.sys -> [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation)
64bit-(1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\1394ohci.sys -> [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation)
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2009/07/13 17:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation)
64bit-(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\umpass.sys -> [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation)
64bit-(WinUsb) WinUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\winusb.sys -> [2009/07/13 17:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation)
64bit-(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mshidkmdf.sys -> [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation)
64bit-(WudfPf) User Mode Driver Frameworks Platform Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\WUDFPf.sys -> [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation)
64bit-(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MTConfig.sys -> [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation)
64bit-(CompositeBus) Composite Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CompositeBus.sys -> [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation)
64bit-(Beep) Beep [Kernel | System | Running] -> C:\Windows\SysNative\drivers\beep.sys -> [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation)
64bit-(AppID) AppID Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\appid.sys -> [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation)
64bit-(scfilter) Smart card PnP Class Filter Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\scfilter.sys -> [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation)
64bit-(discache) System Attribute Cache [Kernel | System | Stopped] -> C:\Windows\SysNative\drivers\discache.sys -> [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation)
64bit-(HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hidbatt.sys -> [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation)
64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\CmBatt.sys -> [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation)
64bit-(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\acpipmi.sys -> [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdppm.sys -> [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation)
64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2009/06/26 00:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation)
64bit-(MEMSWEEP2) MEMSWEEP2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\3333.tmp -> [2009/06/18 12:54:10 | 000,006,144 | ---- | M] (Sophos Plc)
64bit-(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nvm62x64.sys -> [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(SaiNtBus) SaiNtBus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SaiBus.sys -> [2009/06/10 11:14:36 | 000,043,264 | ---- | M] (Saitek)
64bit-(SaiMini) SaiMini [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SaiMini.sys -> [2009/06/10 11:14:36 | 000,016,000 | ---- | M] (Saitek)
64bit-(SaiKF622) SaiKF622 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SaiKF622.sys -> [2009/06/02 15:08:50 | 000,140,800 | ---- | M] (Saitek)
64bit-(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Stopped] -> C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -> [2009/06/02 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDFilter) mwlPSDFilter [File_System | System | Stopped] -> C:\Windows\SysNative\drivers\mwlPSDFilter.sys -> [2009/06/02 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDNServ) mwlPSDNServ [Kernel | System | Stopped] -> C:\Windows\SysNative\drivers\mwlPSDNserv.sys -> [2009/06/02 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.)
64bit-(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NTIDrvr.sys -> [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.)
64bit-(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UBHelper.sys -> [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation)
64bit-(NVNET) NVIDIA nForce 10/100/1000 Mbps Ethernet  [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nvmf6264.sys -> [2009/04/29 22:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation)
(oahlpXX) Online Armor helper driver [Kernel | System | Stopped] -> C:\Windows\SysWOW64\drivers\oahlp64.sys -> [2010/05/27 07:06:52 | 000,051,440 | ---- | M] ()
(OADevice) OADriver [File_System | System | Stopped] -> C:\Windows\SysWOW64\drivers\OADriver.sys -> [2010/05/27 06:56:00 | 000,052,880 | ---- | M] ()
(OAmon) OAmon [Kernel | System | Running] -> C:\Windows\SysWOW64\drivers\OAmon.sys -> [2010/05/27 06:56:00 | 000,035,984 | ---- | M] (Tall Emu)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(WinUsb) WinUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\winusb.dll -> [2009/07/13 18:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation)
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> C:\Windows\SysWOW64\netbios.dll -> [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation)
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2009/06/10 14:28:14 | 000,001,088 | ---- | M] ()
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2009/06/10 14:15:18 | 000,003,066 | ---- | M] ()
(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Stopped] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDVdisk.sys -> [2009/06/02 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.)
(mwlPSDFilter) mwlPSDFilter [File_System | System | Stopped] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDFilter.sys -> [2009/06/02 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.)
(mwlPSDNServ) mwlPSDNServ [Kernel | System | Stopped] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDNServ.sys -> [2009/06/02 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x1301&r=17360510s707p0428v1j5w45j1t539 -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x1301&r=17360510s707p0428v1j5w45j1t539 -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x1301&r=17360510s707p0428v1j5w45j1t539 -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x1301&r=17360510s707p0428v1j5w45j1t539 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x1301&r=17360510s707p0428v1j5w45j1t539 -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: Main\\"Start Page" -> http://msn.com/ -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 20 33 D2 BE EF F5 CA 01  [binary data] -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2010/05/23 01:59:40 | 000,607,013 | ---- | M] - 16089 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  ads.active.com
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2010/04/28 08:57:50 | 000,132,456 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2009/08/18 12:50:40 | 000,532,336 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2010/05/24 13:52:28 | 000,371,312 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll [Google Toolbar Notifier BHO] -> [2010/05/25 00:20:25 | 000,322,104 | ---- | M] (Google Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2009/08/18 11:32:12 | 000,403,840 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/05/24 13:52:24 | 000,278,128 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [Google Toolbar Notifier BHO] -> [2010/05/25 00:20:25 | 000,814,648 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} [HKLM] -> C:\Program Files (x86)\WOT\WOT.dll [WOT Helper] -> [2010/03/03 13:21:18 | 001,301,664 | ---- | M] ()
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2010/04/16 19:55:34 | 001,067,872 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/05/24 13:52:28 | 000,371,312 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2010/04/16 19:55:34 | 001,067,872 | ---- | M] (Microsoft Corporation)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/05/24 13:52:24 | 000,278,128 | ---- | M] (Google Inc.)
"{71576546-354D-41c9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files (x86)\WOT\WOT.dll [WOT] -> [2010/03/03 13:21:18 | 001,301,664 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/05/24 13:52:28 | 000,371,312 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/05/24 13:52:24 | 000,278,128 | ---- | M] (Google Inc.)
WebBrowser\\"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files (x86)\WOT\WOT.dll [WOT] -> [2010/03/03 13:21:18 | 001,301,664 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/05/24 13:52:28 | 000,371,312 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/05/24 13:52:24 | 000,278,128 | ---- | M] (Google Inc.)
WebBrowser\\"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files (x86)\WOT\WOT.dll [WOT] -> [2010/03/03 13:21:18 | 001,301,664 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2010/04/16 19:55:34 | 001,067,872 | ---- | M] (Microsoft Corporation)
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/05/24 13:52:28 | 000,371,312 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/05/24 13:52:24 | 000,278,128 | ---- | M] (Google Inc.)
WebBrowser\\"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files (x86)\WOT\WOT.dll [WOT] -> [2010/03/03 13:21:18 | 001,301,664 | ---- | M] ()
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"@OnlineArmor GUI" -> C:\Program Files (x86)\Tall Emu\Online Armor\OAui.exe ["C:\Program Files (x86)\Tall Emu\Online Armor\OAui.exe"] -> [2010/05/27 07:06:46 | 006,788,368 | ---- | M] (Tall Emu)
"MSSE" -> c:\Program Files\Microsoft Security Essentials\msseces.exe ["c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey] -> [2010/02/21 05:08:48 | 001,446,496 | ---- | M] (Microsoft Corporation)
"OOTag" -> C:\Windows\OOBEOffer\OOBEOffer\OOTag.exe [C:\windows\oobeoffer\oobeoffer\ootag.exe] -> [2009/09/27 20:33:24 | 000,023,072 | ---- | M] (Microsoft)
"PLD_FrameworkRun" -> C:\Windows\SysNative\OEM\_NowIntoDT.vbs [c:\windows\system32\oem\_NowIntoDT.vbs] -> [2009/10/11 09:49:06 | 000,000,490 | ---- | M] ()
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s] -> [2010/04/06 17:59:40 | 010,144,288 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"BackupManagerTray" -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe ["C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k] -> [2009/08/12 14:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.)
"Google Desktop Search" -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2010/05/28 10:12:19 | 000,030,192 | ---- | M] (Google)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 18:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 18:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"msnmsgr" -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background] -> [2010/04/16 22:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation)
"OpenDNS Updater" -> C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ["C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart] -> [2009/11/16 12:58:38 | 000,839,168 | ---- | M] ()
"RESTART_STICKY_NOTES" -> C:\Windows\SysWOW64\StikyNot.exe [C:\Windows\System32\StikyNot.exe] -> [2010/05/07 01:41:26 | 000,000,000 | ---- | M] ()
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/10/27 23:10:50 | 000,039,408 | ---- | M] (Google Inc.)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
\\"EnableShellExecuteHooks" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"LogonHoursAction" ->  [2] -> File not found
\\"DontDisplayLogonHoursWarnings" ->  [1] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe [Button: PokerStars] -> [2010/05/02 23:59:59 | 000,562,968 | ---- | M] (PokerStars)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
localhost .[http] -> Local intranet -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
GD [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0742B9EF-8C83-41CA-BFBA-830A59E23533} [HKLM] -> https://oas.support.microsoft.com/ActiveX/MSDcode.cab [Microsoft Data Collection Control] -> 
{0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> http://www.pcpitstop.com/betapit/PCPitStop.CAB [PCPitstop Utility] -> 
{140E4DF8-9E14-4A34-9577-C77561ED7883} [HKLM] -> http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab [SysInfo Class] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab [BDSCANONLINE Control] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{784797A8-342D-4072-9486-03C8D0F2F0A1} [HKLM] -> https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab [Battlefield Heroes Updater] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 76.14.0.9 76.14.0.8 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{473F86ED-FB55-42E5-8A1F-9FC700C929D6}\\DhcpNameServer -> 76.14.0.9 76.14.0.8   (NVIDIA nForce 10/100/1000 Mbps Ethernet ) -> 
{473F86ED-FB55-42E5-8A1F-9FC700C929D6}\\NameServer -> 208.67.222.222,208.67.220.220   (NVIDIA nForce 10/100/1000 Mbps Ethernet ) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2010/05/28 10:12:19 | 000,123,392 | ---- | M] (Google)
*MultiFile Done* -> -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 18:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009/07/13 18:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
pku2u -> C:\Windows\SysNative\pku2u.dll -> [2009/07/13 18:41:53 | 000,240,640 | ---- | M] (Microsoft Corporation)
livessp -> C:\Windows\SysNative\livessp.dll -> [2009/08/18 12:48:02 | 000,243,056 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
pku2u -> C:\Windows\SysWow64\pku2u.dll -> [2009/07/13 18:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)
livessp -> C:\Windows\SysWow64\livessp.dll -> [2009/08/18 11:29:22 | 000,195,456 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{065ABD98-F5B7-4A5E-9F32-C470E8CFE382} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | 
{09C3AD09-2DE4-43FE-8960-6B5672570DFC} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{13661FAA-49B2-42E0-875A-599ED504E92F} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{1A52733A-27F1-497E-8319-75C23620B1F6} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
{1F6D207D-AAC9-4F8F-B7CB-24712CE1AF9B} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{1FD35719-8649-4DD6-95AC-0B62A9D193AB} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{531ED8DA-0EEC-426D-A57F-A60BEE904626} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{584774FE-733B-498A-B235-2CFA9EA05DFA} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{683C4E01-A4CC-41EC-9A81-2FF4A864D6EB} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{6D0D193C-12FB-48C1-AF5F-FB53BC34500B} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{6EC57AFE-CAF4-461B-B793-DE2BE4D5934E} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | 
{82314B2C-F18A-4E5E-838D-0381DFBC1A36} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{90F7B26B-35C5-4734-806D-62D2F1DA0CA0} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
{98318391-E3BE-4D8F-AA65-7A453BD3AD18} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | 
{9A8D74D3-7169-43E0-A350-6EB48B66E505} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{BC629E68-C9CD-47D1-BAFE-BD8F83BBE697} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{C058D27F-27BF-4BDB-B400-05627DE0B792} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{DDF5C05B-D1E0-4247-A25D-73B4661B82A2} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{DE6F0476-F00A-4AFE-9821-0C1504851E51} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
{E08385CC-CA86-4090-BB2E-486CC00A5E1F} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{E1FDE63C-4A1F-4CBF-B104-63EC256602A1} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{F5C7536A-A119-4B89-A912-D80700252437} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
{F80A712E-97E0-47DD-AE8D-D177F2ED184C} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{027F670E-DA28-4121-8644-C5BF657B9744} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{068EC1BA-5E90-4CEF-96F7-DD0FDE893812} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{0C114551-01ED-4C60-A695-1735D5AEF686} -> profile=private | protocol=17 | dir=in | action=allow | name=call of duty(r) 4 - modern warfare(tm) | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
{0EE68060-7537-4819-B2CA-3FFFA326A5C7} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{13B5C18E-46D6-4465-A5C6-CBD122BD9068} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{16B64EE6-7938-462E-940D-41A6339B55E6} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{1F6BB7AA-A4FF-4F07-AAF1-4144CC3AF382} -> profile=private | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{250FA4EE-2370-46AF-BB1C-EB2FFA5F6E0D} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{26D8E0C9-5B0A-4335-B5B9-79B6DEB80CF4} -> profile=private | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{2D76D381-BF79-4C06-8931-57204966F73E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | 
{31007B4D-5B6D-41DA-A744-041F0710615C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{3F22A01A-0239-41B2-B4CD-154E99EBF045} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{3F847FBD-B9E6-48ED-A80B-6FADA8072270} -> dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{4099F175-2B40-4EE1-85E2-9E5BCC740D8E} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{40FFECD8-227F-44A4-AD65-D72A018884D2} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{41DB31FE-5E40-48E5-B458-7F3B15F05559} -> profile=private | protocol=6 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{4E676CAA-E3F9-4A4B-BB8A-66DE14AEBD85} -> profile=private | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{4F57BEDE-EB17-47DB-A5DD-8EFD3677D025} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{552650BA-3692-4071-919D-CF2E79A7A027} -> protocol=58 | dir=in | action=allow | name=@iphlpsvc.dll,-502 | app=system | 
{5715D280-6046-4F27-9B89-583D23F9E8B0} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{5FC80437-14B8-4AF2-8DD6-55D937C3767F} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{60907F23-55BD-47D8-BE04-CEC4E2E6143F} -> profile=private | protocol=17 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{62ED010B-6F46-4A61-BC9B-A0273A0A8973} -> profile=private | protocol=6 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe | 
{6C613935-5B49-4398-95CB-A46500153830} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
{76AA9813-0155-4CF3-BE93-C071C283CBC6} -> profile=private | protocol=6 | dir=in | action=allow | name=call of duty(r) 4 - modern warfare(tm) | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
{780095B7-9AA0-42F3-9762-77EF830EEC50} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{8DEB4056-33BE-4031-806D-662922D8732B} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
{92D6D63C-55CD-4940-B2B3-25CFA19EB05B} -> profile=private | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{94BEE832-F459-4CEA-BF0E-98B1162925E7} -> profile=domain | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{B0D52ADF-9109-47DD-8707-0816E407040E} -> profile=private | protocol=17 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe | 
{B8AF4B8A-1A3B-48CF-AFB4-0AF70DAF3B12} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{BB9FDE1A-3F42-46D5-A98D-F01209D0C412} -> profile=domain | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{BD496999-4091-4EE5-8F34-1CD2A9F64BB2} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{BEE511C4-9B46-4C73-9DB7-41D04FC3A008} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{C384D863-4D35-484D-B8D7-4020E27DF58A} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{C698EEDD-0187-4CEA-8672-AFEB1DB1BE73} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{D242DAD3-E042-407C-8337-1DEE83881CB7} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{D3A41F92-4DBB-4688-8EE1-FF0EF37465E8} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{D7049399-E3D2-4408-B02A-AD514CF002E3} -> protocol=58 | dir=out | action=allow | name=@iphlpsvc.dll,-503 | 
{E36F2CDD-33F3-4109-80E1-33829E2112EA} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{F74540C2-915A-4ECD-BD14-F57B4F67B18C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{FC98856A-4506-4762-9F47-D018171FADC5} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
TCP Query User{2B945BB8-3587-4EDE-B535-E9795096314B}C:\nexon\combat arms\engine.exe -> profile=private | protocol=6 | dir=in | action=allow | name=combat arms | app=c:\nexon\combat arms\engine.exe | 
UDP Query User{53980D15-4C55-44F8-B758-126225D8901F}C:\nexon\combat arms\engine.exe -> profile=private | protocol=17 | dir=in | action=allow | name=combat arms | app=c:\nexon\combat arms\engine.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 16:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.cpl [@ = cplfile] -> C:\Windows\SysWow64\control.exe -> [2009/07/13 18:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)
.exe [@ = exefile] -> "%1" %* -> 
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Classes\<extension>\ -> 
.html [@ = ChromeHTML] -> C:\Users\Bryan\AppData\Local\Google\Chrome\Application\chrome.exe -> [2010/05/18 20:35:17 | 000,973,296 | ---- | M] (Google Inc.)
< 64bit-Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found
wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found
wot:{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKLM] -> C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> [2010/05/05 11:59:26 | 000,106,496 | ---- | M] (Belarc, Inc.)
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll[Reg Error: Value error.] -> [2010/04/16 22:12:18 | 000,061,264 | ---- | M] (Microsoft Corporation)
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll[Reg Error: Value error.] -> [2010/04/16 22:12:18 | 000,061,264 | ---- | M] (Microsoft Corporation)
wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll[Windows Live Mail HTML Asynchronous Pluggable Protocol Handler] -> [2010/04/16 22:12:12 | 000,795,472 | ---- | M] (Microsoft Corporation)
wot:{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} [HKLM] -> C:\Program Files (x86)\WOT\WOT.dll[WOT Protocol] -> [2010/03/03 13:21:18 | 001,301,664 | ---- | M] ()
< 64bit-Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"cval" ->  [1] -> File not found
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> -> 
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
\Svc\\"VistaSp1" ->  [28 4D B2 76 41 04 CA 01  [binary data]] -> File not found
\Svc\\"AntiVirusOverride" ->  [0] -> File not found
\Svc\\"AntiSpywareOverride" ->  [0] -> File not found
\Svc\\"FirewallOverride" ->  [0] -> File not found
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"DisableNotifications" ->  [0] -> File not found
\\"EnableFirewall" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
64bit-NameSpace_Catalog5\Catalog_Entries\000000000007 [WindowsLive NSP] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL -> [2009/08/18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation)
64bit-NameSpace_Catalog5\Catalog_Entries\000000000008 [WindowsLive Local NSP] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL -> [2009/08/18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation)
64bit-Protocol_Catalog9\Catalog_Entries\000000000001 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000002 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000003 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000004 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000005 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000006 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000017 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000018 -> C:\Windows\SysNative\nvLsp.dll -> File not found
NameSpace_Catalog5\Catalog_Entries\000000000007 [WindowsLive NSP] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL -> [2009/08/18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000008 [WindowsLive Local NSP] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL -> [2009/08/18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000001 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000002 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000003 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000004 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000005 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000006 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000017 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000018 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
ldap -> 4 = Restricted sites (Not a Default Protocol) -> 
news -> 4 = Restricted sites (Not a Default Protocol) -> 
nntp -> 4 = Restricted sites (Not a Default Protocol) -> 
oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 
snews -> 4 = Restricted sites (Not a Default Protocol) -> 
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
@ivt -> @ivt protocol not assigned -> 
file -> file protocol not assigned -> 
ftp -> ftp protocol not assigned -> 
http -> http protocol not assigned -> 
https -> https protocol not assigned -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
@ivt -> @ivt protocol not assigned -> 
file -> file protocol not assigned -> 
ftp -> ftp protocol not assigned -> 
http -> http protocol not assigned -> 
https -> https protocol not assigned -> 
shell -> shell protocol not assigned -> 
< 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{23170F69-40C1-2702-0913-000001000000} -> 7-Zip 9.13 (x64 edition)
{3D3E663D-4E7E-4577-A560-7ECDDD45548A} -> PVSonyDll
{47E5588F-C3A0-11DE-9857-005056C00008} -> Paragon Partition Manager™ 2010 Free Edition
{5AC309D7-93D6-418F-8DCA-DD710724A5B4} -> Windows Live Family Safety
{7CFA46E3-CC2F-4355-82AE-6012DC3633FD} -> NVIDIA ForceWare Network Access Manager
{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE} -> Eraser 6.0.7.1893
{90120000-002A-0000-1000-0000000FF1CE} -> Microsoft Office Office 64-bit Components 2007
{90120000-002A-0409-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit MUI (English) 2007
{90120000-0116-0409-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
{95120000-00B9-0409-1000-0000000FF1CE} -> Microsoft Application Error Reporting
{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D} -> Microsoft Security Essentials
{9B48B0AC-C813-4174-9042-476A887592C7} -> Windows Live ID Sign-in Assistant
{AB562530-921D-11DE-A208-005056C00008} -> Paragon Backup & Recovery™ 10.1 Free Edition
{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01} -> Microsoft Antimalware
Microsoft Security Essentials -> Microsoft Security Essentials
NVIDIA Display Control Panel -> NVIDIA Display Control Panel
NVIDIA Drivers -> NVIDIA Drivers
Recuva -> Recuva
Sandboxie -> Sandboxie 3.442 (64-bit)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{0b739e85-e796-499c-98fe-3be76860dfd0} -> Nero 9 Essentials
{15D967B5-A4BE-42AE-9E84-64CD062B25AA} -> eSobi v2
{178832DE-9DE0-4C87-9F82-9315A9B03985} -> Windows Live Writer
{18455581-E099-4BA8-BC6B-F34B2F06600C} -> Google Toolbar for Internet Explorer
{1BD07DF4-FB06-41BA-B896-B2DA59000C96} -> Windows Live Toolbar
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{20400dbd-e6db-45b8-9b6b-1dd7033818ec} -> Nero InfoTool Help
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{2348b586-c9ae-46ce-936c-a68e9426e214} -> Nero StartSmart Help
{26A24AE4-039D-4CA4-87B4-2F83216020FF} -> Java(TM) 6 Update 20
{287ECFA4-719A-2143-A09B-D6A12DE54E40} -> Acrobat.com
{30075A70-B5D2-440B-AFA3-FB2021740121} -> Backup Manager Advance
{3175E049-F9A9-4A3D-8F19-AC9FB04514D1} -> Windows Live Communications Platform
{33cf58f5-48d8-4575-83d6-96f574e4d83a} -> Nero DriveSpeed
{45A66726-69BC-466B-A7A4-12FCBA4883D7} -> HiJackThis
{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F} -> Windows Live Essentials
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} -> Microsoft Search Enhancement Pack
{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA} -> Nero StartSmart OEM
{56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml
{595a3116-40bb-4e0f-a2e8-d7951da56270} -> NeroExpress
{6412CECE-8172-4BE5-935B-6CECACD2CA87} -> Windows Live Mail
{67E03279-F703-408F-B4BF-46B5FC8D70CD} -> Microsoft Works
{68301905-2DEA-41CE-A4D4-E8B443B099BA} -> MyWinLocker
{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3} -> HostsMan 3.2.73
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{7748ac8c-18e3-43bb-959b-088faea16fb2} -> Nero StartSmart
{7F811A54-5A09-4579-90E1-C93498E230D9} -> Acer eRecovery Management
{83202942-84b3-4c50-8622-b8c0aa2d2885} -> Nero Express Help
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{869200db-287a-4dc0-b02b-2b6787fbcd4c} -> Nero DiscSpeed
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A74E887-8F0F-4017-AF53-CBA42211AAA5} -> Microsoft Sync Framework Runtime Native v1.0 (x86)
{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} -> Battlefield Heroes
{8E5233E1-7495-44FB-8DEB-4BE906D59619} -> Junk Mail filter update
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE} -> Microsoft Office Home and Student 2007
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{95120000-00AF-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (English)
{980A182F-E0A2-4A40-94C1-AE0C1235902E} -> Pando Media Booster
{9E1BAB75-EB78-440D-94C0-A3857BE2E733} -> System Requirements Lab
{9F479685-180E-4C05-9400-D59292A1B29C} -> Windows Live Movie Maker
{A54F806B-A2E1-4794-A7FE-365167EC67CB} -> Masque IGT Slots Little Green Men
{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D} -> ImagXpress
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1 -> Partition Wizard Home Edition 5.0
{AC76BA86-7AD7-1033-7B44-A93000000001} -> Adobe Reader 9.3.2
{B10914FD-8812-47A4-85A1-50FCDE7F1F33} -> Windows Live Sync
{B194272D-1F92-46DF-99EB-8D5CE91CB4EC} -> Adobe AIR
{b2ec4a38-b545-4a00-8214-13fe0e915e6d} -> Advertising Center
{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC} -> Windows Live Messenger
{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a} -> Nero ControlCenter
{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} -> Microsoft Sync Framework Services Native v1.0 (x86)
{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1} -> Norton Online Backup
{cc019e3f-59d2-4486-8d4b-878105b62a71} -> Nero DiscSpeed Help
{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31} -> Full Tilt Poker
{DB0BB9FA-1B60-4036-8E29-3D56D8085256} -> WOT for Internet Explorer
{dba84796-8503-4ff0-af57-1747dd9a166d} -> Nero Online Upgrade
{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 -> Auslogics Disk Defrag
{E0B19DF7-B1C7-4937-82C4-0E4B1E346965} -> eBay Worldwide
{E48469CC-635E-4FD5-A122-1497C286D217} -> Call of Duty(R) 4 - Modern Warfare(TM)
{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} -> Microsoft Office Suite Activation Assistant
{e5c7d048-f9b4-4219-b323-8bdb01a2563d} -> Nero DriveSpeed Help
{E6158D07-2637-4ECF-B576-37C489669174} -> Windows Live Call
{e8a80433-302b-4ff1-815d-fcc8eac482ff} -> Nero Installer
{EE171732-BEB4-4576-887D-CB62727F01CA} -> Acer Updater
{EE39FFBD-544E-49E4-A999-6819828EAE91} -> Windows Live Photo Gallery
{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D} -> Max Payne 2
{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU]
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{f4041dce-3fe1-4e18-8a9e-9de65231ee36} -> Nero ControlCenter
{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262} -> Microsoft Office Live Add-in 1.5
{F7B0939E-58DF-11DF-B3A6-005056806466} -> Google Earth
{fbcdfd61-7dcf-4e71-9226-873ba0053139} -> Nero InfoTool
Acer Assist -> Acer Assist
Acer Registration -> Acer Registration
Acer Screensaver -> Acer ScreenSaver
Acer Welcome Center -> Welcome Center
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Belarc Advisor -> Belarc Advisor 8.1
CCleaner -> CCleaner
Combat Arms -> Combat Arms
DMX5_is1 -> DriverMax 5
ESET Online Scanner -> ESET Online Scanner v3
FileHippo.com -> FileHippo.com Update Checker
GamersFirst LIVE! -> GamersFirst LIVE!
Google Desktop -> Google Desktop
HOMESTUDENTR -> Microsoft Office Home and Student 2007
Hotkey Utility -> Hotkey Utility
Identity Card -> Identity Card
ImgBurn -> ImgBurn
InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA} -> eSobi v2
InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121} -> Acer Backup Manager
InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD} -> NVIDIA ForceWare Network Access Manager
InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217} -> Call of Duty(R) 4 - Modern Warfare(TM)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
OnlineArmor_is1 -> Online Armor 4.0
OpenDNS Updater -> OpenDNS Updater 2.2
PokerStars -> PokerStars
PunkBusterSvc -> PunkBuster Services
Revo Uninstaller -> Revo Uninstaller 1.88
Secunia PSI -> Secunia PSI
Sophos-AntiRootkit -> Sophos Anti-Rootkit 1.5.0
SystemRequirementsLab -> System Requirements Lab
WildTangent acer Master Uninstall -> Acer Games
WinLiveSuite_Wave3 -> Windows Live Essentials
Wubi -> Ubuntu
< Uninstall List [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
Google Chrome -> Google Chrome
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 5/27/2010 2:33:08 PM Computer Name = Family | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\installer\{67e03279-f703-408f-b4bf-46b5fc8d70cd}\WksCal.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/27/2010 2:33:08 PM Computer Name = Family | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\installer\{67e03279-f703-408f-b4bf-46b5fc8d70cd}\wksdb.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/27/2010 2:33:08 PM Computer Name = Family | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\installer\{67e03279-f703-408f-b4bf-46b5fc8d70cd}\wksss.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/27/2010 2:33:08 PM Computer Name = Family | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\installer\{67e03279-f703-408f-b4bf-46b5fc8d70cd}\WksWP.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/27/2010 2:33:11 PM Computer Name = Family | Source = SideBySide | ID = 16842815 -> Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Application [ Error ] 5/27/2010 2:33:25 PM Computer Name = Family | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe".  Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/27/2010 2:33:25 PM Computer Name = Family | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.  Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Application [ Error ] 5/27/2010 2:34:10 PM Computer Name = Family | Source = SideBySide | ID = 16842787 -> Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8.  Component identity found in manifest does not match the identity of the component requested.  Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/27/2010 2:34:36 PM Computer Name = Family | Source = SideBySide | ID = 16842811 -> Description = Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2.  Invalid Xml syntax.
Application [ Error ] 5/28/2010 11:08:11 PM Computer Name = Family | Source = Application Hang | ID = 1002 -> Description = The program CoD4.exe version 2.5.0.32 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.	Process ID: 1354	Start Time: 01cafedbbce45530	Termination Time: 17	Application Path: D:\Setup\rsrc\CoD4.exe	Report Id: 61333a71-6acf-11df-b0ef-00262d289fc4  
System [ Error ] 6/3/2010 11:58:15 AM Computer Name = Family | Source = Service Control Manager | ID = 7001 -> Description = The Computer Browser service depends on the Server service which failed to start because of the following error:   %%1068
System [ Error ] 6/3/2010 11:58:15 AM Computer Name = Family | Source = Service Control Manager | ID = 7001 -> Description = The Computer Browser service depends on the Server service which failed to start because of the following error:   %%1068
System [ Error ] 6/3/2010 11:58:15 AM Computer Name = Family | Source = Service Control Manager | ID = 7001 -> Description = The Computer Browser service depends on the Server service which failed to start because of the following error:   %%1068
System [ Error ] 6/3/2010 11:58:15 AM Computer Name = Family | Source = Service Control Manager | ID = 7001 -> Description = The Computer Browser service depends on the Server service which failed to start because of the following error:   %%1068
System [ Error ] 6/3/2010 11:58:15 AM Computer Name = Family | Source = Service Control Manager | ID = 7001 -> Description = The Computer Browser service depends on the Server service which failed to start because of the following error:   %%1068
System [ Error ] 6/3/2010 11:58:15 AM Computer Name = Family | Source = Service Control Manager | ID = 7001 -> Description = The Computer Browser service depends on the Server service which failed to start because of the following error:   %%1068
System [ Error ] 6/3/2010 11:58:15 AM Computer Name = Family | Source = Service Control Manager | ID = 7001 -> Description = The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:   %%1068
System [ Error ] 6/3/2010 11:58:16 AM Computer Name = Family | Source = Service Control Manager | ID = 7001 -> Description = The Computer Browser service depends on the Server service which failed to start because of the following error:   %%1068
System [ Error ] 6/3/2010 11:58:16 AM Computer Name = Family | Source = Service Control Manager | ID = 7001 -> Description = The Computer Browser service depends on the Server service which failed to start because of the following error:   %%1068
System [ Error ] 6/3/2010 11:58:16 AM Computer Name = Family | Source = Service Control Manager | ID = 7001 -> Description = The Computer Browser service depends on the Server service which failed to start because of the following error:   %%1068
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\Bryan\Desktop\OTS.exe -> [2010/06/04 08:47:26 | 000,640,000 | ---- | C] (OldTimer Tools)
 Prevx -> C:\Program Files\Prevx -> [2010/06/03 15:46:05 | 000,000,000 | ---D | C]
 PrevxCSI -> C:\ProgramData\PrevxCSI -> [2010/06/03 15:45:24 | 000,000,000 | ---D | C]
 Auslogics -> C:\Program Files (x86)\Auslogics -> [2010/06/03 08:39:22 | 000,000,000 | ---D | C]
 OnlineArmor -> C:\Users\Bryan\AppData\Roaming\OnlineArmor -> [2010/06/02 15:45:20 | 000,000,000 | ---D | C]
 OnlineArmor -> C:\ProgramData\OnlineArmor -> [2010/06/02 15:45:20 | 000,000,000 | ---D | C]
 oaevent.dll -> C:\Windows\oaevent.dll -> [2010/06/02 15:44:23 | 000,323,344 | ---- | C] (Tall Emu)
 OAnet.sys -> C:\Windows\SysNative\drivers\OAnet.sys -> [2010/06/02 15:44:22 | 000,043,664 | ---- | C] (Tall Emu Pty Ltd)
 OAmon.sys -> C:\Windows\SysWow64\drivers\OAmon.sys -> [2010/06/02 15:44:22 | 000,035,984 | ---- | C] (Tall Emu)
 Tall Emu -> C:\Program Files (x86)\Tall Emu -> [2010/06/02 15:44:15 | 000,000,000 | ---D | C]
 cache -> C:\Users\Bryan\AppData\Local\cache -> [2010/06/01 11:29:51 | 000,000,000 | ---D | C]
 FullTiltPoker -> C:\Users\Bryan\AppData\Local\FullTiltPoker -> [2010/06/01 11:29:06 | 000,000,000 | ---D | C]
 Full Tilt Poker -> C:\Program Files (x86)\Full Tilt Poker -> [2010/06/01 11:28:38 | 000,000,000 | ---D | C]
 gameprofiles[1] -> C:\Users\Bryan\Documents\gameprofiles[1] -> [2010/05/29 00:31:41 | 000,000,000 | ---D | C]
 Secunia -> C:\Program Files (x86)\Secunia -> [2010/05/29 00:10:31 | 000,000,000 | ---D | C]
 Saitek -> C:\ProgramData\Saitek -> [2010/05/28 21:58:49 | 000,000,000 | ---D | C]
 Saitek -> C:\Program Files\Saitek -> [2010/05/28 21:58:42 | 000,000,000 | ---D | C]
 ProcessMonitor -> C:\Users\Bryan\Desktop\ProcessMonitor -> [2010/05/28 19:01:35 | 000,000,000 | ---D | C]
 7-Zip -> C:\Program Files\7-Zip -> [2010/05/28 10:17:27 | 000,000,000 | ---D | C]
 FileHippo.com -> C:\Program Files (x86)\FileHippo.com -> [2010/05/28 10:11:07 | 000,000,000 | ---D | C]
 psi_mf.sys -> C:\Windows\SysNative\drivers\psi_mf.sys -> [2010/05/28 04:04:52 | 000,017,456 | ---- | C] (Secunia)
 VSRevoGroup -> C:\Users\Bryan\AppData\Roaming\VSRevoGroup -> [2010/05/26 12:16:08 | 000,000,000 | ---D | C]
 RadioBar -> C:\Program Files (x86)\RadioBar -> [2010/05/25 14:37:26 | 000,000,000 | ---D | C]
 IsolatedStorage -> C:\Users\Bryan\AppData\Local\IsolatedStorage -> [2010/05/25 13:35:11 | 000,000,000 | ---D | C]
 Autoruns[1] -> C:\Users\Bryan\Documents\Autoruns[1] -> [2010/05/25 02:42:20 | 000,000,000 | ---D | C]
 GAMES -> C:\Users\Bryan\Desktop\GAMES -> [2010/05/24 08:06:05 | 000,000,000 | ---D | C]
 msvcr71.dll -> C:\Windows\SysWow64\msvcr71.dll -> [2010/05/23 21:52:49 | 000,348,160 | ---- | C] (Microsoft Corporation)
 msvcp71.dll -> C:\Windows\SysWow64\msvcp71.dll -> [2010/05/23 21:52:47 | 000,499,712 | ---- | C] (Microsoft Corporation)
 mfc71.dll -> C:\Windows\SysWow64\mfc71.dll -> [2010/05/23 21:51:52 | 001,060,864 | ---- | C] (Microsoft Corporation)
 New folder -> C:\Users\Bryan\New folder -> [2010/05/23 18:06:02 | 000,000,000 | ---D | C]
 Pando_Temp -> C:\Users\Bryan\AppData\Local\Pando_Temp -> [2010/05/23 17:56:55 | 000,000,000 | ---D | C]
 GamersFirst LIVE! -> C:\Users\Bryan\AppData\Local\GamersFirst LIVE! -> [2010/05/23 17:56:40 | 000,000,000 | ---D | C]
 GamersFirst -> C:\Program Files (x86)\GamersFirst -> [2010/05/23 17:56:20 | 000,000,000 | ---D | C]
 Battlefield Heroes -> C:\Users\Bryan\Documents\Battlefield Heroes -> [2010/05/23 17:30:37 | 000,000,000 | ---D | C]
 EA Games -> C:\Program Files (x86)\EA Games -> [2010/05/23 16:26:57 | 000,000,000 | ---D | C]
 radix_installer[1] -> C:\Users\Bryan\Documents\radix_installer[1] -> [2010/05/23 12:17:49 | 000,000,000 | ---D | C]
 HostsMan Backups -> C:\Users\Public\Documents\HostsMan Backups -> [2010/05/23 00:32:57 | 000,000,000 | ---D | C]
 abelhadigital.com -> C:\Users\Bryan\AppData\Roaming\abelhadigital.com -> [2010/05/23 00:32:57 | 000,000,000 | ---D | C]
 abelhadigital.com -> C:\ProgramData\abelhadigital.com -> [2010/05/23 00:32:57 | 000,000,000 | ---D | C]
 HostsMan -> C:\Program Files (x86)\HostsMan -> [2010/05/23 00:32:54 | 000,000,000 | ---D | C]
 Sandbox -> C:\Sandbox -> [2010/05/21 12:41:58 | 000,000,000 | R--D | C]
 Sandboxie -> C:\Program Files\Sandboxie -> [2010/05/21 12:39:01 | 000,000,000 | ---D | C]
 NexonUS -> C:\ProgramData\NexonUS -> [2010/05/21 00:28:00 | 000,000,000 | ---D | C]
 Nexon -> C:\Nexon -> [2010/05/21 00:28:00 | 000,000,000 | ---D | C]
 ERDNT -> C:\Windows\ERDNT -> [2010/05/20 22:38:42 | 000,000,000 | ---D | C]
 WOT -> C:\Program Files (x86)\WOT -> [2010/05/20 22:36:01 | 000,000,000 | ---D | C]
 Auslogics -> C:\Users\Bryan\AppData\Roaming\Auslogics -> [2010/05/20 21:52:29 | 000,000,000 | ---D | C]
 BDOSCAN8 -> C:\Windows\BDOSCAN8 -> [2010/05/19 13:05:25 | 000,000,000 | ---D | C]
 md5[1] -> C:\Users\Bryan\Documents\md5[1] -> [2010/05/19 11:51:08 | 000,000,000 | ---D | C]
 Microsoft Antimalware -> C:\Program Files (x86)\Microsoft Antimalware -> [2010/05/18 15:39:53 | 000,000,000 | ---D | C]
 Microsoft Security Essentials -> C:\Program Files\Microsoft Security Essentials -> [2010/05/18 15:39:48 | 000,000,000 | ---D | C]
 U3 -> C:\Users\Bryan\AppData\Roaming\U3 -> [2010/05/17 13:05:00 | 000,000,000 | ---D | C]
 fssfltr.sys -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2010/05/17 11:32:30 | 000,061,288 | ---- | C] (Microsoft Corporation)
 Windows Live -> C:\Program Files\Windows Live -> [2010/05/17 11:32:30 | 000,000,000 | ---D | C]
 Microsoft Sync Framework -> C:\Program Files (x86)\Microsoft Sync Framework -> [2010/05/17 11:31:51 | 000,000,000 | ---D | C]
 My Stationery -> C:\Users\Bryan\Documents\My Stationery -> [2010/05/17 10:57:41 | 000,000,000 | R-SD | C]
 vlc -> C:\Users\Bryan\AppData\Roaming\vlc -> [2010/05/16 23:31:32 | 000,000,000 | ---D | C]
 Graboid_Inc -> C:\Users\Bryan\AppData\Local\Graboid_Inc -> [2010/05/16 23:25:21 | 000,000,000 | ---D | C]
 Graboid -> C:\Users\Bryan\AppData\Local\Graboid -> [2010/05/16 23:25:20 | 000,000,000 | ---D | C]
 MozillaControl -> C:\Users\Bryan\AppData\Roaming\MozillaControl -> [2010/05/16 23:25:19 | 000,000,000 | ---D | C]
 Mozilla -> C:\Users\Bryan\AppData\Roaming\Mozilla -> [2010/05/16 23:25:19 | 000,000,000 | ---D | C]
 Mozilla ActiveX Control v1.7.12 -> C:\Program Files (x86)\Mozilla ActiveX Control v1.7.12 -> [2010/05/16 23:25:08 | 000,000,000 | ---D | C]
 VideoLAN -> C:\Program Files (x86)\VideoLAN -> [2010/05/16 23:24:53 | 000,000,000 | ---D | C]
 WavesGUILib.dll -> C:\Windows\SysNative\WavesGUILib.dll -> [2010/05/16 13:35:50 | 002,719,504 | ---- | C] (Waves Audio Ltd.)
 SRSWOW64.dll -> C:\Windows\SysNative\SRSWOW64.dll -> [2010/05/16 13:35:50 | 000,155,888 | ---- | C] (SRS Labs, Inc.)
 RtPgEx64.dll -> C:\Windows\SysNative\RtPgEx64.dll -> [2010/05/16 13:35:49 | 001,943,584 | ---- | C] (Realtek Semiconductor Corp.)
 RTSnMg64.cpl -> C:\Windows\SysNative\RTSnMg64.cpl -> [2010/05/16 13:35:49 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.)
 SRSTSX64.dll -> C:\Windows\SysNative\SRSTSX64.dll -> [2010/05/16 13:35:49 | 000,518,896 | ---- | C] (SRS Labs, Inc.)
 SRSTSH64.dll -> C:\Windows\SysNative\SRSTSH64.dll -> [2010/05/16 13:35:49 | 000,211,184 | ---- | C] (SRS Labs, Inc.)
 SRSHP64.dll -> C:\Windows\SysNative\SRSHP64.dll -> [2010/05/16 13:35:49 | 000,198,896 | ---- | C] (SRS Labs, Inc.)
 RtlCPAPI64.dll -> C:\Windows\SysNative\RtlCPAPI64.dll -> [2010/05/16 13:35:48 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.)
 RtkCfg64.dll -> C:\Windows\SysNative\RtkCfg64.dll -> [2010/05/16 13:35:48 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.)
 RtkAPO64.dll -> C:\Windows\SysNative\RtkAPO64.dll -> [2010/05/16 13:35:47 | 001,660,960 | ---- | C] (Realtek Semiconductor Corp.)
 RtkApi64.dll -> C:\Windows\SysNative\RtkApi64.dll -> [2010/05/16 13:35:47 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.)
 RTEEP64A.dll -> C:\Windows\SysNative\RTEEP64A.dll -> [2010/05/16 13:35:47 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.)
 RTEED64A.dll -> C:\Windows\SysNative\RTEED64A.dll -> [2010/05/16 13:35:47 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.)
 RTEEL64A.dll -> C:\Windows\SysNative\RTEEL64A.dll -> [2010/05/16 13:35:47 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.)
 RTEEG64A.dll -> C:\Windows\SysNative\RTEEG64A.dll -> [2010/05/16 13:35:47 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.)
 RTCOM64.dll -> C:\Windows\SysNative\RTCOM64.dll -> [2010/05/16 13:35:46 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.)
 RP3DHT64.dll -> C:\Windows\SysNative\RP3DHT64.dll -> [2010/05/16 13:35:46 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.)
 RP3DAA64.dll -> C:\Windows\SysNative\RP3DAA64.dll -> [2010/05/16 13:35:46 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.)
 RCoInst64.dll -> C:\Windows\SysNative\RCoInst64.dll -> [2010/05/16 13:35:46 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.)
 MaxxAudioEQ.dll -> C:\Windows\SysNative\MaxxAudioEQ.dll -> [2010/05/16 13:35:44 | 002,197,264 | ---- | C] (Waves Audio Ltd.)
 MaxxAudioAPO20.dll -> C:\Windows\SysNative\MaxxAudioAPO20.dll -> [2010/05/16 13:35:44 | 000,325,904 | ---- | C] (Waves Audio Ltd.)
 DTSS2SpeakerDLL64.dll -> C:\Windows\SysNative\DTSS2SpeakerDLL64.dll -> [2010/05/16 13:35:43 | 001,325,328 | ---- | C] (DTS)
 DTSS2HeadphoneDLL64.dll -> C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll -> [2010/05/16 13:35:43 | 001,178,384 | ---- | C] (DTS)
 DTSSymmetryDLL64.dll -> C:\Windows\SysNative\DTSSymmetryDLL64.dll -> [2010/05/16 13:35:43 | 000,489,744 | ---- | C] (DTS)
 DTSVoiceClarityDLL64.dll -> C:\Windows\SysNative\DTSVoiceClarityDLL64.dll -> [2010/05/16 13:35:43 | 000,474,896 | ---- | C] (DTS)
 FMAPO64.dll -> C:\Windows\SysNative\FMAPO64.dll -> [2010/05/16 13:35:43 | 000,331,168 | ---- | C] (Fortemedia Corporation)
 DTSBoostDLL64.dll -> C:\Windows\SysNative\DTSBoostDLL64.dll -> [2010/05/16 13:35:42 | 001,110,800 | ---- | C] (DTS)
 DTSNeoPCDLL64.dll -> C:\Windows\SysNative\DTSNeoPCDLL64.dll -> [2010/05/16 13:35:42 | 000,315,152 | ---- | C] (DTS)
 DTSLimiterDLL64.dll -> C:\Windows\SysNative\DTSLimiterDLL64.dll -> [2010/05/16 13:35:42 | 000,268,560 | ---- | C] (DTS)
 DTSGainCompensatorDLL64.dll -> C:\Windows\SysNative\DTSGainCompensatorDLL64.dll -> [2010/05/16 13:35:42 | 000,265,488 | ---- | C] (DTS)
 DTSLFXAPO64.dll -> C:\Windows\SysNative\DTSLFXAPO64.dll -> [2010/05/16 13:35:42 | 000,123,664 | ---- | C] (DTS)
 DTSGFXAPO64.dll -> C:\Windows\SysNative\DTSGFXAPO64.dll -> [2010/05/16 13:35:42 | 000,123,152 | ---- | C] (DTS)
 DTSGFXAPONS64.dll -> C:\Windows\SysNative\DTSGFXAPONS64.dll -> [2010/05/16 13:35:42 | 000,122,128 | ---- | C] (DTS)
 DTSBassEnhancementDLL64.dll -> C:\Windows\SysNative\DTSBassEnhancementDLL64.dll -> [2010/05/16 13:35:41 | 000,504,592 | ---- | C] (DTS)
 AERTAC64.dll -> C:\Windows\SysNative\AERTAC64.dll -> [2010/05/16 13:35:41 | 000,168,288 | ---- | C] (Andrea Electronics Corporation)
 AERTAR64.dll -> C:\Windows\SysNative\AERTAR64.dll -> [2010/05/16 13:35:41 | 000,108,960 | ---- | C] (Andrea Electronics Corporation)
 Minidump -> C:\Windows\Minidump -> [2010/05/15 16:03:45 | 000,000,000 | ---D | C]
 Belarc -> C:\Program Files (x86)\Belarc -> [2010/05/15 11:47:25 | 000,000,000 | ---D | C]
 ESET -> C:\Program Files (x86)\ESET -> [2010/05/15 09:26:07 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2010/05/14 21:58:30 | 000,000,000 | ---D | C]
 Max Payne 2 Savegames -> C:\Users\Bryan\Documents\Max Payne 2 Savegames -> [2010/05/14 16:30:53 | 000,000,000 | ---D | C]
 Rockstar Games -> C:\Program Files (x86)\Rockstar Games -> [2010/05/14 16:16:33 | 000,000,000 | ---D | C]
 Registrar Registry Manager -> C:\Program Files\Registrar Registry Manager -> [2010/05/14 16:00:35 | 000,000,000 | ---D | C]
 CCleaner -> C:\Program Files (x86)\CCleaner -> [2010/05/14 15:44:25 | 000,000,000 | ---D | C]
 PCPitstop -> C:\ProgramData\PCPitstop -> [2010/05/14 14:28:01 | 000,000,000 | ---D | C]
 PCPitstop -> C:\Program Files (x86)\PCPitstop -> [2010/05/14 14:28:00 | 000,000,000 | ---D | C]
 ubuntu -> C:\ubuntu -> [2010/05/13 21:03:26 | 000,000,000 | ---D | C]
 nvusmu.exe -> C:\Windows\SysNative\nvusmu.exe -> [2010/05/13 11:12:11 | 000,539,680 | ---- | C] (NVIDIA Corporation)
 NVCOSMU.DLL -> C:\Windows\SysNative\NVCOSMU.DLL -> [2010/05/13 11:12:10 | 000,167,936 | ---- | C] (NVIDIA Corporation)
 NvRCoPtb.dll -> C:\Windows\SysNative\NvRCoPtb.dll -> [2010/05/13 11:12:10 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoIt.dll -> C:\Windows\SysNative\NvRCoIt.dll -> [2010/05/13 11:12:10 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoFr.dll -> C:\Windows\SysNative\NvRCoFr.dll -> [2010/05/13 11:12:10 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoEsm.dll -> C:\Windows\SysNative\NvRCoEsm.dll -> [2010/05/13 11:12:10 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoEs.dll -> C:\Windows\SysNative\NvRCoEs.dll -> [2010/05/13 11:12:10 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoSv.dll -> C:\Windows\SysNative\NvRCoSv.dll -> [2010/05/13 11:12:10 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoRu.dll -> C:\Windows\SysNative\NvRCoRu.dll -> [2010/05/13 11:12:10 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoNo.dll -> C:\Windows\SysNative\NvRCoNo.dll -> [2010/05/13 11:12:10 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoNl.dll -> C:\Windows\SysNative\NvRCoNl.dll -> [2010/05/13 11:12:10 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoFi.dll -> C:\Windows\SysNative\NvRCoFi.dll -> [2010/05/13 11:12:10 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoENU.dll -> C:\Windows\SysNative\NvRCoENU.dll -> [2010/05/13 11:12:10 | 000,017,952 | ---- | C] (NVIDIA Corporation)
 NvRCoKo.dll -> C:\Windows\SysNative\NvRCoKo.dll -> [2010/05/13 11:12:10 | 000,016,416 | ---- | C] (NVIDIA Corporation)
 NvRCoJa.dll -> C:\Windows\SysNative\NvRCoJa.dll -> [2010/05/13 11:12:10 | 000,016,416 | ---- | C] (NVIDIA Corporation)
 NvRCoZht.dll -> C:\Windows\SysNative\NvRCoZht.dll -> [2010/05/13 11:12:10 | 000,015,904 | ---- | C] (NVIDIA Corporation)
 NvRCoZhc.dll -> C:\Windows\SysNative\NvRCoZhc.dll -> [2010/05/13 11:12:10 | 000,015,904 | ---- | C] (NVIDIA Corporation)
 nvraiins.dll -> C:\Windows\SysNative\nvraiins.dll -> [2010/05/13 11:12:09 | 000,402,976 | ---- | C] (NVIDIA Corporation)
 nvraidco.dll -> C:\Windows\SysNative\nvraidco.dll -> [2010/05/13 11:12:09 | 000,402,976 | ---- | C] (NVIDIA Corporation)
 NvRCoDe.dll -> C:\Windows\SysNative\NvRCoDe.dll -> [2010/05/13 11:12:09 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoDa.dll -> C:\Windows\SysNative\NvRCoDa.dll -> [2010/05/13 11:12:09 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoEng.dll -> C:\Windows\SysNative\NvRCoEng.dll -> [2010/05/13 11:12:09 | 000,017,952 | ---- | C] (NVIDIA Corporation)
 My Drivers -> C:\Users\Bryan\Documents\My Drivers -> [2010/05/13 10:59:13 | 000,000,000 | ---D | C]
 Innovative Solutions -> C:\Users\Bryan\AppData\Local\Innovative Solutions -> [2010/05/13 10:59:13 | 000,000,000 | ---D | C]
 Innovative Solutions -> C:\ProgramData\Innovative Solutions -> [2010/05/13 10:59:13 | 000,000,000 | ---D | C]
 Innovative Solutions -> C:\Program Files (x86)\Innovative Solutions -> [2010/05/13 10:59:07 | 000,000,000 | ---D | C]
 ImgBurn -> C:\Users\Bryan\AppData\Roaming\ImgBurn -> [2010/05/12 22:10:54 | 000,000,000 | ---D | C]
 ImgBurn -> C:\Program Files (x86)\ImgBurn -> [2010/05/12 22:09:42 | 000,000,000 | ---D | C]
 Partition Wizard Home Edition 5.0 -> C:\Program Files (x86)\Partition Wizard Home Edition 5.0 -> [2010/05/12 21:32:17 | 000,000,000 | ---D | C]
 Locate32 -> C:\Users\Bryan\AppData\Roaming\Locate32 -> [2010/05/12 11:46:15 | 000,000,000 | ---D | C]
 locate32_x64-3.1.9.06070[1] -> C:\Users\Bryan\Documents\locate32_x64-3.1.9.06070[1] -> [2010/05/12 11:45:51 | 000,000,000 | ---D | C]
 Apps -> C:\Users\Bryan\AppData\Local\Apps -> [2010/05/12 11:35:40 | 000,000,000 | ---D | C]
 VS Revo Group -> C:\Program Files (x86)\VS Revo Group -> [2010/05/12 10:18:34 | 000,000,000 | ---D | C]
 Notes -> C:\Users\Bryan\Documents\Notes -> [2010/05/11 18:55:15 | 000,000,000 | R--D | C]
 PunkBuster -> C:\Users\Bryan\AppData\Local\PunkBuster -> [2010/05/10 16:15:36 | 000,000,000 | ---D | C]
 xactengine2_8.dll -> C:\Windows\SysNative\xactengine2_8.dll -> [2010/05/10 12:54:04 | 000,409,960 | ---- | C] (Microsoft Corporation)
 xactengine2_8.dll -> C:\Windows\SysWow64\xactengine2_8.dll -> [2010/05/10 12:54:04 | 000,266,088 | ---- | C] (Microsoft Corporation)
 x3daudio1_2.dll -> C:\Windows\SysNative\x3daudio1_2.dll -> [2010/05/10 12:54:04 | 000,021,352 | ---- | C] (Microsoft Corporation)
 x3daudio1_2.dll -> C:\Windows\SysWow64\x3daudio1_2.dll -> [2010/05/10 12:54:04 | 000,018,280 | ---- | C] (Microsoft Corporation)
 d3dx9_34.dll -> C:\Windows\SysNative\d3dx9_34.dll -> [2010/05/10 12:54:03 | 004,496,232 | ---- | C] (Microsoft Corporation)
 d3dx9_34.dll -> C:\Windows\SysWow64\d3dx9_34.dll -> [2010/05/10 12:54:03 | 003,497,832 | ---- | C] (Microsoft Corporation)
 D3DCompiler_34.dll -> C:\Windows\SysNative\D3DCompiler_34.dll -> [2010/05/10 12:54:03 | 001,401,200 | ---- | C] (Microsoft Corporation)
 D3DCompiler_34.dll -> C:\Windows\SysWow64\D3DCompiler_34.dll -> [2010/05/10 12:54:03 | 001,124,720 | ---- | C] (Microsoft Corporation)
 d3dx10_34.dll -> C:\Windows\SysNative\d3dx10_34.dll -> [2010/05/10 12:54:03 | 000,506,728 | ---- | C] (Microsoft Corporation)
 d3dx10_34.dll -> C:\Windows\SysWow64\d3dx10_34.dll -> [2010/05/10 12:54:03 | 000,443,752 | ---- | C] (Microsoft Corporation)
 xinput1_3.dll -> C:\Windows\SysNative\xinput1_3.dll -> [2010/05/10 12:54:02 | 000,107,368 | ---- | C] (Microsoft Corporation)
 xactengine2_7.dll -> C:\Windows\SysNative\xactengine2_7.dll -> [2010/05/10 12:54:01 | 000,403,304 | ---- | C] (Microsoft Corporation)
 xactengine2_7.dll -> C:\Windows\SysWow64\xactengine2_7.dll -> [2010/05/10 12:54:01 | 000,261,480 | ---- | C] (Microsoft Corporation)
 d3dx9_33.dll -> C:\Windows\SysNative\d3dx9_33.dll -> [2010/05/10 12:54:00 | 004,494,184 | ---- | C] (Microsoft Corporation)
 d3dx9_33.dll -> C:\Windows\SysWow64\d3dx9_33.dll -> [2010/05/10 12:54:00 | 003,495,784 | ---- | C] (Microsoft Corporation)
 D3DCompiler_33.dll -> C:\Windows\SysNative\D3DCompiler_33.dll -> [2010/05/10 12:54:00 | 001,400,176 | ---- | C] (Microsoft Corporation)
 D3DCompiler_33.dll -> C:\Windows\SysWow64\D3DCompiler_33.dll -> [2010/05/10 12:54:00 | 001,123,696 | ---- | C] (Microsoft Corporation)
 d3dx10_33.dll -> C:\Windows\SysNative\d3dx10_33.dll -> [2010/05/10 12:54:00 | 000,506,728 | ---- | C] (Microsoft Corporation)
 d3dx10_33.dll -> C:\Windows\SysWow64\d3dx10_33.dll -> [2010/05/10 12:54:00 | 000,443,752 | ---- | C] (Microsoft Corporation)
 xactengine2_6.dll -> C:\Windows\SysNative\xactengine2_6.dll -> [2010/05/10 12:53:59 | 000,393,576 | ---- | C] (Microsoft Corporation)
 xactengine2_6.dll -> C:\Windows\SysWow64\xactengine2_6.dll -> [2010/05/10 12:53:59 | 000,255,848 | ---- | C] (Microsoft Corporation)
 d3dx10.dll -> C:\Windows\SysNative\d3dx10.dll -> [2010/05/10 12:53:58 | 000,469,264 | ---- | C] (Microsoft Corporation)
 d3dx10.dll -> C:\Windows\SysWow64\d3dx10.dll -> [2010/05/10 12:53:58 | 000,440,080 | ---- | C] (Microsoft Corporation)
 xactengine2_5.dll -> C:\Windows\SysNative\xactengine2_5.dll -> [2010/05/10 12:53:58 | 000,390,424 | ---- | C] (Microsoft Corporation)
 xactengine2_5.dll -> C:\Windows\SysWow64\xactengine2_5.dll -> [2010/05/10 12:53:58 | 000,251,672 | ---- | C] (Microsoft Corporation)
 xactengine2_4.dll -> C:\Windows\SysNative\xactengine2_4.dll -> [2010/05/10 12:53:56 | 000,364,824 | ---- | C] (Microsoft Corporation)
 xactengine2_4.dll -> C:\Windows\SysWow64\xactengine2_4.dll -> [2010/05/10 12:53:56 | 000,237,848 | ---- | C] (Microsoft Corporation)
 x3daudio1_1.dll -> C:\Windows\SysNative\x3daudio1_1.dll -> [2010/05/10 12:53:56 | 000,017,688 | ---- | C] (Microsoft Corporation)
 x3daudio1_1.dll -> C:\Windows\SysWow64\x3daudio1_1.dll -> [2010/05/10 12:53:56 | 000,015,128 | ---- | C] (Microsoft Corporation)
 d3dx9_31.dll -> C:\Windows\SysNative\d3dx9_31.dll -> [2010/05/10 12:53:55 | 003,977,496 | ---- | C] (Microsoft Corporation)
 d3dx9_31.dll -> C:\Windows\SysWow64\d3dx9_31.dll -> [2010/05/10 12:53:55 | 002,414,360 | ---- | C] (Microsoft Corporation)
 xactengine2_3.dll -> C:\Windows\SysNative\xactengine2_3.dll -> [2010/05/10 12:53:54 | 000,363,288 | ---- | C] (Microsoft Corporation)
 xactengine2_3.dll -> C:\Windows\SysWow64\xactengine2_3.dll -> [2010/05/10 12:53:54 | 000,236,824 | ---- | C] (Microsoft Corporation)
 xinput1_2.dll -> C:\Windows\SysNative\xinput1_2.dll -> [2010/05/10 12:53:54 | 000,083,736 | ---- | C] (Microsoft Corporation)
 xinput1_2.dll -> C:\Windows\SysWow64\xinput1_2.dll -> [2010/05/10 12:53:54 | 000,062,744 | ---- | C] (Microsoft Corporation)
 xactengine2_2.dll -> C:\Windows\SysNative\xactengine2_2.dll -> [2010/05/10 12:53:53 | 000,354,072 | ---- | C] (Microsoft Corporation)
 xactengine2_2.dll -> C:\Windows\SysWow64\xactengine2_2.dll -> [2010/05/10 12:53:53 | 000,230,168 | ---- | C] (Microsoft Corporation)
 xinput1_1.dll -> C:\Windows\SysNative\xinput1_1.dll -> [2010/05/10 12:53:52 | 000,083,664 | ---- | C] (Microsoft Corporation)
 xinput1_1.dll -> C:\Windows\SysWow64\xinput1_1.dll -> [2010/05/10 12:53:52 | 000,062,672 | ---- | C] (Microsoft Corporation)
 xactengine2_1.dll -> C:\Windows\SysNative\xactengine2_1.dll -> [2010/05/10 12:53:51 | 000,352,464 | ---- | C] (Microsoft Corporation)
 xactengine2_1.dll -> C:\Windows\SysWow64\xactengine2_1.dll -> [2010/05/10 12:53:51 | 000,229,584 | ---- | C] (Microsoft Corporation)
 d3dx9_30.dll -> C:\Windows\SysNative\d3dx9_30.dll -> [2010/05/10 12:53:46 | 003,927,248 | ---- | C] (Microsoft Corporation)
 d3dx9_30.dll -> C:\Windows\SysWow64\d3dx9_30.dll -> [2010/05/10 12:53:46 | 002,388,176 | ---- | C] (Microsoft Corporation)
 xactengine2_0.dll -> C:\Windows\SysNative\xactengine2_0.dll -> [2010/05/10 12:53:45 | 000,355,536 | ---- | C] (Microsoft Corporation)
 xactengine2_0.dll -> C:\Windows\SysWow64\xactengine2_0.dll -> [2010/05/10 12:53:45 | 000,230,096 | ---- | C] (Microsoft Corporation)
 x3daudio1_0.dll -> C:\Windows\SysNative\x3daudio1_0.dll -> [2010/05/10 12:53:45 | 000,016,592 | ---- | C] (Microsoft Corporation)
 x3daudio1_0.dll -> C:\Windows\SysWow64\x3daudio1_0.dll -> [2010/05/10 12:53:45 | 000,014,032 | ---- | C] (Microsoft Corporation)
 d3dx9_29.dll -> C:\Windows\SysNative\d3dx9_29.dll -> [2010/05/10 12:53:44 | 003,830,992 | ---- | C] (Microsoft Corporation)
 d3dx9_28.dll -> C:\Windows\SysNative\d3dx9_28.dll -> [2010/05/10 12:53:44 | 003,815,120 | ---- | C] (Microsoft Corporation)
 d3dx9_29.dll -> C:\Windows\SysWow64\d3dx9_29.dll -> [2010/05/10 12:53:44 | 002,332,368 | ---- | C] (Microsoft Corporation)
 d3dx9_28.dll -> C:\Windows\SysWow64\d3dx9_28.dll -> [2010/05/10 12:53:44 | 002,323,664 | ---- | C] (Microsoft Corporation)
 d3dx9_27.dll -> C:\Windows\SysNative\d3dx9_27.dll -> [2010/05/10 12:53:43 | 003,807,440 | ---- | C] (Microsoft Corporation)
 d3dx9_26.dll -> C:\Windows\SysNative\d3dx9_26.dll -> [2010/05/10 12:53:43 | 003,767,504 | ---- | C] (Microsoft Corporation)
 d3dx9_27.dll -> C:\Windows\SysWow64\d3dx9_27.dll -> [2010/05/10 12:53:43 | 002,319,568 | ---- | C] (Microsoft Corporation)
 d3dx9_26.dll -> C:\Windows\SysWow64\d3dx9_26.dll -> [2010/05/10 12:53:43 | 002,297,552 | ---- | C] (Microsoft Corporation)
 d3dx9_25.dll -> C:\Windows\SysNative\d3dx9_25.dll -> [2010/05/10 12:53:42 | 003,823,312 | ---- | C] (Microsoft Corporation)
 d3dx9_25.dll -> C:\Windows\SysWow64\d3dx9_25.dll -> [2010/05/10 12:53:42 | 002,337,488 | ---- | C] (Microsoft Corporation)
 d3dx9_24.dll -> C:\Windows\SysNative\d3dx9_24.dll -> [2010/05/10 12:53:41 | 003,544,272 | ---- | C] (Microsoft Corporation)
 d3dx9_24.dll -> C:\Windows\SysWow64\d3dx9_24.dll -> [2010/05/10 12:53:41 | 002,222,800 | ---- | C] (Microsoft Corporation)
 Activision -> C:\Program Files (x86)\Activision -> [2010/05/10 12:17:19 | 000,000,000 | ---D | C]
 ftpcache -> C:\Windows\ftpcache -> [2010/05/10 12:14:57 | 000,000,000 | -HSD | C]
 Masque -> C:\Users\Bryan\AppData\Roaming\Masque -> [2010/05/10 11:58:23 | 000,000,000 | ---D | C]
 Masque -> C:\ProgramData\Masque -> [2010/05/10 11:58:23 | 000,000,000 | ---D | C]
 Masque IGT Slots Little Green Men -> C:\Program Files (x86)\Masque IGT Slots Little Green Men -> [2010/05/10 11:56:20 | 000,000,000 | ---D | C]
 Sophos -> C:\Program Files (x86)\Sophos -> [2010/05/09 13:36:14 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/05/09 13:26:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/05/09 13:26:01 | 000,024,664 | ---- | C] (Malwarebytes Corporation)
 Eraser 6 -> C:\Users\Bryan\AppData\Local\Eraser 6 -> [2010/05/08 22:57:16 | 000,000,000 | ---D | C]
 Microsoft Games -> C:\Users\Bryan\AppData\Local\Microsoft Games -> [2010/05/08 21:39:39 | 000,000,000 | ---D | C]
 Eraser -> C:\Program Files\Eraser -> [2010/05/08 10:22:27 | 000,000,000 | ---D | C]
 Yahoo! Companion -> C:\ProgramData\Yahoo! Companion -> [2010/05/07 13:19:54 | 000,000,000 | ---D | C]
 Yahoo! -> C:\Users\Bryan\AppData\Roaming\Yahoo! -> [2010/05/07 13:19:54 | 000,000,000 | ---D | C]
 Yahoo! -> C:\Program Files (x86)\Yahoo! -> [2010/05/07 13:19:53 | 000,000,000 | ---D | C]
 Recuva -> C:\Program Files\Recuva -> [2010/05/07 13:19:49 | 000,000,000 | ---D | C]
 ElevatedDiagnostics -> C:\Users\Bryan\AppData\Local\ElevatedDiagnostics -> [2010/05/07 01:00:16 | 000,000,000 | ---D | C]
 Diagnostics -> C:\Users\Bryan\AppData\Local\Diagnostics -> [2010/05/06 22:44:36 | 000,000,000 | ---D | C]
 NVIDIA -> C:\Users\Bryan\AppData\Roaming\NVIDIA -> [2010/05/06 21:20:07 | 000,000,000 | ---D | C]
 d3dx10_42.dll -> C:\Windows\SysWow64\d3dx10_42.dll -> [2010/05/06 20:43:48 | 000,453,456 | ---- | C] (Microsoft Corporation)
 xinput1_3.dll -> C:\Windows\SysWow64\xinput1_3.dll -> [2010/05/06 20:43:48 | 000,081,768 | ---- | C] (Microsoft Corporation)
 Perfect Uninstaller -> C:\Program Files\Perfect Uninstaller -> [2010/05/06 19:41:49 | 000,000,000 | ---D | C]
 MyWinLockerData -> C:\MyWinLockerData -> [2010/05/06 11:52:56 | 000,000,000 | -H-D | C]
 Malwarebytes -> C:\Users\Bryan\AppData\Roaming\Malwarebytes -> [2010/05/06 10:22:22 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/05/06 10:22:13 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/05/06 10:22:12 | 000,000,000 | ---D | C]
 Nexon -> C:\ProgramData\Nexon -> [2010/05/06 02:02:47 | 000,000,000 | ---D | C]
 PMB Files -> C:\Users\Bryan\AppData\Local\PMB Files -> [2010/05/05 20:25:30 | 000,000,000 | ---D | C]
 2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/06/04 09:01:36 | 000,713,888 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/06/04 09:01:36 | 000,615,122 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/06/04 09:01:36 | 000,103,496 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2010/06/04 08:57:23 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/06/04 08:57:12 | 3018,756,096 | -HS- | M] ()
 ntuser.dat -> C:\Users\Bryan\ntuser.dat -> [2010/06/04 08:56:09 | 002,621,440 | -HS- | M] ()
 OTS.exe -> C:\Users\Bryan\Desktop\OTS.exe -> [2010/06/04 08:47:32 | 000,640,000 | ---- | M] (OldTimer Tools)
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/06/04 08:43:57 | 000,009,920 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/06/04 08:43:57 | 000,009,920 | -H-- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/06/04 08:36:49 | 000,000,892 | ---- | M] ()
 SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/06/04 08:36:37 | 000,000,006 | -H-- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/06/04 01:33:00 | 000,000,896 | ---- | M] ()
 Resmon.ResmonCfg -> C:\Users\Bryan\AppData\Local\Resmon.ResmonCfg -> [2010/06/04 01:07:43 | 000,007,597 | ---- | M] ()
 wininit.ini -> C:\Windows\wininit.ini -> [2010/06/03 15:45:54 | 000,000,050 | ---- | M] ()
 Auslogics Disk Defrag.lnk -> C:\Users\Bryan\Desktop\Auslogics Disk Defrag.lnk -> [2010/06/03 08:39:24 | 000,001,140 | ---- | M] ()
 Sandboxie.ini -> C:\Windows\Sandboxie.ini -> [2010/06/02 23:25:51 | 000,001,368 | ---- | M] ()
 draft_guide.cbs2010.pdf -> C:\Users\Bryan\Documents\draft_guide.cbs2010.pdf -> [2010/06/01 16:21:15 | 001,167,702 | ---- | M] ()
 Full Tilt Poker.lnk -> C:\Users\Public\Desktop\Full Tilt Poker.lnk -> [2010/06/01 11:29:00 | 000,001,055 | ---- | M] ()
 WindowsAnytimeUpgradeUI.exe -> C:\Windows\SysWow64\WindowsAnytimeUpgradeUI.exe -> [2010/05/30 20:24:20 | 000,000,000 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\Bryan\Desktop\Google Chrome.lnk -> [2010/05/29 07:31:57 | 000,002,314 | ---- | M] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/29 02:12:21 | 000,524,288 | -HS- | M] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/29 02:12:21 | 000,524,288 | -HS- | M] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TM.blf -> [2010/05/29 02:12:21 | 000,065,536 | -HS- | M] ()
 OASettings100528.OA -> C:\Users\Bryan\Documents\OASettings100528.OA -> [2010/05/28 20:58:09 | 001,581,394 | ---- | M] ()
 Google Desktop.lnk -> C:\Users\Public\Desktop\Google Desktop.lnk -> [2010/05/28 20:43:21 | 000,001,222 | ---- | M] ()
 ProcessMonitor.zip -> C:\Users\Bryan\Desktop\ProcessMonitor.zip -> [2010/05/28 19:01:21 | 001,322,283 | ---- | M] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2010/05/28 18:27:52 | 000,103,736 | ---- | M] ()
 Msft_Kernel_SaiKF622_01005.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_SaiKF622_01005.Wdf -> [2010/05/28 15:42:20 | 000,000,000 | -H-- | M] ()
 cc_20100528_111630.regbackup.reg -> C:\Users\Bryan\Documents\cc_20100528_111630.regbackup.reg -> [2010/05/28 11:16:49 | 000,037,598 | ---- | M] ()
 CCleaner.lnk -> C:\Users\Bryan\Desktop\CCleaner.lnk -> [2010/05/28 10:26:20 | 000,001,889 | ---- | M] ()
 Update Checker.lnk -> C:\Users\Bryan\Desktop\Update Checker.lnk -> [2010/05/28 10:11:08 | 000,001,973 | ---- | M] ()
 psi_mf.sys -> C:\Windows\SysNative\drivers\psi_mf.sys -> [2010/05/28 04:04:52 | 000,017,456 | ---- | M] (Secunia)
 oahlp64.sys -> C:\Windows\SysWow64\drivers\oahlp64.sys -> [2010/05/27 07:06:52 | 000,051,440 | ---- | M] ()
 oaevent.dll -> C:\Windows\oaevent.dll -> [2010/05/27 06:56:00 | 000,323,344 | ---- | M] (Tall Emu)
 OADriver.sys -> C:\Windows\SysWow64\drivers\OADriver.sys -> [2010/05/27 06:56:00 | 000,052,880 | ---- | M] ()
 OAmon.sys -> C:\Windows\SysWow64\drivers\OAmon.sys -> [2010/05/27 06:56:00 | 000,035,984 | ---- | M] (Tall Emu)
 OAnet.sys -> C:\Windows\SysNative\drivers\OAnet.sys -> [2010/05/27 06:55:58 | 000,043,664 | ---- | M] (Tall Emu Pty Ltd)
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/25 18:03:41 | 000,524,288 | -HS- | M] ()
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/25 18:03:41 | 000,524,288 | -HS- | M] ()
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TM.blf -> [2010/05/25 18:03:41 | 000,065,536 | -HS- | M] ()
 autoruns.exe -> C:\Users\Bryan\Desktop\autoruns.exe -> [2010/05/25 02:42:24 | 000,670,072 | ---- | M] (Sysinternals - www.sysinternals.com)
 PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2010/05/23 19:16:25 | 000,219,128 | ---- | M] ()
 pbsvc_heroes.exe -> C:\Windows\SysWow64\pbsvc_heroes.exe -> [2010/05/23 17:29:25 | 002,427,248 | ---- | M] ()
 PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2010/05/23 17:29:25 | 000,075,064 | ---- | M] ()
 HOSTS -> C:\Windows\SysNative\drivers\etc\HOSTS -> [2010/05/23 01:59:40 | 000,607,013 | ---- | M] ()
 mvps.bat -> C:\Windows\SysNative\drivers\etc\mvps.bat -> [2010/05/23 01:59:40 | 000,001,615 | ---- | M] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 12:20:28 | 000,524,288 | -HS- | M] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 12:20:28 | 000,524,288 | -HS- | M] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TM.blf -> [2010/05/22 12:20:28 | 000,065,536 | -HS- | M] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 11:29:36 | 000,524,288 | -HS- | M] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 11:29:36 | 000,524,288 | -HS- | M] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TM.blf -> [2010/05/22 11:29:36 | 000,065,536 | -HS- | M] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 11:26:34 | 000,524,288 | -HS- | M] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 11:26:34 | 000,524,288 | -HS- | M] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TM.blf -> [2010/05/22 11:26:34 | 000,065,536 | -HS- | M] ()
 recdisc.exe -> C:\Windows\SysWow64\recdisc.exe -> [2010/05/21 16:43:13 | 000,000,000 | ---- | M] ()
 vdsldr.exe -> C:\Windows\SysWow64\vdsldr.exe -> [2010/05/21 14:46:10 | 000,000,000 | ---- | M] ()
 Sandboxed Web Browser.lnk -> C:\Users\Bryan\Desktop\Sandboxed Web Browser.lnk -> [2010/05/21 12:39:05 | 000,000,900 | ---- | M] ()
 wsqmcons.exe -> C:\Windows\SysWow64\wsqmcons.exe -> [2010/05/21 11:00:01 | 000,000,000 | ---- | M] ()
 sdclt.exe -> C:\Windows\SysWow64\sdclt.exe -> [2010/05/21 10:00:01 | 000,000,000 | ---- | M] ()
 defrag.exe -> C:\Windows\SysWow64\defrag.exe -> [2010/05/21 08:04:46 | 000,000,000 | ---- | M] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/20 21:10:55 | 000,524,288 | -HS- | M] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/20 21:10:55 | 000,524,288 | -HS- | M] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TM.blf -> [2010/05/20 21:10:55 | 000,065,536 | -HS- | M] ()
 Microsoft Security Essentials.lnk -> C:\Users\Public\Desktop\Microsoft Security Essentials.lnk -> [2010/05/18 15:39:48 | 000,001,035 | ---- | M] ()
 mdres.exe -> C:\Windows\SysWow64\mdres.exe -> [2010/05/17 13:27:24 | 000,000,000 | ---- | M] ()
 MdSched.exe -> C:\Windows\SysWow64\MdSched.exe -> [2010/05/17 13:12:28 | 000,000,000 | ---- | M] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/17 01:11:45 | 000,524,288 | -HS- | M] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/17 01:11:45 | 000,524,288 | -HS- | M] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TM.blf -> [2010/05/17 01:11:45 | 000,065,536 | -HS- | M] ()
 Recuva.lnk -> C:\Users\Bryan\Desktop\Recuva.lnk -> [2010/05/17 00:54:34 | 000,001,662 | ---- | M] ()
 DXPServer.exe -> C:\Windows\SysWow64\DXPServer.exe -> [2010/05/15 15:10:25 | 000,000,000 | ---- | M] ()
 DeviceDisplayObjectProvider.exe -> C:\Windows\SysWow64\DeviceDisplayObjectProvider.exe -> [2010/05/15 15:10:18 | 000,000,000 | ---- | M] ()
 Msft_User_WpdMtpDr_01_09_00.Wdf -> C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf -> [2010/05/15 15:10:16 | 000,000,000 | -H-- | M] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/15 14:58:18 | 000,524,288 | -HS- | M] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/15 14:58:18 | 000,524,288 | -HS- | M] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TM.blf -> [2010/05/15 14:58:18 | 000,065,536 | -HS- | M] ()
 HiJackThis.lnk -> C:\Users\Bryan\Desktop\HiJackThis.lnk -> [2010/05/15 13:09:46 | 000,002,975 | ---- | M] ()
 Belarc Advisor.lnk -> C:\Users\Public\Desktop\Belarc Advisor.lnk -> [2010/05/15 11:47:26 | 000,002,007 | ---- | M] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/14 23:29:49 | 000,524,288 | -HS- | M] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/14 23:29:49 | 000,524,288 | -HS- | M] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TM.blf -> [2010/05/14 23:29:49 | 000,065,536 | -HS- | M] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/14 00:17:20 | 000,524,288 | -HS- | M] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/14 00:17:20 | 000,524,288 | -HS- | M] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TM.blf -> [2010/05/14 00:17:20 | 000,065,536 | -HS- | M] ()
 wubildr -> C:\wubildr -> [2010/05/14 00:16:58 | 000,088,813 | ---- | M] ()
 wubildr.mbr -> C:\wubildr.mbr -> [2010/05/14 00:16:58 | 000,008,192 | ---- | M] ()
 housecall.guid.cache -> C:\Users\Bryan\AppData\Local\housecall.guid.cache -> [2010/05/13 19:08:49 | 000,000,036 | ---- | M] ()
 nvuSMU.exe -> C:\Windows\SysWow64\nvuSMU.exe -> [2010/05/13 11:13:07 | 000,000,000 | ---- | M] ()
 DriverMax.lnk -> C:\Users\Bryan\Desktop\DriverMax.lnk -> [2010/05/13 10:59:10 | 000,001,118 | ---- | M] ()
 ImgBurn.lnk -> C:\Users\Public\Desktop\ImgBurn.lnk -> [2010/05/12 22:09:42 | 000,001,869 | ---- | M] ()
 Partition Wizard Home Edition.lnk -> C:\Users\Bryan\Desktop\Partition Wizard Home Edition.lnk -> [2010/05/12 21:40:30 | 000,001,127 | ---- | M] ()
 CompMgmtLauncher.exe -> C:\Windows\SysWow64\CompMgmtLauncher.exe -> [2010/05/12 13:52:21 | 000,000,000 | ---- | M] ()
 Revo Uninstaller.lnk -> C:\Users\Bryan\Desktop\Revo Uninstaller.lnk -> [2010/05/12 10:18:34 | 000,001,268 | ---- | M] ()
 MpSigStub.exe -> C:\Windows\SysWow64\MpSigStub.exe -> [2010/05/12 07:54:18 | 000,000,000 | ---- | M] ()
 MRT.exe -> C:\Windows\SysWow64\MRT.exe -> [2010/05/12 07:53:03 | 000,000,000 | ---- | M] ()
 lpremove.exe -> C:\Windows\SysWow64\lpremove.exe -> [2010/05/11 06:38:37 | 000,000,000 | ---- | M] ()
 aitagent.EXE -> C:\Windows\SysWow64\aitagent.EXE -> [2010/05/11 06:31:36 | 000,000,000 | ---- | M] ()
 game.ini -> C:\Windows\game.ini -> [2010/05/10 12:45:13 | 000,000,331 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/05/09 13:26:06 | 000,001,013 | ---- | M] ()
 Paragon Partition Manager™ 2010 Free Edition.lnk -> C:\Users\Bryan\Desktop\Paragon Partition Manager™ 2010 Free Edition.lnk -> [2010/05/08 21:03:54 | 000,002,519 | ---- | M] ()
 Eraser.lnk -> C:\Users\Public\Desktop\Eraser.lnk -> [2010/05/08 10:22:34 | 000,001,751 | ---- | M] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 17:43:37 | 000,524,288 | -HS- | M] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 17:43:37 | 000,524,288 | -HS- | M] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TM.blf -> [2010/05/07 17:43:37 | 000,065,536 | -HS- | M] ()
 pcwutl.dll -> C:\Windows\SysWow64\pcwutl.dll -> [2010/05/07 17:39:36 | 000,000,000 | ---- | M] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 13:46:53 | 000,524,288 | -HS- | M] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 13:46:53 | 000,524,288 | -HS- | M] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TM.blf -> [2010/05/07 13:46:53 | 000,065,536 | -HS- | M] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 13:36:50 | 000,524,288 | -HS- | M] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 13:36:50 | 000,524,288 | -HS- | M] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TM.blf -> [2010/05/07 13:36:50 | 000,065,536 | -HS- | M] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 10:55:38 | 000,524,288 | -HS- | M] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 10:55:38 | 000,524,288 | -HS- | M] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TM.blf -> [2010/05/07 10:55:38 | 000,065,536 | -HS- | M] ()
 GoogleUpdateTaskUserS-1-5-21-3488347447-2488368954-518346416-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3488347447-2488368954-518346416-1000Core.job -> [2010/05/07 10:03:00 | 000,000,856 | ---- | M] ()
 StikyNot.exe -> C:\Windows\SysWow64\StikyNot.exe -> [2010/05/07 01:41:26 | 000,000,000 | ---- | M] ()
 pcwrun.exe -> C:\Windows\SysWow64\pcwrun.exe -> [2010/05/06 22:43:50 | 000,000,000 | ---- | M] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/06 20:34:34 | 000,524,288 | -HS- | M] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/06 20:34:34 | 000,524,288 | -HS- | M] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TM.blf -> [2010/05/06 20:34:34 | 000,065,536 | -HS- | M] ()
 34 C:\Users\Bryan\AppData\Local\Temp\*.tmp files -> C:\Users\Bryan\AppData\Local\Temp\*.tmp -> 
 34 C:\Users\Bryan\AppData\Local\Temp\*.tmp files -> C:\Users\Bryan\AppData\Local\Temp\*.tmp -> 
 2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> 
 1 C:\Users\Bryan\AppData\Local\Temp\HouseCall\*.tmp files -> C:\Users\Bryan\AppData\Local\Temp\HouseCall\*.tmp -> 
 1 C:\Users\Bryan\AppData\Local\Temp\HouseCall\*.tmp files -> C:\Users\Bryan\AppData\Local\Temp\HouseCall\*.tmp -> 
 1 C:\Users\Bryan\AppData\Local\Temp\HCBackup\*.tmp files -> C:\Users\Bryan\AppData\Local\Temp\HCBackup\*.tmp -> 
 
[Files - No Company Name]
 wininit.ini -> C:\Windows\wininit.ini -> [2010/06/03 15:45:24 | 000,000,050 | ---- | C] ()
 Auslogics Disk Defrag.lnk -> C:\Users\Bryan\Desktop\Auslogics Disk Defrag.lnk -> [2010/06/03 08:39:24 | 000,001,140 | ---- | C] ()
 OADriver.sys -> C:\Windows\SysWow64\drivers\OADriver.sys -> [2010/06/02 15:44:22 | 000,052,880 | ---- | C] ()
 oahlp64.sys -> C:\Windows\SysWow64\drivers\oahlp64.sys -> [2010/06/02 15:44:22 | 000,051,440 | ---- | C] ()
 draft_guide.cbs2010.pdf -> C:\Users\Bryan\Documents\draft_guide.cbs2010.pdf -> [2010/06/01 16:21:15 | 001,167,702 | ---- | C] ()
 Full Tilt Poker.lnk -> C:\Users\Public\Desktop\Full Tilt Poker.lnk -> [2010/06/01 11:29:00 | 000,001,055 | ---- | C] ()
 WindowsAnytimeUpgradeUI.exe -> C:\Windows\SysWow64\WindowsAnytimeUpgradeUI.exe -> [2010/05/30 20:24:20 | 000,000,000 | ---- | C] ()
 Google Chrome.lnk -> C:\Users\Bryan\Desktop\Google Chrome.lnk -> [2010/05/29 07:31:57 | 000,002,314 | ---- | C] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/29 00:00:35 | 000,524,288 | -HS- | C] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/29 00:00:35 | 000,524,288 | -HS- | C] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TM.blf -> [2010/05/29 00:00:35 | 000,065,536 | -HS- | C] ()
 OASettings100528.OA -> C:\Users\Bryan\Documents\OASettings100528.OA -> [2010/05/28 20:58:04 | 001,581,394 | ---- | C] ()
 Google Desktop.lnk -> C:\Users\Public\Desktop\Google Desktop.lnk -> [2010/05/28 20:43:21 | 000,001,222 | ---- | C] ()
 ProcessMonitor.zip -> C:\Users\Bryan\Desktop\ProcessMonitor.zip -> [2010/05/28 19:01:18 | 001,322,283 | ---- | C] ()
 Msft_Kernel_SaiKF622_01005.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_SaiKF622_01005.Wdf -> [2010/05/28 15:42:20 | 000,000,000 | -H-- | C] ()
 cc_20100528_111630.regbackup.reg -> C:\Users\Bryan\Documents\cc_20100528_111630.regbackup.reg -> [2010/05/28 11:16:45 | 000,037,598 | ---- | C] ()
 CCleaner.lnk -> C:\Users\Bryan\Desktop\CCleaner.lnk -> [2010/05/28 10:26:20 | 000,001,889 | ---- | C] ()
 Update Checker.lnk -> C:\Users\Bryan\Desktop\Update Checker.lnk -> [2010/05/28 10:11:08 | 000,001,973 | ---- | C] ()
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/25 14:46:54 | 000,524,288 | -HS- | C] ()
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/25 14:46:54 | 000,524,288 | -HS- | C] ()
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TM.blf -> [2010/05/25 14:46:54 | 000,065,536 | -HS- | C] ()
 pbsvc_heroes.exe -> C:\Windows\SysWow64\pbsvc_heroes.exe -> [2010/05/23 17:29:22 | 002,427,248 | ---- | C] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 11:31:47 | 000,524,288 | -HS- | C] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 11:31:47 | 000,524,288 | -HS- | C] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TM.blf -> [2010/05/22 11:31:47 | 000,065,536 | -HS- | C] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 11:28:19 | 000,524,288 | -HS- | C] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 11:28:19 | 000,524,288 | -HS- | C] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TM.blf -> [2010/05/22 11:28:19 | 000,065,536 | -HS- | C] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 11:16:45 | 000,524,288 | -HS- | C] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 11:16:45 | 000,524,288 | -HS- | C] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TM.blf -> [2010/05/22 11:16:45 | 000,065,536 | -HS- | C] ()
 recdisc.exe -> C:\Windows\SysWow64\recdisc.exe -> [2010/05/21 16:43:13 | 000,000,000 | ---- | C] ()
 vdsldr.exe -> C:\Windows\SysWow64\vdsldr.exe -> [2010/05/21 14:46:10 | 000,000,000 | ---- | C] ()
 Sandboxed Web Browser.lnk -> C:\Users\Bryan\Desktop\Sandboxed Web Browser.lnk -> [2010/05/21 12:39:56 | 000,000,900 | ---- | C] ()
 Sandboxie.ini -> C:\Windows\Sandboxie.ini -> [2010/05/21 12:39:54 | 000,001,368 | ---- | C] ()
 wsqmcons.exe -> C:\Windows\SysWow64\wsqmcons.exe -> [2010/05/21 11:00:01 | 000,000,000 | ---- | C] ()
 sdclt.exe -> C:\Windows\SysWow64\sdclt.exe -> [2010/05/21 10:00:01 | 000,000,000 | ---- | C] ()
 defrag.exe -> C:\Windows\SysWow64\defrag.exe -> [2010/05/21 08:04:46 | 000,000,000 | ---- | C] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/20 15:31:31 | 000,524,288 | -HS- | C] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/20 15:31:31 | 000,524,288 | -HS- | C] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TM.blf -> [2010/05/20 15:31:31 | 000,065,536 | -HS- | C] ()
 Microsoft Security Essentials.lnk -> C:\Users\Public\Desktop\Microsoft Security Essentials.lnk -> [2010/05/18 15:39:48 | 000,001,035 | ---- | C] ()
 mdres.exe -> C:\Windows\SysWow64\mdres.exe -> [2010/05/17 13:27:24 | 000,000,000 | ---- | C] ()
 MdSched.exe -> C:\Windows\SysWow64\MdSched.exe -> [2010/05/17 13:12:28 | 000,000,000 | ---- | C] ()
 Recuva.lnk -> C:\Users\Bryan\Desktop\Recuva.lnk -> [2010/05/17 00:54:34 | 000,001,662 | ---- | C] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/16 22:21:07 | 000,524,288 | -HS- | C] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/16 22:21:07 | 000,524,288 | -HS- | C] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TM.blf -> [2010/05/16 22:21:07 | 000,065,536 | -HS- | C] ()
 DXPServer.exe -> C:\Windows\SysWow64\DXPServer.exe -> [2010/05/15 15:10:25 | 000,000,000 | ---- | C] ()
 DeviceDisplayObjectProvider.exe -> C:\Windows\SysWow64\DeviceDisplayObjectProvider.exe -> [2010/05/15 15:10:18 | 000,000,000 | ---- | C] ()
 Msft_User_WpdMtpDr_01_09_00.Wdf -> C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf -> [2010/05/15 15:10:16 | 000,000,000 | -H-- | C] ()
 HiJackThis.lnk -> C:\Users\Bryan\Desktop\HiJackThis.lnk -> [2010/05/15 13:09:46 | 000,002,975 | ---- | C] ()
 Belarc Advisor.lnk -> C:\Users\Public\Desktop\Belarc Advisor.lnk -> [2010/05/15 11:47:26 | 000,002,007 | ---- | C] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/15 08:30:11 | 000,524,288 | -HS- | C] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/15 08:30:11 | 000,524,288 | -HS- | C] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TM.blf -> [2010/05/15 08:30:11 | 000,065,536 | -HS- | C] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/14 21:26:13 | 000,524,288 | -HS- | C] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/14 21:26:13 | 000,524,288 | -HS- | C] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TM.blf -> [2010/05/14 21:26:13 | 000,065,536 | -HS- | C] ()
 wubildr -> C:\wubildr -> [2010/05/14 00:16:58 | 000,088,813 | ---- | C] ()
 wubildr.mbr -> C:\wubildr.mbr -> [2010/05/14 00:16:58 | 000,008,192 | ---- | C] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/13 22:07:16 | 000,524,288 | -HS- | C] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/13 22:07:16 | 000,524,288 | -HS- | C] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TM.blf -> [2010/05/13 22:07:16 | 000,065,536 | -HS- | C] ()
 housecall.guid.cache -> C:\Users\Bryan\AppData\Local\housecall.guid.cache -> [2010/05/13 19:08:49 | 000,000,036 | ---- | C] ()
 nvuSMU.exe -> C:\Windows\SysWow64\nvuSMU.exe -> [2010/05/13 11:13:07 | 000,000,000 | ---- | C] ()
 nvsmu.nvu -> C:\Windows\SysNative\nvsmu.nvu -> [2010/05/13 11:12:10 | 000,001,463 | ---- | C] ()
 DriverMax.lnk -> C:\Users\Bryan\Desktop\DriverMax.lnk -> [2010/05/13 10:59:10 | 000,001,118 | ---- | C] ()
 ImgBurn.lnk -> C:\Users\Public\Desktop\ImgBurn.lnk -> [2010/05/12 22:09:42 | 000,001,869 | ---- | C] ()
 Partition Wizard Home Edition.lnk -> C:\Users\Bryan\Desktop\Partition Wizard Home Edition.lnk -> [2010/05/12 21:40:30 | 000,001,127 | ---- | C] ()
 pwNative.exe -> C:\Windows\SysNative\pwNative.exe -> [2010/05/12 21:33:41 | 000,611,400 | ---- | C] ()
 pwdrvio.sys -> C:\Windows\SysNative\pwdrvio.sys -> [2010/05/12 21:33:40 | 000,019,936 | ---- | C] ()
 pwdspio.sys -> C:\Windows\SysNative\pwdspio.sys -> [2010/05/12 21:33:40 | 000,013,280 | ---- | C] ()
 CompMgmtLauncher.exe -> C:\Windows\SysWow64\CompMgmtLauncher.exe -> [2010/05/12 13:52:21 | 000,000,000 | ---- | C] ()
 Revo Uninstaller.lnk -> C:\Users\Bryan\Desktop\Revo Uninstaller.lnk -> [2010/05/12 10:18:34 | 000,001,268 | ---- | C] ()
 MpSigStub.exe -> C:\Windows\SysWow64\MpSigStub.exe -> [2010/05/12 07:54:18 | 000,000,000 | ---- | C] ()
 MRT.exe -> C:\Windows\SysWow64\MRT.exe -> [2010/05/12 07:53:03 | 000,000,000 | ---- | C] ()
 lpremove.exe -> C:\Windows\SysWow64\lpremove.exe -> [2010/05/11 06:38:37 | 000,000,000 | ---- | C] ()
 aitagent.EXE -> C:\Windows\SysWow64\aitagent.EXE -> [2010/05/11 06:31:36 | 000,000,000 | ---- | C] ()
 PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2010/05/10 16:23:07 | 000,219,128 | ---- | C] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2010/05/10 12:45:20 | 000,103,736 | ---- | C] ()
 PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2010/05/10 12:45:17 | 000,075,064 | ---- | C] ()
 game.ini -> C:\Windows\game.ini -> [2010/05/10 12:45:12 | 000,000,331 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/05/09 13:26:06 | 000,001,013 | ---- | C] ()
 Paragon Partition Manager™ 2010 Free Edition.lnk -> C:\Users\Bryan\Desktop\Paragon Partition Manager™ 2010 Free Edition.lnk -> [2010/05/08 21:03:54 | 000,002,519 | ---- | C] ()
 Eraser.lnk -> C:\Users\Public\Desktop\Eraser.lnk -> [2010/05/08 10:22:34 | 000,001,751 | ---- | C] ()
 Resmon.ResmonCfg -> C:\Users\Bryan\AppData\Local\Resmon.ResmonCfg -> [2010/05/08 10:16:55 | 000,007,597 | ---- | C] ()
 pcwutl.dll -> C:\Windows\SysWow64\pcwutl.dll -> [2010/05/07 17:39:36 | 000,000,000 | ---- | C] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 17:22:51 | 000,524,288 | -HS- | C] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 17:22:51 | 000,524,288 | -HS- | C] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TM.blf -> [2010/05/07 17:22:51 | 000,065,536 | -HS- | C] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 13:38:52 | 000,524,288 | -HS- | C] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 13:38:52 | 000,524,288 | -HS- | C] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TM.blf -> [2010/05/07 13:38:52 | 000,065,536 | -HS- | C] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 13:35:44 | 000,524,288 | -HS- | C] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 13:35:44 | 000,524,288 | -HS- | C] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TM.blf -> [2010/05/07 13:35:44 | 000,065,536 | -HS- | C] ()
 GoogleUpdateTaskUserS-1-5-21-3488347447-2488368954-518346416-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3488347447-2488368954-518346416-1000Core.job -> [2010/05/07 09:58:16 | 000,000,856 | ---- | C] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 08:54:26 | 000,524,288 | -HS- | C] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 08:54:26 | 000,524,288 | -HS- | C] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TM.blf -> [2010/05/07 08:54:26 | 000,065,536 | -HS- | C] ()
 StikyNot.exe -> C:\Windows\SysWow64\StikyNot.exe -> [2010/05/07 01:41:26 | 000,000,000 | ---- | C] ()
 pcwrun.exe -> C:\Windows\SysWow64\pcwrun.exe -> [2010/05/06 22:43:50 | 000,000,000 | ---- | C] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/06 20:16:00 | 000,524,288 | -HS- | C] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/06 20:16:00 | 000,524,288 | -HS- | C] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TM.blf -> [2010/05/06 20:16:00 | 000,065,536 | -HS- | C] ()
 WerConCpl.dll -> C:\Windows\SysWow64\WerConCpl.dll -> [2010/05/05 01:17:07 | 000,000,000 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/13 22:32:39 | 000,043,318 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/13 22:32:39 | 000,029,779 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/13 22:32:39 | 000,026,489 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/13 22:32:39 | 000,026,040 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 16:42:10 | 000,064,000 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 14:03:59 | 000,364,544 | ---- | C] ()
 bdoscandellang.ini -> C:\Windows\bdoscandellang.ini -> [2009/01/05 15:44:10 | 000,000,453 | ---- | C] ()
[Custom Scans]
< netsvcs >
< drivers32 >
< %SYSTEMDRIVE%\*.* >
 BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/10/27 23:29:13 | 000,008,192 | RHS- | M] ()
 E0Z0LP11.MD5 -> C:\E0Z0LP11.MD5 -> [2009/10/07 09:24:27 | 000,003,411 | ---- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/06/04 08:57:12 | 3018,756,096 | -HS- | M] ()
 LPCD.DAT -> C:\LPCD.DAT -> [2009/10/07 09:23:28 | 000,000,308 | ---- | M] ()
 pagefile.sys -> C:\pagefile.sys -> [2010/06/04 08:57:14 | 4025,012,224 | -HS- | M] ()
 RHDSetup.log -> C:\RHDSetup.log -> [2009/10/27 22:47:27 | 000,002,035 | ---- | M] ()
 wubildr -> C:\wubildr -> [2010/05/14 00:16:58 | 000,088,813 | ---- | M] ()
 wubildr.mbr -> C:\wubildr.mbr -> [2010/05/14 00:16:58 | 000,008,192 | ---- | M] ()
< %systemroot%\*. /mp /s >
 
CREATERESTOREPOINT
Error creating restore point.
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\drivers\*.sys /180 >
 mbamswissarmy.sys -> C:\Windows\SysWOW64\drivers\mbamswissarmy.sys -> [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 OADriver.sys -> C:\Windows\SysWOW64\drivers\OADriver.sys -> [2010/05/27 06:56:00 | 000,052,880 | ---- | M] ()
 oahlp64.sys -> C:\Windows\SysWOW64\drivers\oahlp64.sys -> [2010/05/27 07:06:52 | 000,051,440 | ---- | M] ()
 OAmon.sys -> C:\Windows\SysWOW64\drivers\OAmon.sys -> [2010/05/27 06:56:00 | 000,035,984 | ---- | M] (Tall Emu)
< End of report >

#6 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 04 June 2010 - 10:37 AM

Hello,

Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
YN -> \\"NoActiveDesktop" -> [1]
YN -> \\"NoActiveDesktopChanges" -> [1]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.]
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
[Registry - Additional Scans - Safe List]
< 64bit-Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> wot:{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY -> 2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp
[Files/Folders - Modified Within 30 Days]
NY -> 34 C:\Users\Bryan\AppData\Local\Temp\*.tmp files -> C:\Users\Bryan\AppData\Local\Temp\*.tmp
NY -> 2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp
NY -> 1 C:\Users\Bryan\AppData\Local\Temp\HouseCall\*.tmp files -> C:\Users\Bryan\AppData\Local\Temp\HouseCall\*.tmp
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Running OTS

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans click the "Extras" button
In the custom scans section copy and paste in the following

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post the log in your next post.

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTS fix.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The log that was produced after running the OTS scan.
6. The log that was produced after running the Security Check scan.
7. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.

Proud Graduate of the WTT Classroom

Posted Image

#7 Bryan A

Authentic Member

Authentic Member
163 posts

Interests:Fantasy Football, Raising my Grand Kids, Chess, Golf and Basketball

Posted 04 June 2010 - 12:25 PM

First should I run the fix under safe mode? Or am I to attempt doing everything in normal settings first to see what happens? Sorry for all the questions.

#8 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 04 June 2010 - 12:30 PM

Go ahead and run the OTS fix in safe mode and then when your computer reboots let it reboot normally.

Proud Graduate of the WTT Classroom

Posted Image

#9 Bryan A

Authentic Member

Authentic Member
163 posts

Interests:Fantasy Football, Raising my Grand Kids, Chess, Golf and Basketball

Posted 04 June 2010 - 01:16 PM

Sorry Sweetech, but once again Mbam started the scan and then stopped and froze completely at the same point C:\Windows\system32\NOISE.cht I had to manually shut down and reboot. Do you want me to run all the instructions under safe mode? Or what else should I do at this time?

#10 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 04 June 2010 - 01:21 PM

Did you first update the MBAM database to the latest version? Try running MBAM in Safe Mode.

Proud Graduate of the WTT Classroom

Posted Image

Advertisements

Register to Remove

#11 Bryan A

Authentic Member

Authentic Member
163 posts

Interests:Fantasy Football, Raising my Grand Kids, Chess, Golf and Basketball

Posted 04 June 2010 - 01:39 PM

Here is the log of Mbam run in safe mode. I watched as the scan progressed to see if anything happened when it got to the file NOISE.cht file, it just went right on through as if nothing was wrong. After I send this I will reboot back to normal mode and pick up on your instructions from there. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4169 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 6/4/2010 12:33:59 PM mbam-log-2010-06-04 (12-33-59).txt Scan type: Quick scan Objects scanned: 154798 Time elapsed: 2 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#12 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 04 June 2010 - 01:45 PM

Proud Graduate of the WTT Classroom

Posted Image

#13 Bryan A

Authentic Member

Authentic Member
163 posts

Interests:Fantasy Football, Raising my Grand Kids, Chess, Golf and Basketball

Posted 04 June 2010 - 04:16 PM

Back again, you already know about the mbam not running under normal windows, but the OTS also wouldn't finish running under normal, it stopped at the same point as it did last time. I have gone back to safe mode and run the OTS scan and then the Security check. Here are both of those logs.

OTS logfile created on: 6/4/2010 2:49:11 PM - Run 4
OTS by OldTimer - Version 3.1.31.2	 Folder = C:\Users\Bryan\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.87 Gb Total Space | 598.53 Gb Free Space | 87.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FAMILY
Current User Name: Bryan
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Bryan\Desktop\OTS.exe -> [2010/06/04 14:38:07 | 000,640,000 | ---- | M] (OldTimer Tools)
msnmsgr.exe -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe -> [2010/04/16 22:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Users\Bryan\Desktop\OTS.exe -> [2010/06/04 14:38:07 | 000,640,000 | ---- | M] (OldTimer Tools)
comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(WatAdminSvc)  [Unknown | Stopped] -> C:\Windows\SysNative\Wat\WatAdminSvc.exe -> [2010/05/03 00:56:51 | 001,255,736 | ---- | M] (Microsoft Corporation)
64bit-(SbieSvc)  [Auto | Stopped] -> C:\Program Files\Sandboxie\SbieSvc.exe -> [2010/04/17 03:56:30 | 000,094,440 | ---- | M] (tzuk)
64bit-(MsMpSvc)  [Auto | Running] -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2009/12/09 20:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation)
64bit-(wlidsvc)  [Auto | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation)
64bit-(WwanSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wwansvc.dll -> [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation)
64bit-(WbioSrvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbiosrvc.dll -> [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation)
64bit-(Power)  [Auto | Running] -> C:\Windows\SysNative\umpo.dll -> [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation)
64bit-(Themes)  [Auto | Stopped] -> C:\Windows\SysNative\themeservice.dll -> [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation)
64bit-(sppuinotify)  [On_Demand | Stopped] -> C:\Windows\SysNative\sppuinotify.dll -> [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation)
64bit-(SensrSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\sensrsvc.dll -> [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation)
64bit-(PNRPsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)
64bit-(p2pimsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupProvider)  [On_Demand | Stopped] -> C:\Windows\SysNative\provsvc.dll -> [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation)
64bit-(RpcEptMapper)  [Unknown | Running] -> C:\Windows\SysNative\RpcEpMap.dll -> [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation)
64bit-(PNRPAutoReg)  [On_Demand | Stopped] -> C:\Windows\SysNative\pnrpauto.dll -> [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend)  [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupListener)  [On_Demand | Stopped] -> C:\Windows\SysNative\ListSvc.dll -> [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation)
64bit-(FontCache)  [On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation)
64bit-(Dhcp)  [Auto | Running] -> C:\Windows\SysNative\dhcpcore.dll -> [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation)
64bit-(defragsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\defragsvc.dll -> [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation)
64bit-(bthserv)  [Disabled | Stopped] -> C:\Windows\SysNative\bthserv.dll -> [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation)
64bit-(BDESVC)  [Unknown | Stopped] -> C:\Windows\SysNative\bdesvc.dll -> [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation)
64bit-(AxInstSV)  [On_Demand | Stopped] -> C:\Windows\SysNative\AxInstSv.dll -> [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation)
64bit-(AppIDSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\appidsvc.dll -> [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation)
64bit-(wbengine)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation)
64bit-(sppsvc)  [Auto | Stopped] -> C:\Windows\SysNative\sppsvc.exe -> [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation)
64bit-(Fax)  [On_Demand | Stopped] -> C:\Windows\SysNative\FXSSVC.exe -> [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation)
64bit-(Updater Service)  [Auto | Stopped] -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer)
64bit-(ForceWare Intelligent Application Manager (IAM))  [Auto | Stopped] -> C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -> [2009/04/19 08:34:48 | 000,625,184 | ---- | M] ()
64bit-(nSvcIp)  [Auto | Stopped] -> C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -> [2009/04/19 08:34:48 | 000,207,904 | ---- | M] ()
(GoogleDesktopManager-051210-111108) Google Desktop Manager 5.9.1005.12335 [On_Demand | Stopped] -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -> [2010/05/28 10:12:19 | 000,030,192 | ---- | M] (Google)
(SvcOnlineArmor) Online Armor [Auto | Stopped] -> C:\Program Files (x86)\Tall Emu\Online Armor\oasrv.exe -> [2010/05/27 07:06:46 | 003,522,320 | ---- | M] (Tall Emu)
(OAcat) Online Armor Helper Service [Auto | Stopped] -> C:\Program Files (x86)\Tall Emu\Online Armor\OAcat.exe -> [2010/05/27 07:06:46 | 001,278,736 | ---- | M] (Tall Emu)
(PnkBstrA) PnkBstrA [Auto | Stopped] -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2010/05/23 17:29:25 | 000,075,064 | ---- | M] ()
(fsssvc) Windows Live Family Safety Service [On_Demand | Stopped] -> C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -> [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -> [2010/04/16 16:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.)
(MWLService) MyWinLocker Service [Auto | Stopped] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -> [2009/09/10 06:42:46 | 000,305,448 | ---- | M] ()
(Greg_Service) GRegService [Auto | Stopped] -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated)
(Nero BackItUp Scheduler 4.0) Nero BackItUp Scheduler 4.0 [Disabled | Stopped] -> C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -> [2009/08/25 10:38:06 | 000,935,208 | ---- | M] (Nero AG)
(NTI IScheduleSvc) NTI IScheduleSvc [Auto | Stopped] -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -> [2009/08/12 15:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.)
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\Vss -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
(HomeGroupProvider) HomeGroup Provider [On_Demand | Stopped] -> C:\Windows\SysWOW64\provsvc.dll -> [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP Client [Auto | Running] -> C:\Windows\SysWOW64\dhcpcore.dll -> [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2009/07/13 13:30:11 | 000,061,056 | ---- | M] ()
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation)
(SeaPort) SeaPort [Auto | Stopped] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(PSI) PSI [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\psi_mf.sys -> [2010/05/28 04:04:52 | 000,017,456 | ---- | M] (Secunia)
64bit-(OAnet) OnlineArmor Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\OAnet.sys -> [2010/05/27 06:55:58 | 000,043,664 | ---- | M] (Tall Emu Pty Ltd)
64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation)
64bit-(SbieDrv) SbieDrv [Kernel | On_Demand | Stopped] -> C:\Program Files\Sandboxie\SbieDrv.sys -> [2010/04/17 03:56:26 | 000,134,760 | ---- | M] (tzuk)
64bit-(pwdrvio) pwdrvio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\pwdrvio.sys -> [2010/04/09 13:17:04 | 000,019,936 | ---- | M] ()
64bit-(pwdspio) pwdspio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\pwdspio.sys -> [2010/04/09 13:16:58 | 000,013,280 | ---- | M] ()
64bit-(hotcore3) hc3ServiceName [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\hotcore3.sys -> [2010/01/15 12:21:16 | 000,037,392 | ---- | M] (Paragon Software Group)
64bit-(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ksecpkg.sys -> [2009/12/11 03:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation)
64bit-(fvevol) Bitlocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\fvevol.sys -> [2009/09/25 23:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\hwpolicy.sys -> [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation)
64bit-(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fsdepends.sys -> [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wimmount.sys -> [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation)
64bit-(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vhdmp.sys -> [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation)
64bit-(vdrvroot) Microsoft Virtual Drive Enumerator Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\vdrvroot.sys -> [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\rdyboost.sys -> [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation)
64bit-(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pcw.sys -> [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation)
64bit-(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\cng.sys -> [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation)
64bit-(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpbus.sys -> [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation)
64bit-(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Stopped] -> C:\Windows\SysNative\drivers\RDPREFMP.sys -> [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation)
64bit-(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\agilevpn.sys -> [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation)
64bit-(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\wfplwf.sys -> [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation)
64bit-(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ndiscap.sys -> [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation)
64bit-(vwifibus) Virtual WiFi Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vwifibus.sys -> [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation)
64bit-(1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\1394ohci.sys -> [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation)
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2009/07/13 17:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation)
64bit-(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\umpass.sys -> [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation)
64bit-(WinUsb) WinUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\winusb.sys -> [2009/07/13 17:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation)
64bit-(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mshidkmdf.sys -> [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation)
64bit-(WudfPf) User Mode Driver Frameworks Platform Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\WUDFPf.sys -> [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation)
64bit-(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MTConfig.sys -> [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation)
64bit-(CompositeBus) Composite Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CompositeBus.sys -> [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation)
64bit-(Beep) Beep [Kernel | System | Running] -> C:\Windows\SysNative\drivers\beep.sys -> [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation)
64bit-(AppID) AppID Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\appid.sys -> [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation)
64bit-(scfilter) Smart card PnP Class Filter Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\scfilter.sys -> [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation)
64bit-(discache) System Attribute Cache [Kernel | System | Stopped] -> C:\Windows\SysNative\drivers\discache.sys -> [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation)
64bit-(HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hidbatt.sys -> [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation)
64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\CmBatt.sys -> [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation)
64bit-(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\acpipmi.sys -> [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdppm.sys -> [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation)
64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2009/06/26 00:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation)
64bit-(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nvm62x64.sys -> [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(SaiNtBus) SaiNtBus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SaiBus.sys -> [2009/06/10 11:14:36 | 000,043,264 | ---- | M] (Saitek)
64bit-(SaiMini) SaiMini [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SaiMini.sys -> [2009/06/10 11:14:36 | 000,016,000 | ---- | M] (Saitek)
64bit-(SaiKF622) SaiKF622 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SaiKF622.sys -> [2009/06/02 15:08:50 | 000,140,800 | ---- | M] (Saitek)
64bit-(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Stopped] -> C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -> [2009/06/02 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDFilter) mwlPSDFilter [File_System | System | Stopped] -> C:\Windows\SysNative\drivers\mwlPSDFilter.sys -> [2009/06/02 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDNServ) mwlPSDNServ [Kernel | System | Stopped] -> C:\Windows\SysNative\drivers\mwlPSDNserv.sys -> [2009/06/02 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.)
64bit-(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NTIDrvr.sys -> [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.)
64bit-(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UBHelper.sys -> [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation)
64bit-(NVNET) NVIDIA nForce 10/100/1000 Mbps Ethernet  [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nvmf6264.sys -> [2009/04/29 22:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation)
(oahlpXX) Online Armor helper driver [Kernel | System | Stopped] -> C:\Windows\SysWOW64\drivers\oahlp64.sys -> [2010/05/27 07:06:52 | 000,051,440 | ---- | M] ()
(OADevice) OADriver [File_System | System | Stopped] -> C:\Windows\SysWOW64\drivers\OADriver.sys -> [2010/05/27 06:56:00 | 000,052,880 | ---- | M] ()
(OAmon) OAmon [Kernel | System | Running] -> C:\Windows\SysWOW64\drivers\OAmon.sys -> [2010/05/27 06:56:00 | 000,035,984 | ---- | M] (Tall Emu)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(WinUsb) WinUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\winusb.dll -> [2009/07/13 18:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation)
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> C:\Windows\SysWOW64\netbios.dll -> [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation)
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2009/06/10 14:28:14 | 000,001,088 | ---- | M] ()
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2009/06/10 14:15:18 | 000,003,066 | ---- | M] ()
(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Stopped] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDVdisk.sys -> [2009/06/02 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.)
(mwlPSDFilter) mwlPSDFilter [File_System | System | Stopped] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDFilter.sys -> [2009/06/02 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.)
(mwlPSDNServ) mwlPSDNServ [Kernel | System | Stopped] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDNServ.sys -> [2009/06/02 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x1301&r=17360510s707p0428v1j5w45j1t539 -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x1301&r=17360510s707p0428v1j5w45j1t539 -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x1301&r=17360510s707p0428v1j5w45j1t539 -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x1301&r=17360510s707p0428v1j5w45j1t539 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x1301&r=17360510s707p0428v1j5w45j1t539 -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: Main\\"Start Page" -> http://msn.com/ -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 20 33 D2 BE EF F5 CA 01  [binary data] -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2010/05/23 01:59:40 | 000,607,013 | ---- | M] - 16089 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  ads.active.com
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2010/04/28 08:57:50 | 000,132,456 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2009/08/18 12:50:40 | 000,532,336 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2010/05/24 13:52:28 | 000,371,312 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll [Google Toolbar Notifier BHO] -> [2010/05/25 00:20:25 | 000,322,104 | ---- | M] (Google Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2009/08/18 11:32:12 | 000,403,840 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/05/24 13:52:24 | 000,278,128 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [Google Toolbar Notifier BHO] -> [2010/05/25 00:20:25 | 000,814,648 | ---- | M] (Google Inc.)
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} [HKLM] -> C:\Program Files (x86)\WOT\WOT.dll [WOT Helper] -> [2010/03/03 13:21:18 | 001,301,664 | ---- | M] ()
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2010/04/16 19:55:34 | 001,067,872 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/05/24 13:52:28 | 000,371,312 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2010/04/16 19:55:34 | 001,067,872 | ---- | M] (Microsoft Corporation)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/05/24 13:52:24 | 000,278,128 | ---- | M] (Google Inc.)
"{71576546-354D-41c9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files (x86)\WOT\WOT.dll [WOT] -> [2010/03/03 13:21:18 | 001,301,664 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/05/24 13:52:28 | 000,371,312 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/05/24 13:52:24 | 000,278,128 | ---- | M] (Google Inc.)
WebBrowser\\"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files (x86)\WOT\WOT.dll [WOT] -> [2010/03/03 13:21:18 | 001,301,664 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/05/24 13:52:28 | 000,371,312 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/05/24 13:52:24 | 000,278,128 | ---- | M] (Google Inc.)
WebBrowser\\"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files (x86)\WOT\WOT.dll [WOT] -> [2010/03/03 13:21:18 | 001,301,664 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2010/04/16 19:55:34 | 001,067,872 | ---- | M] (Microsoft Corporation)
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/05/24 13:52:28 | 000,371,312 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/05/24 13:52:24 | 000,278,128 | ---- | M] (Google Inc.)
WebBrowser\\"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files (x86)\WOT\WOT.dll [WOT] -> [2010/03/03 13:21:18 | 001,301,664 | ---- | M] ()
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"@OnlineArmor GUI" -> C:\Program Files (x86)\Tall Emu\Online Armor\OAui.exe ["C:\Program Files (x86)\Tall Emu\Online Armor\OAui.exe"] -> [2010/05/27 07:06:46 | 006,788,368 | ---- | M] (Tall Emu)
"MSSE" -> c:\Program Files\Microsoft Security Essentials\msseces.exe ["c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey] -> [2010/02/21 05:08:48 | 001,446,496 | ---- | M] (Microsoft Corporation)
"OOTag" -> C:\Windows\OOBEOffer\OOBEOffer\OOTag.exe [C:\windows\oobeoffer\oobeoffer\ootag.exe] -> [2009/09/27 20:33:24 | 000,023,072 | ---- | M] (Microsoft)
"PLD_FrameworkRun" -> C:\Windows\SysNative\OEM\_NowIntoDT.vbs [c:\windows\system32\oem\_NowIntoDT.vbs] -> [2009/10/11 09:49:06 | 000,000,490 | ---- | M] ()
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s] -> [2010/04/06 17:59:40 | 010,144,288 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"BackupManagerTray" -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe ["C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k] -> [2009/08/12 14:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.)
"Google Desktop Search" -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2010/05/28 10:12:19 | 000,030,192 | ---- | M] (Google)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 18:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 18:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"msnmsgr" -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background] -> [2010/04/16 22:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation)
"OpenDNS Updater" -> C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ["C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart] -> [2009/11/16 12:58:38 | 000,839,168 | ---- | M] ()
"RESTART_STICKY_NOTES" -> C:\Windows\SysWOW64\StikyNot.exe [C:\Windows\System32\StikyNot.exe] -> [2010/05/07 01:41:26 | 000,000,000 | ---- | M] ()
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/10/27 23:10:50 | 000,039,408 | ---- | M] (Google Inc.)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"EnableShellExecuteHooks" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"LogonHoursAction" ->  [2] -> File not found
\\"DontDisplayLogonHoursWarnings" ->  [1] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html] -> [2010/05/24 13:52:44 | 001,697,392 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/26 20:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe [Button: PokerStars] -> [2010/05/02 23:59:59 | 000,562,968 | ---- | M] (PokerStars)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
localhost .[http] -> Local intranet -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
GD [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0742B9EF-8C83-41CA-BFBA-830A59E23533} [HKLM] -> https://oas.support.microsoft.com/ActiveX/MSDcode.cab [Microsoft Data Collection Control] -> 
{0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> http://www.pcpitstop.com/betapit/PCPitStop.CAB [PCPitstop Utility] -> 
{140E4DF8-9E14-4A34-9577-C77561ED7883} [HKLM] -> http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab [SysInfo Class] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab [BDSCANONLINE Control] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{784797A8-342D-4072-9486-03C8D0F2F0A1} [HKLM] -> https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab [Battlefield Heroes Updater] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 76.14.0.9 76.14.0.8 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{473F86ED-FB55-42E5-8A1F-9FC700C929D6}\\DhcpNameServer -> 76.14.0.9 76.14.0.8   (NVIDIA nForce 10/100/1000 Mbps Ethernet ) -> 
{473F86ED-FB55-42E5-8A1F-9FC700C929D6}\\NameServer -> 208.67.222.222,208.67.220.220   (NVIDIA nForce 10/100/1000 Mbps Ethernet ) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2010/05/28 10:12:19 | 000,123,392 | ---- | M] (Google)
*MultiFile Done* -> -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 18:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009/07/13 18:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
pku2u -> C:\Windows\SysNative\pku2u.dll -> [2009/07/13 18:41:53 | 000,240,640 | ---- | M] (Microsoft Corporation)
livessp -> C:\Windows\SysNative\livessp.dll -> [2009/08/18 12:48:02 | 000,243,056 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
pku2u -> C:\Windows\SysWow64\pku2u.dll -> [2009/07/13 18:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)
livessp -> C:\Windows\SysWow64\livessp.dll -> [2009/08/18 11:29:22 | 000,195,456 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{065ABD98-F5B7-4A5E-9F32-C470E8CFE382} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | 
{09C3AD09-2DE4-43FE-8960-6B5672570DFC} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{13661FAA-49B2-42E0-875A-599ED504E92F} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{1A52733A-27F1-497E-8319-75C23620B1F6} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
{1F6D207D-AAC9-4F8F-B7CB-24712CE1AF9B} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{1FD35719-8649-4DD6-95AC-0B62A9D193AB} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{531ED8DA-0EEC-426D-A57F-A60BEE904626} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{584774FE-733B-498A-B235-2CFA9EA05DFA} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{683C4E01-A4CC-41EC-9A81-2FF4A864D6EB} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{6D0D193C-12FB-48C1-AF5F-FB53BC34500B} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{6EC57AFE-CAF4-461B-B793-DE2BE4D5934E} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | 
{82314B2C-F18A-4E5E-838D-0381DFBC1A36} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{90F7B26B-35C5-4734-806D-62D2F1DA0CA0} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
{98318391-E3BE-4D8F-AA65-7A453BD3AD18} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | 
{9A8D74D3-7169-43E0-A350-6EB48B66E505} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{BC629E68-C9CD-47D1-BAFE-BD8F83BBE697} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{C058D27F-27BF-4BDB-B400-05627DE0B792} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{DDF5C05B-D1E0-4247-A25D-73B4661B82A2} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{DE6F0476-F00A-4AFE-9821-0C1504851E51} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
{E08385CC-CA86-4090-BB2E-486CC00A5E1F} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{E1FDE63C-4A1F-4CBF-B104-63EC256602A1} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{F5C7536A-A119-4B89-A912-D80700252437} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
{F80A712E-97E0-47DD-AE8D-D177F2ED184C} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{027F670E-DA28-4121-8644-C5BF657B9744} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{068EC1BA-5E90-4CEF-96F7-DD0FDE893812} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{0C114551-01ED-4C60-A695-1735D5AEF686} -> profile=private | protocol=17 | dir=in | action=allow | name=call of duty(r) 4 - modern warfare(tm) | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
{0EE68060-7537-4819-B2CA-3FFFA326A5C7} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{13B5C18E-46D6-4465-A5C6-CBD122BD9068} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{16B64EE6-7938-462E-940D-41A6339B55E6} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{1F6BB7AA-A4FF-4F07-AAF1-4144CC3AF382} -> profile=private | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{250FA4EE-2370-46AF-BB1C-EB2FFA5F6E0D} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{26D8E0C9-5B0A-4335-B5B9-79B6DEB80CF4} -> profile=private | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{2D76D381-BF79-4C06-8931-57204966F73E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | 
{31007B4D-5B6D-41DA-A744-041F0710615C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{3F22A01A-0239-41B2-B4CD-154E99EBF045} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{3F847FBD-B9E6-48ED-A80B-6FADA8072270} -> dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{4099F175-2B40-4EE1-85E2-9E5BCC740D8E} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{40FFECD8-227F-44A4-AD65-D72A018884D2} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{41DB31FE-5E40-48E5-B458-7F3B15F05559} -> profile=private | protocol=6 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{458F3095-5D8F-44F0-B531-505C113FF933} -> protocol=58 | dir=out | action=allow | name=@iphlpsvc.dll,-503 | 
{4E676CAA-E3F9-4A4B-BB8A-66DE14AEBD85} -> profile=private | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{4F57BEDE-EB17-47DB-A5DD-8EFD3677D025} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{5715D280-6046-4F27-9B89-583D23F9E8B0} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{5FC80437-14B8-4AF2-8DD6-55D937C3767F} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{60907F23-55BD-47D8-BE04-CEC4E2E6143F} -> profile=private | protocol=17 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{62ED010B-6F46-4A61-BC9B-A0273A0A8973} -> profile=private | protocol=6 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe | 
{6C613935-5B49-4398-95CB-A46500153830} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
{76AA9813-0155-4CF3-BE93-C071C283CBC6} -> profile=private | protocol=6 | dir=in | action=allow | name=call of duty(r) 4 - modern warfare(tm) | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
{780095B7-9AA0-42F3-9762-77EF830EEC50} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{8DEB4056-33BE-4031-806D-662922D8732B} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
{92D6D63C-55CD-4940-B2B3-25CFA19EB05B} -> profile=private | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{94BEE832-F459-4CEA-BF0E-98B1162925E7} -> profile=domain | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{B0D52ADF-9109-47DD-8707-0816E407040E} -> profile=private | protocol=17 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe | 
{B8AF4B8A-1A3B-48CF-AFB4-0AF70DAF3B12} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{BB9FDE1A-3F42-46D5-A98D-F01209D0C412} -> profile=domain | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{BD496999-4091-4EE5-8F34-1CD2A9F64BB2} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{BEE511C4-9B46-4C73-9DB7-41D04FC3A008} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{C384D863-4D35-484D-B8D7-4020E27DF58A} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{C698EEDD-0187-4CEA-8672-AFEB1DB1BE73} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{D242DAD3-E042-407C-8337-1DEE83881CB7} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{D3A41F92-4DBB-4688-8EE1-FF0EF37465E8} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{E36F2CDD-33F3-4109-80E1-33829E2112EA} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{EAE4F647-0645-4DB0-9C6F-616C8D25192C} -> protocol=58 | dir=in | action=allow | name=@iphlpsvc.dll,-502 | app=system | 
{F74540C2-915A-4ECD-BD14-F57B4F67B18C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{FC98856A-4506-4762-9F47-D018171FADC5} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
TCP Query User{2B945BB8-3587-4EDE-B535-E9795096314B}C:\nexon\combat arms\engine.exe -> profile=private | protocol=6 | dir=in | action=allow | name=combat arms | app=c:\nexon\combat arms\engine.exe | 
UDP Query User{53980D15-4C55-44F8-B758-126225D8901F}C:\nexon\combat arms\engine.exe -> profile=private | protocol=17 | dir=in | action=allow | name=combat arms | app=c:\nexon\combat arms\engine.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 16:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.cpl [@ = cplfile] -> C:\Windows\SysWow64\control.exe -> [2009/07/13 18:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)
.exe [@ = exefile] -> "%1" %* -> 
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Classes\<extension>\ -> 
.html [@ = ChromeHTML] -> C:\Users\Bryan\AppData\Local\Google\Chrome\Application\chrome.exe -> [2010/05/18 20:35:17 | 000,973,296 | ---- | M] (Google Inc.)
< 64bit-Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"cval" ->  [1] -> File not found
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> -> 
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
\Svc\\"VistaSp1" ->  [28 4D B2 76 41 04 CA 01  [binary data]] -> File not found
\Svc\\"AntiVirusOverride" ->  [0] -> File not found
\Svc\\"AntiSpywareOverride" ->  [0] -> File not found
\Svc\\"FirewallOverride" ->  [0] -> File not found
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"DisableNotifications" ->  [0] -> File not found
\\"EnableFirewall" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
64bit-NameSpace_Catalog5\Catalog_Entries\000000000007 [WindowsLive NSP] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL -> [2009/08/18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation)
64bit-NameSpace_Catalog5\Catalog_Entries\000000000008 [WindowsLive Local NSP] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL -> [2009/08/18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation)
64bit-Protocol_Catalog9\Catalog_Entries\000000000001 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000002 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000003 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000004 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000005 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000006 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000017 -> C:\Windows\SysNative\nvLsp.dll -> File not found
64bit-Protocol_Catalog9\Catalog_Entries\000000000018 -> C:\Windows\SysNative\nvLsp.dll -> File not found
NameSpace_Catalog5\Catalog_Entries\000000000007 [WindowsLive NSP] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL -> [2009/08/18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000008 [WindowsLive Local NSP] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL -> [2009/08/18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000001 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000002 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000003 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000004 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000005 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000006 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000017 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
Protocol_Catalog9\Catalog_Entries\000000000018 -> C:\Windows\SysWOW64\nvLsp.dll -> [2009/04/19 08:33:06 | 000,268,832 | ---- | M] (NVIDIA)
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
ldap -> 4 = Restricted sites (Not a Default Protocol) -> 
news -> 4 = Restricted sites (Not a Default Protocol) -> 
nntp -> 4 = Restricted sites (Not a Default Protocol) -> 
oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 
snews -> 4 = Restricted sites (Not a Default Protocol) -> 
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
@ivt -> @ivt protocol not assigned -> 
file -> file protocol not assigned -> 
ftp -> ftp protocol not assigned -> 
http -> http protocol not assigned -> 
https -> https protocol not assigned -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
@ivt -> @ivt protocol not assigned -> 
file -> file protocol not assigned -> 
ftp -> ftp protocol not assigned -> 
http -> http protocol not assigned -> 
https -> https protocol not assigned -> 
shell -> shell protocol not assigned -> 
< 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{23170F69-40C1-2702-0913-000001000000} -> 7-Zip 9.13 (x64 edition)
{3D3E663D-4E7E-4577-A560-7ECDDD45548A} -> PVSonyDll
{47E5588F-C3A0-11DE-9857-005056C00008} -> Paragon Partition Manager™ 2010 Free Edition
{5AC309D7-93D6-418F-8DCA-DD710724A5B4} -> Windows Live Family Safety
{7CFA46E3-CC2F-4355-82AE-6012DC3633FD} -> NVIDIA ForceWare Network Access Manager
{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE} -> Eraser 6.0.7.1893
{90120000-002A-0000-1000-0000000FF1CE} -> Microsoft Office Office 64-bit Components 2007
{90120000-002A-0409-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit MUI (English) 2007
{90120000-0116-0409-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
{95120000-00B9-0409-1000-0000000FF1CE} -> Microsoft Application Error Reporting
{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D} -> Microsoft Security Essentials
{9B48B0AC-C813-4174-9042-476A887592C7} -> Windows Live ID Sign-in Assistant
{AB562530-921D-11DE-A208-005056C00008} -> Paragon Backup & Recovery™ 10.1 Free Edition
{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01} -> Microsoft Antimalware
Microsoft Security Essentials -> Microsoft Security Essentials
NVIDIA Display Control Panel -> NVIDIA Display Control Panel
NVIDIA Drivers -> NVIDIA Drivers
Recuva -> Recuva
Sandboxie -> Sandboxie 3.442 (64-bit)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{0b739e85-e796-499c-98fe-3be76860dfd0} -> Nero 9 Essentials
{15D967B5-A4BE-42AE-9E84-64CD062B25AA} -> eSobi v2
{178832DE-9DE0-4C87-9F82-9315A9B03985} -> Windows Live Writer
{18455581-E099-4BA8-BC6B-F34B2F06600C} -> Google Toolbar for Internet Explorer
{1BD07DF4-FB06-41BA-B896-B2DA59000C96} -> Windows Live Toolbar
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{20400dbd-e6db-45b8-9b6b-1dd7033818ec} -> Nero InfoTool Help
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{2348b586-c9ae-46ce-936c-a68e9426e214} -> Nero StartSmart Help
{26A24AE4-039D-4CA4-87B4-2F83216020FF} -> Java(TM) 6 Update 20
{287ECFA4-719A-2143-A09B-D6A12DE54E40} -> Acrobat.com
{30075A70-B5D2-440B-AFA3-FB2021740121} -> Backup Manager Advance
{3175E049-F9A9-4A3D-8F19-AC9FB04514D1} -> Windows Live Communications Platform
{33cf58f5-48d8-4575-83d6-96f574e4d83a} -> Nero DriveSpeed
{45A66726-69BC-466B-A7A4-12FCBA4883D7} -> HiJackThis
{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F} -> Windows Live Essentials
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} -> Microsoft Search Enhancement Pack
{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA} -> Nero StartSmart OEM
{56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml
{595a3116-40bb-4e0f-a2e8-d7951da56270} -> NeroExpress
{6412CECE-8172-4BE5-935B-6CECACD2CA87} -> Windows Live Mail
{67E03279-F703-408F-B4BF-46B5FC8D70CD} -> Microsoft Works
{68301905-2DEA-41CE-A4D4-E8B443B099BA} -> MyWinLocker
{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3} -> HostsMan 3.2.73
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{7748ac8c-18e3-43bb-959b-088faea16fb2} -> Nero StartSmart
{7F811A54-5A09-4579-90E1-C93498E230D9} -> Acer eRecovery Management
{83202942-84b3-4c50-8622-b8c0aa2d2885} -> Nero Express Help
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{869200db-287a-4dc0-b02b-2b6787fbcd4c} -> Nero DiscSpeed
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A74E887-8F0F-4017-AF53-CBA42211AAA5} -> Microsoft Sync Framework Runtime Native v1.0 (x86)
{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} -> Battlefield Heroes
{8E5233E1-7495-44FB-8DEB-4BE906D59619} -> Junk Mail filter update
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE} -> Microsoft Office Home and Student 2007
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> 2007 Microsoft Office Suite Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{95120000-00AF-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (English)
{980A182F-E0A2-4A40-94C1-AE0C1235902E} -> Pando Media Booster
{9E1BAB75-EB78-440D-94C0-A3857BE2E733} -> System Requirements Lab
{9F479685-180E-4C05-9400-D59292A1B29C} -> Windows Live Movie Maker
{A54F806B-A2E1-4794-A7FE-365167EC67CB} -> Masque IGT Slots Little Green Men
{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D} -> ImagXpress
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1 -> Partition Wizard Home Edition 5.0
{AC76BA86-7AD7-1033-7B44-A93000000001} -> Adobe Reader 9.3.2
{B10914FD-8812-47A4-85A1-50FCDE7F1F33} -> Windows Live Sync
{B194272D-1F92-46DF-99EB-8D5CE91CB4EC} -> Adobe AIR
{b2ec4a38-b545-4a00-8214-13fe0e915e6d} -> Advertising Center
{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC} -> Windows Live Messenger
{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a} -> Nero ControlCenter
{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} -> Microsoft Sync Framework Services Native v1.0 (x86)
{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1} -> Norton Online Backup
{cc019e3f-59d2-4486-8d4b-878105b62a71} -> Nero DiscSpeed Help
{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31} -> Full Tilt Poker
{DB0BB9FA-1B60-4036-8E29-3D56D8085256} -> WOT for Internet Explorer
{dba84796-8503-4ff0-af57-1747dd9a166d} -> Nero Online Upgrade
{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 -> Auslogics Disk Defrag
{E0B19DF7-B1C7-4937-82C4-0E4B1E346965} -> eBay Worldwide
{E48469CC-635E-4FD5-A122-1497C286D217} -> Call of Duty(R) 4 - Modern Warfare(TM)
{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} -> Microsoft Office Suite Activation Assistant
{e5c7d048-f9b4-4219-b323-8bdb01a2563d} -> Nero DriveSpeed Help
{E6158D07-2637-4ECF-B576-37C489669174} -> Windows Live Call
{e8a80433-302b-4ff1-815d-fcc8eac482ff} -> Nero Installer
{EE171732-BEB4-4576-887D-CB62727F01CA} -> Acer Updater
{EE39FFBD-544E-49E4-A999-6819828EAE91} -> Windows Live Photo Gallery
{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D} -> Max Payne 2
{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU]
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{f4041dce-3fe1-4e18-8a9e-9de65231ee36} -> Nero ControlCenter
{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262} -> Microsoft Office Live Add-in 1.5
{F7B0939E-58DF-11DF-B3A6-005056806466} -> Google Earth
{fbcdfd61-7dcf-4e71-9226-873ba0053139} -> Nero InfoTool
Acer Assist -> Acer Assist
Acer Registration -> Acer Registration
Acer Screensaver -> Acer ScreenSaver
Acer Welcome Center -> Welcome Center
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Belarc Advisor -> Belarc Advisor 8.1
CCleaner -> CCleaner
Combat Arms -> Combat Arms
DMX5_is1 -> DriverMax 5
ESET Online Scanner -> ESET Online Scanner v3
FileHippo.com -> FileHippo.com Update Checker
GamersFirst LIVE! -> GamersFirst LIVE!
Google Desktop -> Google Desktop
HOMESTUDENTR -> Microsoft Office Home and Student 2007
Hotkey Utility -> Hotkey Utility
Identity Card -> Identity Card
ImgBurn -> ImgBurn
InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA} -> eSobi v2
InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121} -> Acer Backup Manager
InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD} -> NVIDIA ForceWare Network Access Manager
InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217} -> Call of Duty(R) 4 - Modern Warfare(TM)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
OnlineArmor_is1 -> Online Armor 4.0
OpenDNS Updater -> OpenDNS Updater 2.2
PokerStars -> PokerStars
PunkBusterSvc -> PunkBuster Services
Revo Uninstaller -> Revo Uninstaller 1.88
Secunia PSI -> Secunia PSI
Sophos-AntiRootkit -> Sophos Anti-Rootkit 1.5.0
SystemRequirementsLab -> System Requirements Lab
WildTangent acer Master Uninstall -> Acer Games
WinLiveSuite_Wave3 -> Windows Live Essentials
Wubi -> Ubuntu
< Uninstall List [HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\] > -> HKEY_USERS\S-1-5-21-3488347447-2488368954-518346416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
Google Chrome -> Google Chrome
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 5/29/2010 11:53:28 AM Computer Name = Family | Source = SideBySide | ID = 16842811 -> Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.  Invalid Xml syntax.
Application [ Error ] 5/29/2010 11:53:37 AM Computer Name = Family | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\installer\{67e03279-f703-408f-b4bf-46b5fc8d70cd}\WksCal.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/29/2010 11:53:37 AM Computer Name = Family | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\installer\{67e03279-f703-408f-b4bf-46b5fc8d70cd}\wksdb.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/29/2010 11:53:37 AM Computer Name = Family | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\installer\{67e03279-f703-408f-b4bf-46b5fc8d70cd}\wksss.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/29/2010 11:53:37 AM Computer Name = Family | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\installer\{67e03279-f703-408f-b4bf-46b5fc8d70cd}\WksWP.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/29/2010 11:53:55 AM Computer Name = Family | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe".  Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/29/2010 11:53:55 AM Computer Name = Family | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.  Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Application [ Error ] 5/29/2010 11:54:41 AM Computer Name = Family | Source = SideBySide | ID = 16842787 -> Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8.  Component identity found in manifest does not match the identity of the component requested.  Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 5/29/2010 11:55:05 AM Computer Name = Family | Source = SideBySide | ID = 16842811 -> Description = Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2.  Invalid Xml syntax.
Application [ Error ] 5/29/2010 1:36:47 PM Computer Name = Family | Source = EventSystem | ID = 4621 -> Description = 
System [ Error ] 6/3/2010 4:05:54 PM Computer Name = Family | Source = Service Control Manager | ID = 7011 -> Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
System [ Error ] 6/3/2010 4:08:09 PM Computer Name = Family | Source = DCOM | ID = 10000 -> Description = 
System [ Error ] 6/3/2010 4:10:32 PM Computer Name = Family | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 1:08:32 PM on ?6/?3/?2010 was unexpected.
System [ Error ] 6/3/2010 4:10:48 PM Computer Name = Family | Source = Microsoft Antimalware | ID = 3002 -> Description = %%861 Real-Time Protection feature has encountered an error and failed.	 Feature: %%835	 Error Code: 0x80004005	 Error description: Unspecified error	  Reason: %%842
System [ Error ] 6/3/2010 4:29:23 PM Computer Name = Family | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 1:27:19 PM on ?6/?3/?2010 was unexpected.
System [ Error ] 6/3/2010 4:29:44 PM Computer Name = Family | Source = Microsoft Antimalware | ID = 3002 -> Description = %%861 Real-Time Protection feature has encountered an error and failed.	 Feature: %%835	 Error Code: 0x80004005	 Error description: Unspecified error	  Reason: %%842
System [ Error ] 6/3/2010 4:36:55 PM Computer Name = Family | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 1:35:05 PM on ?6/?3/?2010 was unexpected.
System [ Error ] 6/3/2010 4:37:21 PM Computer Name = Family | Source = Microsoft Antimalware | ID = 3002 -> Description = %%861 Real-Time Protection feature has encountered an error and failed.	 Feature: %%835	 Error Code: 0x80004005	 Error description: Unspecified error	  Reason: %%842
System [ Error ] 6/3/2010 5:00:02 PM Computer Name = Family | Source = Microsoft Antimalware | ID = 3002 -> Description = %%861 Real-Time Protection feature has encountered an error and failed.	 Feature: %%835	 Error Code: 0x80004005	 Error description: Unspecified error	  Reason: %%842
System [ Error ] 6/4/2010 12:45:40 AM Computer Name = Family | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 4:28:37 PM on ?6/?3/?2010 was unexpected.
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\Bryan\Desktop\OTS.exe -> [2010/06/04 14:38:01 | 000,640,000 | ---- | C] (OldTimer Tools)
 _OTS -> C:\_OTS -> [2010/06/04 11:39:11 | 000,000,000 | ---D | C]
 Prevx -> C:\Program Files\Prevx -> [2010/06/03 15:46:05 | 000,000,000 | ---D | C]
 PrevxCSI -> C:\ProgramData\PrevxCSI -> [2010/06/03 15:45:24 | 000,000,000 | ---D | C]
 Auslogics -> C:\Program Files (x86)\Auslogics -> [2010/06/03 08:39:22 | 000,000,000 | ---D | C]
 OnlineArmor -> C:\Users\Bryan\AppData\Roaming\OnlineArmor -> [2010/06/02 15:45:20 | 000,000,000 | ---D | C]
 OnlineArmor -> C:\ProgramData\OnlineArmor -> [2010/06/02 15:45:20 | 000,000,000 | ---D | C]
 oaevent.dll -> C:\Windows\oaevent.dll -> [2010/06/02 15:44:23 | 000,323,344 | ---- | C] (Tall Emu)
 OAnet.sys -> C:\Windows\SysNative\drivers\OAnet.sys -> [2010/06/02 15:44:22 | 000,043,664 | ---- | C] (Tall Emu Pty Ltd)
 OAmon.sys -> C:\Windows\SysWow64\drivers\OAmon.sys -> [2010/06/02 15:44:22 | 000,035,984 | ---- | C] (Tall Emu)
 Tall Emu -> C:\Program Files (x86)\Tall Emu -> [2010/06/02 15:44:15 | 000,000,000 | ---D | C]
 cache -> C:\Users\Bryan\AppData\Local\cache -> [2010/06/01 11:29:51 | 000,000,000 | ---D | C]
 FullTiltPoker -> C:\Users\Bryan\AppData\Local\FullTiltPoker -> [2010/06/01 11:29:06 | 000,000,000 | ---D | C]
 Full Tilt Poker -> C:\Program Files (x86)\Full Tilt Poker -> [2010/06/01 11:28:38 | 000,000,000 | ---D | C]
 gameprofiles[1] -> C:\Users\Bryan\Documents\gameprofiles[1] -> [2010/05/29 00:31:41 | 000,000,000 | ---D | C]
 Secunia -> C:\Program Files (x86)\Secunia -> [2010/05/29 00:10:31 | 000,000,000 | ---D | C]
 Saitek -> C:\ProgramData\Saitek -> [2010/05/28 21:58:49 | 000,000,000 | ---D | C]
 Saitek -> C:\Program Files\Saitek -> [2010/05/28 21:58:42 | 000,000,000 | ---D | C]
 ProcessMonitor -> C:\Users\Bryan\Desktop\ProcessMonitor -> [2010/05/28 19:01:35 | 000,000,000 | ---D | C]
 7-Zip -> C:\Program Files\7-Zip -> [2010/05/28 10:17:27 | 000,000,000 | ---D | C]
 FileHippo.com -> C:\Program Files (x86)\FileHippo.com -> [2010/05/28 10:11:07 | 000,000,000 | ---D | C]
 psi_mf.sys -> C:\Windows\SysNative\drivers\psi_mf.sys -> [2010/05/28 04:04:52 | 000,017,456 | ---- | C] (Secunia)
 VSRevoGroup -> C:\Users\Bryan\AppData\Roaming\VSRevoGroup -> [2010/05/26 12:16:08 | 000,000,000 | ---D | C]
 RadioBar -> C:\Program Files (x86)\RadioBar -> [2010/05/25 14:37:26 | 000,000,000 | ---D | C]
 IsolatedStorage -> C:\Users\Bryan\AppData\Local\IsolatedStorage -> [2010/05/25 13:35:11 | 000,000,000 | ---D | C]
 Autoruns[1] -> C:\Users\Bryan\Documents\Autoruns[1] -> [2010/05/25 02:42:20 | 000,000,000 | ---D | C]
 GAMES -> C:\Users\Bryan\Desktop\GAMES -> [2010/05/24 08:06:05 | 000,000,000 | ---D | C]
 msvcr71.dll -> C:\Windows\SysWow64\msvcr71.dll -> [2010/05/23 21:52:49 | 000,348,160 | ---- | C] (Microsoft Corporation)
 msvcp71.dll -> C:\Windows\SysWow64\msvcp71.dll -> [2010/05/23 21:52:47 | 000,499,712 | ---- | C] (Microsoft Corporation)
 mfc71.dll -> C:\Windows\SysWow64\mfc71.dll -> [2010/05/23 21:51:52 | 001,060,864 | ---- | C] (Microsoft Corporation)
 New folder -> C:\Users\Bryan\New folder -> [2010/05/23 18:06:02 | 000,000,000 | ---D | C]
 Pando_Temp -> C:\Users\Bryan\AppData\Local\Pando_Temp -> [2010/05/23 17:56:55 | 000,000,000 | ---D | C]
 GamersFirst LIVE! -> C:\Users\Bryan\AppData\Local\GamersFirst LIVE! -> [2010/05/23 17:56:40 | 000,000,000 | ---D | C]
 GamersFirst -> C:\Program Files (x86)\GamersFirst -> [2010/05/23 17:56:20 | 000,000,000 | ---D | C]
 Battlefield Heroes -> C:\Users\Bryan\Documents\Battlefield Heroes -> [2010/05/23 17:30:37 | 000,000,000 | ---D | C]
 EA Games -> C:\Program Files (x86)\EA Games -> [2010/05/23 16:26:57 | 000,000,000 | ---D | C]
 radix_installer[1] -> C:\Users\Bryan\Documents\radix_installer[1] -> [2010/05/23 12:17:49 | 000,000,000 | ---D | C]
 HostsMan Backups -> C:\Users\Public\Documents\HostsMan Backups -> [2010/05/23 00:32:57 | 000,000,000 | ---D | C]
 abelhadigital.com -> C:\Users\Bryan\AppData\Roaming\abelhadigital.com -> [2010/05/23 00:32:57 | 000,000,000 | ---D | C]
 abelhadigital.com -> C:\ProgramData\abelhadigital.com -> [2010/05/23 00:32:57 | 000,000,000 | ---D | C]
 HostsMan -> C:\Program Files (x86)\HostsMan -> [2010/05/23 00:32:54 | 000,000,000 | ---D | C]
 Sandbox -> C:\Sandbox -> [2010/05/21 12:41:58 | 000,000,000 | R--D | C]
 Sandboxie -> C:\Program Files\Sandboxie -> [2010/05/21 12:39:01 | 000,000,000 | ---D | C]
 NexonUS -> C:\ProgramData\NexonUS -> [2010/05/21 00:28:00 | 000,000,000 | ---D | C]
 Nexon -> C:\Nexon -> [2010/05/21 00:28:00 | 000,000,000 | ---D | C]
 ERDNT -> C:\Windows\ERDNT -> [2010/05/20 22:38:42 | 000,000,000 | ---D | C]
 WOT -> C:\Program Files (x86)\WOT -> [2010/05/20 22:36:01 | 000,000,000 | ---D | C]
 Auslogics -> C:\Users\Bryan\AppData\Roaming\Auslogics -> [2010/05/20 21:52:29 | 000,000,000 | ---D | C]
 BDOSCAN8 -> C:\Windows\BDOSCAN8 -> [2010/05/19 13:05:25 | 000,000,000 | ---D | C]
 md5[1] -> C:\Users\Bryan\Documents\md5[1] -> [2010/05/19 11:51:08 | 000,000,000 | ---D | C]
 Microsoft Antimalware -> C:\Program Files (x86)\Microsoft Antimalware -> [2010/05/18 15:39:53 | 000,000,000 | ---D | C]
 Microsoft Security Essentials -> C:\Program Files\Microsoft Security Essentials -> [2010/05/18 15:39:48 | 000,000,000 | ---D | C]
 U3 -> C:\Users\Bryan\AppData\Roaming\U3 -> [2010/05/17 13:05:00 | 000,000,000 | ---D | C]
 fssfltr.sys -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2010/05/17 11:32:30 | 000,061,288 | ---- | C] (Microsoft Corporation)
 Windows Live -> C:\Program Files\Windows Live -> [2010/05/17 11:32:30 | 000,000,000 | ---D | C]
 Microsoft Sync Framework -> C:\Program Files (x86)\Microsoft Sync Framework -> [2010/05/17 11:31:51 | 000,000,000 | ---D | C]
 My Stationery -> C:\Users\Bryan\Documents\My Stationery -> [2010/05/17 10:57:41 | 000,000,000 | R-SD | C]
 vlc -> C:\Users\Bryan\AppData\Roaming\vlc -> [2010/05/16 23:31:32 | 000,000,000 | ---D | C]
 Graboid_Inc -> C:\Users\Bryan\AppData\Local\Graboid_Inc -> [2010/05/16 23:25:21 | 000,000,000 | ---D | C]
 Graboid -> C:\Users\Bryan\AppData\Local\Graboid -> [2010/05/16 23:25:20 | 000,000,000 | ---D | C]
 MozillaControl -> C:\Users\Bryan\AppData\Roaming\MozillaControl -> [2010/05/16 23:25:19 | 000,000,000 | ---D | C]
 Mozilla -> C:\Users\Bryan\AppData\Roaming\Mozilla -> [2010/05/16 23:25:19 | 000,000,000 | ---D | C]
 Mozilla ActiveX Control v1.7.12 -> C:\Program Files (x86)\Mozilla ActiveX Control v1.7.12 -> [2010/05/16 23:25:08 | 000,000,000 | ---D | C]
 VideoLAN -> C:\Program Files (x86)\VideoLAN -> [2010/05/16 23:24:53 | 000,000,000 | ---D | C]
 WavesGUILib.dll -> C:\Windows\SysNative\WavesGUILib.dll -> [2010/05/16 13:35:50 | 002,719,504 | ---- | C] (Waves Audio Ltd.)
 SRSWOW64.dll -> C:\Windows\SysNative\SRSWOW64.dll -> [2010/05/16 13:35:50 | 000,155,888 | ---- | C] (SRS Labs, Inc.)
 RtPgEx64.dll -> C:\Windows\SysNative\RtPgEx64.dll -> [2010/05/16 13:35:49 | 001,943,584 | ---- | C] (Realtek Semiconductor Corp.)
 RTSnMg64.cpl -> C:\Windows\SysNative\RTSnMg64.cpl -> [2010/05/16 13:35:49 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.)
 SRSTSX64.dll -> C:\Windows\SysNative\SRSTSX64.dll -> [2010/05/16 13:35:49 | 000,518,896 | ---- | C] (SRS Labs, Inc.)
 SRSTSH64.dll -> C:\Windows\SysNative\SRSTSH64.dll -> [2010/05/16 13:35:49 | 000,211,184 | ---- | C] (SRS Labs, Inc.)
 SRSHP64.dll -> C:\Windows\SysNative\SRSHP64.dll -> [2010/05/16 13:35:49 | 000,198,896 | ---- | C] (SRS Labs, Inc.)
 RtlCPAPI64.dll -> C:\Windows\SysNative\RtlCPAPI64.dll -> [2010/05/16 13:35:48 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.)
 RtkCfg64.dll -> C:\Windows\SysNative\RtkCfg64.dll -> [2010/05/16 13:35:48 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.)
 RtkAPO64.dll -> C:\Windows\SysNative\RtkAPO64.dll -> [2010/05/16 13:35:47 | 001,660,960 | ---- | C] (Realtek Semiconductor Corp.)
 RtkApi64.dll -> C:\Windows\SysNative\RtkApi64.dll -> [2010/05/16 13:35:47 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.)
 RTEEP64A.dll -> C:\Windows\SysNative\RTEEP64A.dll -> [2010/05/16 13:35:47 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.)
 RTEED64A.dll -> C:\Windows\SysNative\RTEED64A.dll -> [2010/05/16 13:35:47 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.)
 RTEEL64A.dll -> C:\Windows\SysNative\RTEEL64A.dll -> [2010/05/16 13:35:47 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.)
 RTEEG64A.dll -> C:\Windows\SysNative\RTEEG64A.dll -> [2010/05/16 13:35:47 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.)
 RTCOM64.dll -> C:\Windows\SysNative\RTCOM64.dll -> [2010/05/16 13:35:46 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.)
 RP3DHT64.dll -> C:\Windows\SysNative\RP3DHT64.dll -> [2010/05/16 13:35:46 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.)
 RP3DAA64.dll -> C:\Windows\SysNative\RP3DAA64.dll -> [2010/05/16 13:35:46 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.)
 RCoInst64.dll -> C:\Windows\SysNative\RCoInst64.dll -> [2010/05/16 13:35:46 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.)
 MaxxAudioEQ.dll -> C:\Windows\SysNative\MaxxAudioEQ.dll -> [2010/05/16 13:35:44 | 002,197,264 | ---- | C] (Waves Audio Ltd.)
 MaxxAudioAPO20.dll -> C:\Windows\SysNative\MaxxAudioAPO20.dll -> [2010/05/16 13:35:44 | 000,325,904 | ---- | C] (Waves Audio Ltd.)
 DTSS2SpeakerDLL64.dll -> C:\Windows\SysNative\DTSS2SpeakerDLL64.dll -> [2010/05/16 13:35:43 | 001,325,328 | ---- | C] (DTS)
 DTSS2HeadphoneDLL64.dll -> C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll -> [2010/05/16 13:35:43 | 001,178,384 | ---- | C] (DTS)
 DTSSymmetryDLL64.dll -> C:\Windows\SysNative\DTSSymmetryDLL64.dll -> [2010/05/16 13:35:43 | 000,489,744 | ---- | C] (DTS)
 DTSVoiceClarityDLL64.dll -> C:\Windows\SysNative\DTSVoiceClarityDLL64.dll -> [2010/05/16 13:35:43 | 000,474,896 | ---- | C] (DTS)
 FMAPO64.dll -> C:\Windows\SysNative\FMAPO64.dll -> [2010/05/16 13:35:43 | 000,331,168 | ---- | C] (Fortemedia Corporation)
 DTSBoostDLL64.dll -> C:\Windows\SysNative\DTSBoostDLL64.dll -> [2010/05/16 13:35:42 | 001,110,800 | ---- | C] (DTS)
 DTSNeoPCDLL64.dll -> C:\Windows\SysNative\DTSNeoPCDLL64.dll -> [2010/05/16 13:35:42 | 000,315,152 | ---- | C] (DTS)
 DTSLimiterDLL64.dll -> C:\Windows\SysNative\DTSLimiterDLL64.dll -> [2010/05/16 13:35:42 | 000,268,560 | ---- | C] (DTS)
 DTSGainCompensatorDLL64.dll -> C:\Windows\SysNative\DTSGainCompensatorDLL64.dll -> [2010/05/16 13:35:42 | 000,265,488 | ---- | C] (DTS)
 DTSLFXAPO64.dll -> C:\Windows\SysNative\DTSLFXAPO64.dll -> [2010/05/16 13:35:42 | 000,123,664 | ---- | C] (DTS)
 DTSGFXAPO64.dll -> C:\Windows\SysNative\DTSGFXAPO64.dll -> [2010/05/16 13:35:42 | 000,123,152 | ---- | C] (DTS)
 DTSGFXAPONS64.dll -> C:\Windows\SysNative\DTSGFXAPONS64.dll -> [2010/05/16 13:35:42 | 000,122,128 | ---- | C] (DTS)
 DTSBassEnhancementDLL64.dll -> C:\Windows\SysNative\DTSBassEnhancementDLL64.dll -> [2010/05/16 13:35:41 | 000,504,592 | ---- | C] (DTS)
 AERTAC64.dll -> C:\Windows\SysNative\AERTAC64.dll -> [2010/05/16 13:35:41 | 000,168,288 | ---- | C] (Andrea Electronics Corporation)
 AERTAR64.dll -> C:\Windows\SysNative\AERTAR64.dll -> [2010/05/16 13:35:41 | 000,108,960 | ---- | C] (Andrea Electronics Corporation)
 Minidump -> C:\Windows\Minidump -> [2010/05/15 16:03:45 | 000,000,000 | ---D | C]
 Belarc -> C:\Program Files (x86)\Belarc -> [2010/05/15 11:47:25 | 000,000,000 | ---D | C]
 ESET -> C:\Program Files (x86)\ESET -> [2010/05/15 09:26:07 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2010/05/14 21:58:30 | 000,000,000 | ---D | C]
 Max Payne 2 Savegames -> C:\Users\Bryan\Documents\Max Payne 2 Savegames -> [2010/05/14 16:30:53 | 000,000,000 | ---D | C]
 Rockstar Games -> C:\Program Files (x86)\Rockstar Games -> [2010/05/14 16:16:33 | 000,000,000 | ---D | C]
 Registrar Registry Manager -> C:\Program Files\Registrar Registry Manager -> [2010/05/14 16:00:35 | 000,000,000 | ---D | C]
 CCleaner -> C:\Program Files (x86)\CCleaner -> [2010/05/14 15:44:25 | 000,000,000 | ---D | C]
 PCPitstop -> C:\ProgramData\PCPitstop -> [2010/05/14 14:28:01 | 000,000,000 | ---D | C]
 PCPitstop -> C:\Program Files (x86)\PCPitstop -> [2010/05/14 14:28:00 | 000,000,000 | ---D | C]
 ubuntu -> C:\ubuntu -> [2010/05/13 21:03:26 | 000,000,000 | ---D | C]
 nvusmu.exe -> C:\Windows\SysNative\nvusmu.exe -> [2010/05/13 11:12:11 | 000,539,680 | ---- | C] (NVIDIA Corporation)
 NVCOSMU.DLL -> C:\Windows\SysNative\NVCOSMU.DLL -> [2010/05/13 11:12:10 | 000,167,936 | ---- | C] (NVIDIA Corporation)
 NvRCoPtb.dll -> C:\Windows\SysNative\NvRCoPtb.dll -> [2010/05/13 11:12:10 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoIt.dll -> C:\Windows\SysNative\NvRCoIt.dll -> [2010/05/13 11:12:10 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoFr.dll -> C:\Windows\SysNative\NvRCoFr.dll -> [2010/05/13 11:12:10 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoEsm.dll -> C:\Windows\SysNative\NvRCoEsm.dll -> [2010/05/13 11:12:10 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoEs.dll -> C:\Windows\SysNative\NvRCoEs.dll -> [2010/05/13 11:12:10 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoSv.dll -> C:\Windows\SysNative\NvRCoSv.dll -> [2010/05/13 11:12:10 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoRu.dll -> C:\Windows\SysNative\NvRCoRu.dll -> [2010/05/13 11:12:10 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoNo.dll -> C:\Windows\SysNative\NvRCoNo.dll -> [2010/05/13 11:12:10 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoNl.dll -> C:\Windows\SysNative\NvRCoNl.dll -> [2010/05/13 11:12:10 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoFi.dll -> C:\Windows\SysNative\NvRCoFi.dll -> [2010/05/13 11:12:10 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoENU.dll -> C:\Windows\SysNative\NvRCoENU.dll -> [2010/05/13 11:12:10 | 000,017,952 | ---- | C] (NVIDIA Corporation)
 NvRCoKo.dll -> C:\Windows\SysNative\NvRCoKo.dll -> [2010/05/13 11:12:10 | 000,016,416 | ---- | C] (NVIDIA Corporation)
 NvRCoJa.dll -> C:\Windows\SysNative\NvRCoJa.dll -> [2010/05/13 11:12:10 | 000,016,416 | ---- | C] (NVIDIA Corporation)
 NvRCoZht.dll -> C:\Windows\SysNative\NvRCoZht.dll -> [2010/05/13 11:12:10 | 000,015,904 | ---- | C] (NVIDIA Corporation)
 NvRCoZhc.dll -> C:\Windows\SysNative\NvRCoZhc.dll -> [2010/05/13 11:12:10 | 000,015,904 | ---- | C] (NVIDIA Corporation)
 nvraiins.dll -> C:\Windows\SysNative\nvraiins.dll -> [2010/05/13 11:12:09 | 000,402,976 | ---- | C] (NVIDIA Corporation)
 nvraidco.dll -> C:\Windows\SysNative\nvraidco.dll -> [2010/05/13 11:12:09 | 000,402,976 | ---- | C] (NVIDIA Corporation)
 NvRCoDe.dll -> C:\Windows\SysNative\NvRCoDe.dll -> [2010/05/13 11:12:09 | 000,018,976 | ---- | C] (NVIDIA Corporation)
 NvRCoDa.dll -> C:\Windows\SysNative\NvRCoDa.dll -> [2010/05/13 11:12:09 | 000,018,464 | ---- | C] (NVIDIA Corporation)
 NvRCoEng.dll -> C:\Windows\SysNative\NvRCoEng.dll -> [2010/05/13 11:12:09 | 000,017,952 | ---- | C] (NVIDIA Corporation)
 My Drivers -> C:\Users\Bryan\Documents\My Drivers -> [2010/05/13 10:59:13 | 000,000,000 | ---D | C]
 Innovative Solutions -> C:\Users\Bryan\AppData\Local\Innovative Solutions -> [2010/05/13 10:59:13 | 000,000,000 | ---D | C]
 Innovative Solutions -> C:\ProgramData\Innovative Solutions -> [2010/05/13 10:59:13 | 000,000,000 | ---D | C]
 Innovative Solutions -> C:\Program Files (x86)\Innovative Solutions -> [2010/05/13 10:59:07 | 000,000,000 | ---D | C]
 ImgBurn -> C:\Users\Bryan\AppData\Roaming\ImgBurn -> [2010/05/12 22:10:54 | 000,000,000 | ---D | C]
 ImgBurn -> C:\Program Files (x86)\ImgBurn -> [2010/05/12 22:09:42 | 000,000,000 | ---D | C]
 Partition Wizard Home Edition 5.0 -> C:\Program Files (x86)\Partition Wizard Home Edition 5.0 -> [2010/05/12 21:32:17 | 000,000,000 | ---D | C]
 Locate32 -> C:\Users\Bryan\AppData\Roaming\Locate32 -> [2010/05/12 11:46:15 | 000,000,000 | ---D | C]
 locate32_x64-3.1.9.06070[1] -> C:\Users\Bryan\Documents\locate32_x64-3.1.9.06070[1] -> [2010/05/12 11:45:51 | 000,000,000 | ---D | C]
 Apps -> C:\Users\Bryan\AppData\Local\Apps -> [2010/05/12 11:35:40 | 000,000,000 | ---D | C]
 VS Revo Group -> C:\Program Files (x86)\VS Revo Group -> [2010/05/12 10:18:34 | 000,000,000 | ---D | C]
 Notes -> C:\Users\Bryan\Documents\Notes -> [2010/05/11 18:55:15 | 000,000,000 | R--D | C]
 PunkBuster -> C:\Users\Bryan\AppData\Local\PunkBuster -> [2010/05/10 16:15:36 | 000,000,000 | ---D | C]
 xactengine2_8.dll -> C:\Windows\SysNative\xactengine2_8.dll -> [2010/05/10 12:54:04 | 000,409,960 | ---- | C] (Microsoft Corporation)
 xactengine2_8.dll -> C:\Windows\SysWow64\xactengine2_8.dll -> [2010/05/10 12:54:04 | 000,266,088 | ---- | C] (Microsoft Corporation)
 x3daudio1_2.dll -> C:\Windows\SysNative\x3daudio1_2.dll -> [2010/05/10 12:54:04 | 000,021,352 | ---- | C] (Microsoft Corporation)
 x3daudio1_2.dll -> C:\Windows\SysWow64\x3daudio1_2.dll -> [2010/05/10 12:54:04 | 000,018,280 | ---- | C] (Microsoft Corporation)
 d3dx9_34.dll -> C:\Windows\SysNative\d3dx9_34.dll -> [2010/05/10 12:54:03 | 004,496,232 | ---- | C] (Microsoft Corporation)
 d3dx9_34.dll -> C:\Windows\SysWow64\d3dx9_34.dll -> [2010/05/10 12:54:03 | 003,497,832 | ---- | C] (Microsoft Corporation)
 D3DCompiler_34.dll -> C:\Windows\SysNative\D3DCompiler_34.dll -> [2010/05/10 12:54:03 | 001,401,200 | ---- | C] (Microsoft Corporation)
 D3DCompiler_34.dll -> C:\Windows\SysWow64\D3DCompiler_34.dll -> [2010/05/10 12:54:03 | 001,124,720 | ---- | C] (Microsoft Corporation)
 d3dx10_34.dll -> C:\Windows\SysNative\d3dx10_34.dll -> [2010/05/10 12:54:03 | 000,506,728 | ---- | C] (Microsoft Corporation)
 d3dx10_34.dll -> C:\Windows\SysWow64\d3dx10_34.dll -> [2010/05/10 12:54:03 | 000,443,752 | ---- | C] (Microsoft Corporation)
 xinput1_3.dll -> C:\Windows\SysNative\xinput1_3.dll -> [2010/05/10 12:54:02 | 000,107,368 | ---- | C] (Microsoft Corporation)
 xactengine2_7.dll -> C:\Windows\SysNative\xactengine2_7.dll -> [2010/05/10 12:54:01 | 000,403,304 | ---- | C] (Microsoft Corporation)
 xactengine2_7.dll -> C:\Windows\SysWow64\xactengine2_7.dll -> [2010/05/10 12:54:01 | 000,261,480 | ---- | C] (Microsoft Corporation)
 d3dx9_33.dll -> C:\Windows\SysNative\d3dx9_33.dll -> [2010/05/10 12:54:00 | 004,494,184 | ---- | C] (Microsoft Corporation)
 d3dx9_33.dll -> C:\Windows\SysWow64\d3dx9_33.dll -> [2010/05/10 12:54:00 | 003,495,784 | ---- | C] (Microsoft Corporation)
 D3DCompiler_33.dll -> C:\Windows\SysNative\D3DCompiler_33.dll -> [2010/05/10 12:54:00 | 001,400,176 | ---- | C] (Microsoft Corporation)
 D3DCompiler_33.dll -> C:\Windows\SysWow64\D3DCompiler_33.dll -> [2010/05/10 12:54:00 | 001,123,696 | ---- | C] (Microsoft Corporation)
 d3dx10_33.dll -> C:\Windows\SysNative\d3dx10_33.dll -> [2010/05/10 12:54:00 | 000,506,728 | ---- | C] (Microsoft Corporation)
 d3dx10_33.dll -> C:\Windows\SysWow64\d3dx10_33.dll -> [2010/05/10 12:54:00 | 000,443,752 | ---- | C] (Microsoft Corporation)
 xactengine2_6.dll -> C:\Windows\SysNative\xactengine2_6.dll -> [2010/05/10 12:53:59 | 000,393,576 | ---- | C] (Microsoft Corporation)
 xactengine2_6.dll -> C:\Windows\SysWow64\xactengine2_6.dll -> [2010/05/10 12:53:59 | 000,255,848 | ---- | C] (Microsoft Corporation)
 d3dx10.dll -> C:\Windows\SysNative\d3dx10.dll -> [2010/05/10 12:53:58 | 000,469,264 | ---- | C] (Microsoft Corporation)
 d3dx10.dll -> C:\Windows\SysWow64\d3dx10.dll -> [2010/05/10 12:53:58 | 000,440,080 | ---- | C] (Microsoft Corporation)
 xactengine2_5.dll -> C:\Windows\SysNative\xactengine2_5.dll -> [2010/05/10 12:53:58 | 000,390,424 | ---- | C] (Microsoft Corporation)
 xactengine2_5.dll -> C:\Windows\SysWow64\xactengine2_5.dll -> [2010/05/10 12:53:58 | 000,251,672 | ---- | C] (Microsoft Corporation)
 xactengine2_4.dll -> C:\Windows\SysNative\xactengine2_4.dll -> [2010/05/10 12:53:56 | 000,364,824 | ---- | C] (Microsoft Corporation)
 xactengine2_4.dll -> C:\Windows\SysWow64\xactengine2_4.dll -> [2010/05/10 12:53:56 | 000,237,848 | ---- | C] (Microsoft Corporation)
 x3daudio1_1.dll -> C:\Windows\SysNative\x3daudio1_1.dll -> [2010/05/10 12:53:56 | 000,017,688 | ---- | C] (Microsoft Corporation)
 x3daudio1_1.dll -> C:\Windows\SysWow64\x3daudio1_1.dll -> [2010/05/10 12:53:56 | 000,015,128 | ---- | C] (Microsoft Corporation)
 d3dx9_31.dll -> C:\Windows\SysNative\d3dx9_31.dll -> [2010/05/10 12:53:55 | 003,977,496 | ---- | C] (Microsoft Corporation)
 d3dx9_31.dll -> C:\Windows\SysWow64\d3dx9_31.dll -> [2010/05/10 12:53:55 | 002,414,360 | ---- | C] (Microsoft Corporation)
 xactengine2_3.dll -> C:\Windows\SysNative\xactengine2_3.dll -> [2010/05/10 12:53:54 | 000,363,288 | ---- | C] (Microsoft Corporation)
 xactengine2_3.dll -> C:\Windows\SysWow64\xactengine2_3.dll -> [2010/05/10 12:53:54 | 000,236,824 | ---- | C] (Microsoft Corporation)
 xinput1_2.dll -> C:\Windows\SysNative\xinput1_2.dll -> [2010/05/10 12:53:54 | 000,083,736 | ---- | C] (Microsoft Corporation)
 xinput1_2.dll -> C:\Windows\SysWow64\xinput1_2.dll -> [2010/05/10 12:53:54 | 000,062,744 | ---- | C] (Microsoft Corporation)
 xactengine2_2.dll -> C:\Windows\SysNative\xactengine2_2.dll -> [2010/05/10 12:53:53 | 000,354,072 | ---- | C] (Microsoft Corporation)
 xactengine2_2.dll -> C:\Windows\SysWow64\xactengine2_2.dll -> [2010/05/10 12:53:53 | 000,230,168 | ---- | C] (Microsoft Corporation)
 xinput1_1.dll -> C:\Windows\SysNative\xinput1_1.dll -> [2010/05/10 12:53:52 | 000,083,664 | ---- | C] (Microsoft Corporation)
 xinput1_1.dll -> C:\Windows\SysWow64\xinput1_1.dll -> [2010/05/10 12:53:52 | 000,062,672 | ---- | C] (Microsoft Corporation)
 xactengine2_1.dll -> C:\Windows\SysNative\xactengine2_1.dll -> [2010/05/10 12:53:51 | 000,352,464 | ---- | C] (Microsoft Corporation)
 xactengine2_1.dll -> C:\Windows\SysWow64\xactengine2_1.dll -> [2010/05/10 12:53:51 | 000,229,584 | ---- | C] (Microsoft Corporation)
 d3dx9_30.dll -> C:\Windows\SysNative\d3dx9_30.dll -> [2010/05/10 12:53:46 | 003,927,248 | ---- | C] (Microsoft Corporation)
 d3dx9_30.dll -> C:\Windows\SysWow64\d3dx9_30.dll -> [2010/05/10 12:53:46 | 002,388,176 | ---- | C] (Microsoft Corporation)
 xactengine2_0.dll -> C:\Windows\SysNative\xactengine2_0.dll -> [2010/05/10 12:53:45 | 000,355,536 | ---- | C] (Microsoft Corporation)
 xactengine2_0.dll -> C:\Windows\SysWow64\xactengine2_0.dll -> [2010/05/10 12:53:45 | 000,230,096 | ---- | C] (Microsoft Corporation)
 x3daudio1_0.dll -> C:\Windows\SysNative\x3daudio1_0.dll -> [2010/05/10 12:53:45 | 000,016,592 | ---- | C] (Microsoft Corporation)
 x3daudio1_0.dll -> C:\Windows\SysWow64\x3daudio1_0.dll -> [2010/05/10 12:53:45 | 000,014,032 | ---- | C] (Microsoft Corporation)
 d3dx9_29.dll -> C:\Windows\SysNative\d3dx9_29.dll -> [2010/05/10 12:53:44 | 003,830,992 | ---- | C] (Microsoft Corporation)
 d3dx9_28.dll -> C:\Windows\SysNative\d3dx9_28.dll -> [2010/05/10 12:53:44 | 003,815,120 | ---- | C] (Microsoft Corporation)
 d3dx9_29.dll -> C:\Windows\SysWow64\d3dx9_29.dll -> [2010/05/10 12:53:44 | 002,332,368 | ---- | C] (Microsoft Corporation)
 d3dx9_28.dll -> C:\Windows\SysWow64\d3dx9_28.dll -> [2010/05/10 12:53:44 | 002,323,664 | ---- | C] (Microsoft Corporation)
 d3dx9_27.dll -> C:\Windows\SysNative\d3dx9_27.dll -> [2010/05/10 12:53:43 | 003,807,440 | ---- | C] (Microsoft Corporation)
 d3dx9_26.dll -> C:\Windows\SysNative\d3dx9_26.dll -> [2010/05/10 12:53:43 | 003,767,504 | ---- | C] (Microsoft Corporation)
 d3dx9_27.dll -> C:\Windows\SysWow64\d3dx9_27.dll -> [2010/05/10 12:53:43 | 002,319,568 | ---- | C] (Microsoft Corporation)
 d3dx9_26.dll -> C:\Windows\SysWow64\d3dx9_26.dll -> [2010/05/10 12:53:43 | 002,297,552 | ---- | C] (Microsoft Corporation)
 d3dx9_25.dll -> C:\Windows\SysNative\d3dx9_25.dll -> [2010/05/10 12:53:42 | 003,823,312 | ---- | C] (Microsoft Corporation)
 d3dx9_25.dll -> C:\Windows\SysWow64\d3dx9_25.dll -> [2010/05/10 12:53:42 | 002,337,488 | ---- | C] (Microsoft Corporation)
 d3dx9_24.dll -> C:\Windows\SysNative\d3dx9_24.dll -> [2010/05/10 12:53:41 | 003,544,272 | ---- | C] (Microsoft Corporation)
 d3dx9_24.dll -> C:\Windows\SysWow64\d3dx9_24.dll -> [2010/05/10 12:53:41 | 002,222,800 | ---- | C] (Microsoft Corporation)
 Activision -> C:\Program Files (x86)\Activision -> [2010/05/10 12:17:19 | 000,000,000 | ---D | C]
 ftpcache -> C:\Windows\ftpcache -> [2010/05/10 12:14:57 | 000,000,000 | -HSD | C]
 Masque -> C:\Users\Bryan\AppData\Roaming\Masque -> [2010/05/10 11:58:23 | 000,000,000 | ---D | C]
 Masque -> C:\ProgramData\Masque -> [2010/05/10 11:58:23 | 000,000,000 | ---D | C]
 Masque IGT Slots Little Green Men -> C:\Program Files (x86)\Masque IGT Slots Little Green Men -> [2010/05/10 11:56:20 | 000,000,000 | ---D | C]
 Sophos -> C:\Program Files (x86)\Sophos -> [2010/05/09 13:36:14 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/05/09 13:26:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/05/09 13:26:01 | 000,024,664 | ---- | C] (Malwarebytes Corporation)
 Eraser 6 -> C:\Users\Bryan\AppData\Local\Eraser 6 -> [2010/05/08 22:57:16 | 000,000,000 | ---D | C]
 Microsoft Games -> C:\Users\Bryan\AppData\Local\Microsoft Games -> [2010/05/08 21:39:39 | 000,000,000 | ---D | C]
 Eraser -> C:\Program Files\Eraser -> [2010/05/08 10:22:27 | 000,000,000 | ---D | C]
 Yahoo! Companion -> C:\ProgramData\Yahoo! Companion -> [2010/05/07 13:19:54 | 000,000,000 | ---D | C]
 Yahoo! -> C:\Users\Bryan\AppData\Roaming\Yahoo! -> [2010/05/07 13:19:54 | 000,000,000 | ---D | C]
 Yahoo! -> C:\Program Files (x86)\Yahoo! -> [2010/05/07 13:19:53 | 000,000,000 | ---D | C]
 Recuva -> C:\Program Files\Recuva -> [2010/05/07 13:19:49 | 000,000,000 | ---D | C]
 ElevatedDiagnostics -> C:\Users\Bryan\AppData\Local\ElevatedDiagnostics -> [2010/05/07 01:00:16 | 000,000,000 | ---D | C]
 Diagnostics -> C:\Users\Bryan\AppData\Local\Diagnostics -> [2010/05/06 22:44:36 | 000,000,000 | ---D | C]
 NVIDIA -> C:\Users\Bryan\AppData\Roaming\NVIDIA -> [2010/05/06 21:20:07 | 000,000,000 | ---D | C]
 d3dx10_42.dll -> C:\Windows\SysWow64\d3dx10_42.dll -> [2010/05/06 20:43:48 | 000,453,456 | ---- | C] (Microsoft Corporation)
 xinput1_3.dll -> C:\Windows\SysWow64\xinput1_3.dll -> [2010/05/06 20:43:48 | 000,081,768 | ---- | C] (Microsoft Corporation)
 Perfect Uninstaller -> C:\Program Files\Perfect Uninstaller -> [2010/05/06 19:41:49 | 000,000,000 | ---D | C]
 MyWinLockerData -> C:\MyWinLockerData -> [2010/05/06 11:52:56 | 000,000,000 | -H-D | C]
 Malwarebytes -> C:\Users\Bryan\AppData\Roaming\Malwarebytes -> [2010/05/06 10:22:22 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/05/06 10:22:13 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/05/06 10:22:12 | 000,000,000 | ---D | C]
 Nexon -> C:\ProgramData\Nexon -> [2010/05/06 02:02:47 | 000,000,000 | ---D | C]
 PMB Files -> C:\Users\Bryan\AppData\Local\PMB Files -> [2010/05/05 20:25:30 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 bootstat.dat -> C:\Windows\bootstat.dat -> [2010/06/04 14:46:38 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/06/04 14:46:34 | 3018,756,096 | -HS- | M] ()
 ntuser.dat -> C:\Users\Bryan\ntuser.dat -> [2010/06/04 14:45:03 | 002,621,440 | -HS- | M] ()
 OTS.exe -> C:\Users\Bryan\Desktop\OTS.exe -> [2010/06/04 14:38:07 | 000,640,000 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/06/04 14:33:02 | 000,000,896 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/06/04 12:48:17 | 000,009,920 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/06/04 12:48:17 | 000,009,920 | -H-- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/06/04 12:45:33 | 000,713,888 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/06/04 12:45:33 | 000,615,122 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/06/04 12:45:33 | 000,103,496 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/06/04 12:41:03 | 000,000,892 | ---- | M] ()
 SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/06/04 12:40:53 | 000,000,006 | -H-- | M] ()
 Resmon.ResmonCfg -> C:\Users\Bryan\AppData\Local\Resmon.ResmonCfg -> [2010/06/04 01:07:43 | 000,007,597 | ---- | M] ()
 wininit.ini -> C:\Windows\wininit.ini -> [2010/06/03 15:45:54 | 000,000,050 | ---- | M] ()
 Auslogics Disk Defrag.lnk -> C:\Users\Bryan\Desktop\Auslogics Disk Defrag.lnk -> [2010/06/03 08:39:24 | 000,001,140 | ---- | M] ()
 Sandboxie.ini -> C:\Windows\Sandboxie.ini -> [2010/06/02 23:25:51 | 000,001,368 | ---- | M] ()
 draft_guide.cbs2010.pdf -> C:\Users\Bryan\Documents\draft_guide.cbs2010.pdf -> [2010/06/01 16:21:15 | 001,167,702 | ---- | M] ()
 Full Tilt Poker.lnk -> C:\Users\Public\Desktop\Full Tilt Poker.lnk -> [2010/06/01 11:29:00 | 000,001,055 | ---- | M] ()
 WindowsAnytimeUpgradeUI.exe -> C:\Windows\SysWow64\WindowsAnytimeUpgradeUI.exe -> [2010/05/30 20:24:20 | 000,000,000 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\Bryan\Desktop\Google Chrome.lnk -> [2010/05/29 07:31:57 | 000,002,314 | ---- | M] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/29 02:12:21 | 000,524,288 | -HS- | M] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/29 02:12:21 | 000,524,288 | -HS- | M] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TM.blf -> [2010/05/29 02:12:21 | 000,065,536 | -HS- | M] ()
 OASettings100528.OA -> C:\Users\Bryan\Documents\OASettings100528.OA -> [2010/05/28 20:58:09 | 001,581,394 | ---- | M] ()
 Google Desktop.lnk -> C:\Users\Public\Desktop\Google Desktop.lnk -> [2010/05/28 20:43:21 | 000,001,222 | ---- | M] ()
 ProcessMonitor.zip -> C:\Users\Bryan\Desktop\ProcessMonitor.zip -> [2010/05/28 19:01:21 | 001,322,283 | ---- | M] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2010/05/28 18:27:52 | 000,103,736 | ---- | M] ()
 Msft_Kernel_SaiKF622_01005.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_SaiKF622_01005.Wdf -> [2010/05/28 15:42:20 | 000,000,000 | -H-- | M] ()
 cc_20100528_111630.regbackup.reg -> C:\Users\Bryan\Documents\cc_20100528_111630.regbackup.reg -> [2010/05/28 11:16:49 | 000,037,598 | ---- | M] ()
 CCleaner.lnk -> C:\Users\Bryan\Desktop\CCleaner.lnk -> [2010/05/28 10:26:20 | 000,001,889 | ---- | M] ()
 Update Checker.lnk -> C:\Users\Bryan\Desktop\Update Checker.lnk -> [2010/05/28 10:11:08 | 000,001,973 | ---- | M] ()
 psi_mf.sys -> C:\Windows\SysNative\drivers\psi_mf.sys -> [2010/05/28 04:04:52 | 000,017,456 | ---- | M] (Secunia)
 oahlp64.sys -> C:\Windows\SysWow64\drivers\oahlp64.sys -> [2010/05/27 07:06:52 | 000,051,440 | ---- | M] ()
 oaevent.dll -> C:\Windows\oaevent.dll -> [2010/05/27 06:56:00 | 000,323,344 | ---- | M] (Tall Emu)
 OADriver.sys -> C:\Windows\SysWow64\drivers\OADriver.sys -> [2010/05/27 06:56:00 | 000,052,880 | ---- | M] ()
 OAmon.sys -> C:\Windows\SysWow64\drivers\OAmon.sys -> [2010/05/27 06:56:00 | 000,035,984 | ---- | M] (Tall Emu)
 OAnet.sys -> C:\Windows\SysNative\drivers\OAnet.sys -> [2010/05/27 06:55:58 | 000,043,664 | ---- | M] (Tall Emu Pty Ltd)
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/25 18:03:41 | 000,524,288 | -HS- | M] ()
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/25 18:03:41 | 000,524,288 | -HS- | M] ()
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TM.blf -> [2010/05/25 18:03:41 | 000,065,536 | -HS- | M] ()
 autoruns.exe -> C:\Users\Bryan\Desktop\autoruns.exe -> [2010/05/25 02:42:24 | 000,670,072 | ---- | M] (Sysinternals - www.sysinternals.com)
 PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2010/05/23 19:16:25 | 000,219,128 | ---- | M] ()
 pbsvc_heroes.exe -> C:\Windows\SysWow64\pbsvc_heroes.exe -> [2010/05/23 17:29:25 | 002,427,248 | ---- | M] ()
 PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2010/05/23 17:29:25 | 000,075,064 | ---- | M] ()
 HOSTS -> C:\Windows\SysNative\drivers\etc\HOSTS -> [2010/05/23 01:59:40 | 000,607,013 | ---- | M] ()
 mvps.bat -> C:\Windows\SysNative\drivers\etc\mvps.bat -> [2010/05/23 01:59:40 | 000,001,615 | ---- | M] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 12:20:28 | 000,524,288 | -HS- | M] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 12:20:28 | 000,524,288 | -HS- | M] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TM.blf -> [2010/05/22 12:20:28 | 000,065,536 | -HS- | M] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 11:29:36 | 000,524,288 | -HS- | M] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 11:29:36 | 000,524,288 | -HS- | M] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TM.blf -> [2010/05/22 11:29:36 | 000,065,536 | -HS- | M] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 11:26:34 | 000,524,288 | -HS- | M] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 11:26:34 | 000,524,288 | -HS- | M] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TM.blf -> [2010/05/22 11:26:34 | 000,065,536 | -HS- | M] ()
 recdisc.exe -> C:\Windows\SysWow64\recdisc.exe -> [2010/05/21 16:43:13 | 000,000,000 | ---- | M] ()
 vdsldr.exe -> C:\Windows\SysWow64\vdsldr.exe -> [2010/05/21 14:46:10 | 000,000,000 | ---- | M] ()
 Sandboxed Web Browser.lnk -> C:\Users\Bryan\Desktop\Sandboxed Web Browser.lnk -> [2010/05/21 12:39:05 | 000,000,900 | ---- | M] ()
 wsqmcons.exe -> C:\Windows\SysWow64\wsqmcons.exe -> [2010/05/21 11:00:01 | 000,000,000 | ---- | M] ()
 sdclt.exe -> C:\Windows\SysWow64\sdclt.exe -> [2010/05/21 10:00:01 | 000,000,000 | ---- | M] ()
 defrag.exe -> C:\Windows\SysWow64\defrag.exe -> [2010/05/21 08:04:46 | 000,000,000 | ---- | M] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/20 21:10:55 | 000,524,288 | -HS- | M] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/20 21:10:55 | 000,524,288 | -HS- | M] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TM.blf -> [2010/05/20 21:10:55 | 000,065,536 | -HS- | M] ()
 Microsoft Security Essentials.lnk -> C:\Users\Public\Desktop\Microsoft Security Essentials.lnk -> [2010/05/18 15:39:48 | 000,001,035 | ---- | M] ()
 mdres.exe -> C:\Windows\SysWow64\mdres.exe -> [2010/05/17 13:27:24 | 000,000,000 | ---- | M] ()
 MdSched.exe -> C:\Windows\SysWow64\MdSched.exe -> [2010/05/17 13:12:28 | 000,000,000 | ---- | M] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/17 01:11:45 | 000,524,288 | -HS- | M] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/17 01:11:45 | 000,524,288 | -HS- | M] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TM.blf -> [2010/05/17 01:11:45 | 000,065,536 | -HS- | M] ()
 Recuva.lnk -> C:\Users\Bryan\Desktop\Recuva.lnk -> [2010/05/17 00:54:34 | 000,001,662 | ---- | M] ()
 DXPServer.exe -> C:\Windows\SysWow64\DXPServer.exe -> [2010/05/15 15:10:25 | 000,000,000 | ---- | M] ()
 DeviceDisplayObjectProvider.exe -> C:\Windows\SysWow64\DeviceDisplayObjectProvider.exe -> [2010/05/15 15:10:18 | 000,000,000 | ---- | M] ()
 Msft_User_WpdMtpDr_01_09_00.Wdf -> C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf -> [2010/05/15 15:10:16 | 000,000,000 | -H-- | M] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/15 14:58:18 | 000,524,288 | -HS- | M] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/15 14:58:18 | 000,524,288 | -HS- | M] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TM.blf -> [2010/05/15 14:58:18 | 000,065,536 | -HS- | M] ()
 HiJackThis.lnk -> C:\Users\Bryan\Desktop\HiJackThis.lnk -> [2010/05/15 13:09:46 | 000,002,975 | ---- | M] ()
 Belarc Advisor.lnk -> C:\Users\Public\Desktop\Belarc Advisor.lnk -> [2010/05/15 11:47:26 | 000,002,007 | ---- | M] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/14 23:29:49 | 000,524,288 | -HS- | M] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/14 23:29:49 | 000,524,288 | -HS- | M] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TM.blf -> [2010/05/14 23:29:49 | 000,065,536 | -HS- | M] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/14 00:17:20 | 000,524,288 | -HS- | M] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/14 00:17:20 | 000,524,288 | -HS- | M] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TM.blf -> [2010/05/14 00:17:20 | 000,065,536 | -HS- | M] ()
 wubildr -> C:\wubildr -> [2010/05/14 00:16:58 | 000,088,813 | ---- | M] ()
 wubildr.mbr -> C:\wubildr.mbr -> [2010/05/14 00:16:58 | 000,008,192 | ---- | M] ()
 housecall.guid.cache -> C:\Users\Bryan\AppData\Local\housecall.guid.cache -> [2010/05/13 19:08:49 | 000,000,036 | ---- | M] ()
 nvuSMU.exe -> C:\Windows\SysWow64\nvuSMU.exe -> [2010/05/13 11:13:07 | 000,000,000 | ---- | M] ()
 DriverMax.lnk -> C:\Users\Bryan\Desktop\DriverMax.lnk -> [2010/05/13 10:59:10 | 000,001,118 | ---- | M] ()
 ImgBurn.lnk -> C:\Users\Public\Desktop\ImgBurn.lnk -> [2010/05/12 22:09:42 | 000,001,869 | ---- | M] ()
 Partition Wizard Home Edition.lnk -> C:\Users\Bryan\Desktop\Partition Wizard Home Edition.lnk -> [2010/05/12 21:40:30 | 000,001,127 | ---- | M] ()
 CompMgmtLauncher.exe -> C:\Windows\SysWow64\CompMgmtLauncher.exe -> [2010/05/12 13:52:21 | 000,000,000 | ---- | M] ()
 Revo Uninstaller.lnk -> C:\Users\Bryan\Desktop\Revo Uninstaller.lnk -> [2010/05/12 10:18:34 | 000,001,268 | ---- | M] ()
 MpSigStub.exe -> C:\Windows\SysWow64\MpSigStub.exe -> [2010/05/12 07:54:18 | 000,000,000 | ---- | M] ()
 MRT.exe -> C:\Windows\SysWow64\MRT.exe -> [2010/05/12 07:53:03 | 000,000,000 | ---- | M] ()
 lpremove.exe -> C:\Windows\SysWow64\lpremove.exe -> [2010/05/11 06:38:37 | 000,000,000 | ---- | M] ()
 aitagent.EXE -> C:\Windows\SysWow64\aitagent.EXE -> [2010/05/11 06:31:36 | 000,000,000 | ---- | M] ()
 game.ini -> C:\Windows\game.ini -> [2010/05/10 12:45:13 | 000,000,331 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/05/09 13:26:06 | 000,001,013 | ---- | M] ()
 Paragon Partition Manager™ 2010 Free Edition.lnk -> C:\Users\Bryan\Desktop\Paragon Partition Manager™ 2010 Free Edition.lnk -> [2010/05/08 21:03:54 | 000,002,519 | ---- | M] ()
 Eraser.lnk -> C:\Users\Public\Desktop\Eraser.lnk -> [2010/05/08 10:22:34 | 000,001,751 | ---- | M] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 17:43:37 | 000,524,288 | -HS- | M] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 17:43:37 | 000,524,288 | -HS- | M] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TM.blf -> [2010/05/07 17:43:37 | 000,065,536 | -HS- | M] ()
 pcwutl.dll -> C:\Windows\SysWow64\pcwutl.dll -> [2010/05/07 17:39:36 | 000,000,000 | ---- | M] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 13:46:53 | 000,524,288 | -HS- | M] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 13:46:53 | 000,524,288 | -HS- | M] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TM.blf -> [2010/05/07 13:46:53 | 000,065,536 | -HS- | M] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 13:36:50 | 000,524,288 | -HS- | M] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 13:36:50 | 000,524,288 | -HS- | M] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TM.blf -> [2010/05/07 13:36:50 | 000,065,536 | -HS- | M] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 10:55:38 | 000,524,288 | -HS- | M] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 10:55:38 | 000,524,288 | -HS- | M] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TM.blf -> [2010/05/07 10:55:38 | 000,065,536 | -HS- | M] ()
 GoogleUpdateTaskUserS-1-5-21-3488347447-2488368954-518346416-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3488347447-2488368954-518346416-1000Core.job -> [2010/05/07 10:03:00 | 000,000,856 | ---- | M] ()
 StikyNot.exe -> C:\Windows\SysWow64\StikyNot.exe -> [2010/05/07 01:41:26 | 000,000,000 | ---- | M] ()
 pcwrun.exe -> C:\Windows\SysWow64\pcwrun.exe -> [2010/05/06 22:43:50 | 000,000,000 | ---- | M] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/06 20:34:34 | 000,524,288 | -HS- | M] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/06 20:34:34 | 000,524,288 | -HS- | M] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TM.blf -> [2010/05/06 20:34:34 | 000,065,536 | -HS- | M] ()
 
[Files - No Company Name]
 wininit.ini -> C:\Windows\wininit.ini -> [2010/06/03 15:45:24 | 000,000,050 | ---- | C] ()
 Auslogics Disk Defrag.lnk -> C:\Users\Bryan\Desktop\Auslogics Disk Defrag.lnk -> [2010/06/03 08:39:24 | 000,001,140 | ---- | C] ()
 OADriver.sys -> C:\Windows\SysWow64\drivers\OADriver.sys -> [2010/06/02 15:44:22 | 000,052,880 | ---- | C] ()
 oahlp64.sys -> C:\Windows\SysWow64\drivers\oahlp64.sys -> [2010/06/02 15:44:22 | 000,051,440 | ---- | C] ()
 draft_guide.cbs2010.pdf -> C:\Users\Bryan\Documents\draft_guide.cbs2010.pdf -> [2010/06/01 16:21:15 | 001,167,702 | ---- | C] ()
 Full Tilt Poker.lnk -> C:\Users\Public\Desktop\Full Tilt Poker.lnk -> [2010/06/01 11:29:00 | 000,001,055 | ---- | C] ()
 WindowsAnytimeUpgradeUI.exe -> C:\Windows\SysWow64\WindowsAnytimeUpgradeUI.exe -> [2010/05/30 20:24:20 | 000,000,000 | ---- | C] ()
 Google Chrome.lnk -> C:\Users\Bryan\Desktop\Google Chrome.lnk -> [2010/05/29 07:31:57 | 000,002,314 | ---- | C] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/29 00:00:35 | 000,524,288 | -HS- | C] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/29 00:00:35 | 000,524,288 | -HS- | C] ()
 ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{81e1dd90-6aee-11df-95dc-00262d289fc4}.TM.blf -> [2010/05/29 00:00:35 | 000,065,536 | -HS- | C] ()
 OASettings100528.OA -> C:\Users\Bryan\Documents\OASettings100528.OA -> [2010/05/28 20:58:04 | 001,581,394 | ---- | C] ()
 Google Desktop.lnk -> C:\Users\Public\Desktop\Google Desktop.lnk -> [2010/05/28 20:43:21 | 000,001,222 | ---- | C] ()
 ProcessMonitor.zip -> C:\Users\Bryan\Desktop\ProcessMonitor.zip -> [2010/05/28 19:01:18 | 001,322,283 | ---- | C] ()
 Msft_Kernel_SaiKF622_01005.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_SaiKF622_01005.Wdf -> [2010/05/28 15:42:20 | 000,000,000 | -H-- | C] ()
 cc_20100528_111630.regbackup.reg -> C:\Users\Bryan\Documents\cc_20100528_111630.regbackup.reg -> [2010/05/28 11:16:45 | 000,037,598 | ---- | C] ()
 CCleaner.lnk -> C:\Users\Bryan\Desktop\CCleaner.lnk -> [2010/05/28 10:26:20 | 000,001,889 | ---- | C] ()
 Update Checker.lnk -> C:\Users\Bryan\Desktop\Update Checker.lnk -> [2010/05/28 10:11:08 | 000,001,973 | ---- | C] ()
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/25 14:46:54 | 000,524,288 | -HS- | C] ()
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/25 14:46:54 | 000,524,288 | -HS- | C] ()
 ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{7400f97e-682a-11df-8657-00262d289fc4}.TM.blf -> [2010/05/25 14:46:54 | 000,065,536 | -HS- | C] ()
 pbsvc_heroes.exe -> C:\Windows\SysWow64\pbsvc_heroes.exe -> [2010/05/23 17:29:22 | 002,427,248 | ---- | C] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 11:31:47 | 000,524,288 | -HS- | C] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 11:31:47 | 000,524,288 | -HS- | C] ()
 ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{be3a6db8-65cf-11df-b488-00262d289fc4}.TM.blf -> [2010/05/22 11:31:47 | 000,065,536 | -HS- | C] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 11:28:19 | 000,524,288 | -HS- | C] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 11:28:19 | 000,524,288 | -HS- | C] ()
 ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{1a9c8dd3-65ce-11df-b300-00262d289fc4}.TM.blf -> [2010/05/22 11:28:19 | 000,065,536 | -HS- | C] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/22 11:16:45 | 000,524,288 | -HS- | C] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/22 11:16:45 | 000,524,288 | -HS- | C] ()
 ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{abfe7c72-65c6-11df-bf90-00262d289fc4}.TM.blf -> [2010/05/22 11:16:45 | 000,065,536 | -HS- | C] ()
 recdisc.exe -> C:\Windows\SysWow64\recdisc.exe -> [2010/05/21 16:43:13 | 000,000,000 | ---- | C] ()
 vdsldr.exe -> C:\Windows\SysWow64\vdsldr.exe -> [2010/05/21 14:46:10 | 000,000,000 | ---- | C] ()
 Sandboxed Web Browser.lnk -> C:\Users\Bryan\Desktop\Sandboxed Web Browser.lnk -> [2010/05/21 12:39:56 | 000,000,900 | ---- | C] ()
 Sandboxie.ini -> C:\Windows\Sandboxie.ini -> [2010/05/21 12:39:54 | 000,001,368 | ---- | C] ()
 wsqmcons.exe -> C:\Windows\SysWow64\wsqmcons.exe -> [2010/05/21 11:00:01 | 000,000,000 | ---- | C] ()
 sdclt.exe -> C:\Windows\SysWow64\sdclt.exe -> [2010/05/21 10:00:01 | 000,000,000 | ---- | C] ()
 defrag.exe -> C:\Windows\SysWow64\defrag.exe -> [2010/05/21 08:04:46 | 000,000,000 | ---- | C] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/20 15:31:31 | 000,524,288 | -HS- | C] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/20 15:31:31 | 000,524,288 | -HS- | C] ()
 ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{d2ad8a2b-645e-11df-a4c1-00262d289fc4}.TM.blf -> [2010/05/20 15:31:31 | 000,065,536 | -HS- | C] ()
 Microsoft Security Essentials.lnk -> C:\Users\Public\Desktop\Microsoft Security Essentials.lnk -> [2010/05/18 15:39:48 | 000,001,035 | ---- | C] ()
 mdres.exe -> C:\Windows\SysWow64\mdres.exe -> [2010/05/17 13:27:24 | 000,000,000 | ---- | C] ()
 MdSched.exe -> C:\Windows\SysWow64\MdSched.exe -> [2010/05/17 13:12:28 | 000,000,000 | ---- | C] ()
 Recuva.lnk -> C:\Users\Bryan\Desktop\Recuva.lnk -> [2010/05/17 00:54:34 | 000,001,662 | ---- | C] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/16 22:21:07 | 000,524,288 | -HS- | C] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/16 22:21:07 | 000,524,288 | -HS- | C] ()
 ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{911b0d48-6171-11df-89fd-00262d289fc4}.TM.blf -> [2010/05/16 22:21:07 | 000,065,536 | -HS- | C] ()
 DXPServer.exe -> C:\Windows\SysWow64\DXPServer.exe -> [2010/05/15 15:10:25 | 000,000,000 | ---- | C] ()
 DeviceDisplayObjectProvider.exe -> C:\Windows\SysWow64\DeviceDisplayObjectProvider.exe -> [2010/05/15 15:10:18 | 000,000,000 | ---- | C] ()
 Msft_User_WpdMtpDr_01_09_00.Wdf -> C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf -> [2010/05/15 15:10:16 | 000,000,000 | -H-- | C] ()
 HiJackThis.lnk -> C:\Users\Bryan\Desktop\HiJackThis.lnk -> [2010/05/15 13:09:46 | 000,002,975 | ---- | C] ()
 Belarc Advisor.lnk -> C:\Users\Public\Desktop\Belarc Advisor.lnk -> [2010/05/15 11:47:26 | 000,002,007 | ---- | C] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/15 08:30:11 | 000,524,288 | -HS- | C] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/15 08:30:11 | 000,524,288 | -HS- | C] ()
 ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{e18fb18c-6035-11df-ad70-00262d289fc4}.TM.blf -> [2010/05/15 08:30:11 | 000,065,536 | -HS- | C] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/14 21:26:13 | 000,524,288 | -HS- | C] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/14 21:26:13 | 000,524,288 | -HS- | C] ()
 ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{3bb27f3f-5fd3-11df-ad2e-00262d289fc4}.TM.blf -> [2010/05/14 21:26:13 | 000,065,536 | -HS- | C] ()
 wubildr -> C:\wubildr -> [2010/05/14 00:16:58 | 000,088,813 | ---- | C] ()
 wubildr.mbr -> C:\wubildr.mbr -> [2010/05/14 00:16:58 | 000,008,192 | ---- | C] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/13 22:07:16 | 000,524,288 | -HS- | C] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/13 22:07:16 | 000,524,288 | -HS- | C] ()
 ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{133bfd4a-5ec9-11df-a441-00262d289fc4}.TM.blf -> [2010/05/13 22:07:16 | 000,065,536 | -HS- | C] ()
 housecall.guid.cache -> C:\Users\Bryan\AppData\Local\housecall.guid.cache -> [2010/05/13 19:08:49 | 000,000,036 | ---- | C] ()
 nvuSMU.exe -> C:\Windows\SysWow64\nvuSMU.exe -> [2010/05/13 11:13:07 | 000,000,000 | ---- | C] ()
 nvsmu.nvu -> C:\Windows\SysNative\nvsmu.nvu -> [2010/05/13 11:12:10 | 000,001,463 | ---- | C] ()
 DriverMax.lnk -> C:\Users\Bryan\Desktop\DriverMax.lnk -> [2010/05/13 10:59:10 | 000,001,118 | ---- | C] ()
 ImgBurn.lnk -> C:\Users\Public\Desktop\ImgBurn.lnk -> [2010/05/12 22:09:42 | 000,001,869 | ---- | C] ()
 Partition Wizard Home Edition.lnk -> C:\Users\Bryan\Desktop\Partition Wizard Home Edition.lnk -> [2010/05/12 21:40:30 | 000,001,127 | ---- | C] ()
 pwNative.exe -> C:\Windows\SysNative\pwNative.exe -> [2010/05/12 21:33:41 | 000,611,400 | ---- | C] ()
 pwdrvio.sys -> C:\Windows\SysNative\pwdrvio.sys -> [2010/05/12 21:33:40 | 000,019,936 | ---- | C] ()
 pwdspio.sys -> C:\Windows\SysNative\pwdspio.sys -> [2010/05/12 21:33:40 | 000,013,280 | ---- | C] ()
 CompMgmtLauncher.exe -> C:\Windows\SysWow64\CompMgmtLauncher.exe -> [2010/05/12 13:52:21 | 000,000,000 | ---- | C] ()
 Revo Uninstaller.lnk -> C:\Users\Bryan\Desktop\Revo Uninstaller.lnk -> [2010/05/12 10:18:34 | 000,001,268 | ---- | C] ()
 MpSigStub.exe -> C:\Windows\SysWow64\MpSigStub.exe -> [2010/05/12 07:54:18 | 000,000,000 | ---- | C] ()
 MRT.exe -> C:\Windows\SysWow64\MRT.exe -> [2010/05/12 07:53:03 | 000,000,000 | ---- | C] ()
 lpremove.exe -> C:\Windows\SysWow64\lpremove.exe -> [2010/05/11 06:38:37 | 000,000,000 | ---- | C] ()
 aitagent.EXE -> C:\Windows\SysWow64\aitagent.EXE -> [2010/05/11 06:31:36 | 000,000,000 | ---- | C] ()
 PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2010/05/10 16:23:07 | 000,219,128 | ---- | C] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2010/05/10 12:45:20 | 000,103,736 | ---- | C] ()
 PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2010/05/10 12:45:17 | 000,075,064 | ---- | C] ()
 game.ini -> C:\Windows\game.ini -> [2010/05/10 12:45:12 | 000,000,331 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/05/09 13:26:06 | 000,001,013 | ---- | C] ()
 Paragon Partition Manager™ 2010 Free Edition.lnk -> C:\Users\Bryan\Desktop\Paragon Partition Manager™ 2010 Free Edition.lnk -> [2010/05/08 21:03:54 | 000,002,519 | ---- | C] ()
 Eraser.lnk -> C:\Users\Public\Desktop\Eraser.lnk -> [2010/05/08 10:22:34 | 000,001,751 | ---- | C] ()
 Resmon.ResmonCfg -> C:\Users\Bryan\AppData\Local\Resmon.ResmonCfg -> [2010/05/08 10:16:55 | 000,007,597 | ---- | C] ()
 pcwutl.dll -> C:\Windows\SysWow64\pcwutl.dll -> [2010/05/07 17:39:36 | 000,000,000 | ---- | C] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 17:22:51 | 000,524,288 | -HS- | C] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 17:22:51 | 000,524,288 | -HS- | C] ()
 ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{7e448a08-5a18-11df-9743-00262d289fc4}.TM.blf -> [2010/05/07 17:22:51 | 000,065,536 | -HS- | C] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 13:38:52 | 000,524,288 | -HS- | C] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 13:38:52 | 000,524,288 | -HS- | C] ()
 ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{05d6a49e-5a18-11df-ad29-00262d289fc4}.TM.blf -> [2010/05/07 13:38:52 | 000,065,536 | -HS- | C] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 13:35:44 | 000,524,288 | -HS- | C] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 13:35:44 | 000,524,288 | -HS- | C] ()
 ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{db79ecf5-5a01-11df-a11f-00262d289fc4}.TM.blf -> [2010/05/07 13:35:44 | 000,065,536 | -HS- | C] ()
 GoogleUpdateTaskUserS-1-5-21-3488347447-2488368954-518346416-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3488347447-2488368954-518346416-1000Core.job -> [2010/05/07 09:58:16 | 000,000,856 | ---- | C] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/07 08:54:26 | 000,524,288 | -HS- | C] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/07 08:54:26 | 000,524,288 | -HS- | C] ()
 ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{006dea7b-59ee-11df-b8d5-00262d289fc4}.TM.blf -> [2010/05/07 08:54:26 | 000,065,536 | -HS- | C] ()
 StikyNot.exe -> C:\Windows\SysWow64\StikyNot.exe -> [2010/05/07 01:41:26 | 000,000,000 | ---- | C] ()
 pcwrun.exe -> C:\Windows\SysWow64\pcwrun.exe -> [2010/05/06 22:43:50 | 000,000,000 | ---- | C] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000002.regtrans-ms -> [2010/05/06 20:16:00 | 000,524,288 | -HS- | C] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/06 20:16:00 | 000,524,288 | -HS- | C] ()
 ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TM.blf -> C:\Users\Bryan\ntuser.dat{bd72ccac-597f-11df-9b4b-00262d289fc4}.TM.blf -> [2010/05/06 20:16:00 | 000,065,536 | -HS- | C] ()
 WerConCpl.dll -> C:\Windows\SysWow64\WerConCpl.dll -> [2010/05/05 01:17:07 | 000,000,000 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/13 22:32:39 | 000,043,318 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/13 22:32:39 | 000,029,779 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/13 22:32:39 | 000,026,489 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/13 22:32:39 | 000,026,040 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 16:42:10 | 000,064,000 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 14:03:59 | 000,364,544 | ---- | C] ()
 bdoscandellang.ini -> C:\Windows\bdoscandellang.ini -> [2009/01/05 15:44:10 | 000,000,453 | ---- | C] ()
[Custom Scans]
< netsvcs >
< drivers32 >
< %SYSTEMDRIVE%\*.* >
 BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/10/27 23:29:13 | 000,008,192 | RHS- | M] ()
 E0Z0LP11.MD5 -> C:\E0Z0LP11.MD5 -> [2009/10/07 09:24:27 | 000,003,411 | ---- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/06/04 14:46:34 | 3018,756,096 | -HS- | M] ()
 LPCD.DAT -> C:\LPCD.DAT -> [2009/10/07 09:23:28 | 000,000,308 | ---- | M] ()
 pagefile.sys -> C:\pagefile.sys -> [2010/06/04 14:46:35 | 4025,012,224 | -HS- | M] ()
 RHDSetup.log -> C:\RHDSetup.log -> [2009/10/27 22:47:27 | 000,002,035 | ---- | M] ()
 wubildr -> C:\wubildr -> [2010/05/14 00:16:58 | 000,088,813 | ---- | M] ()
 wubildr.mbr -> C:\wubildr.mbr -> [2010/05/14 00:16:58 | 000,008,192 | ---- | M] ()
< %systemroot%\*. /mp /s >
 
CREATERESTOREPOINT
Error creating restore point.
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\drivers\*.sys /180 >
 mbamswissarmy.sys -> C:\Windows\SysWOW64\drivers\mbamswissarmy.sys -> [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 OADriver.sys -> C:\Windows\SysWOW64\drivers\OADriver.sys -> [2010/05/27 06:56:00 | 000,052,880 | ---- | M] ()
 oahlp64.sys -> C:\Windows\SysWOW64\drivers\oahlp64.sys -> [2010/05/27 07:06:52 | 000,051,440 | ---- | M] ()
 OAmon.sys -> C:\Windows\SysWOW64\drivers\OAmon.sys -> [2010/05/27 06:56:00 | 000,035,984 | ---- | M] (Tall Emu)
< End of report >

Results of screen317's Security Check version 0.99.4
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET Online Scanner v3
Online Armor 4.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 20
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.2
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

As for the rest of the instuctions:
Still haven't discovered why these scans are freezing up in normal mode.
I don't know what other things may be wrong right now until I go back to normal and then use the computer under those circumstances. All the logs are with the exception of the mbam log which you got in the previous post.
When I updated OA++ to newest beta I ran the system check instead of trusting all and then had to go through each checkpoint one at a time. I don't know if I did something like denying service or blocking service to one of the apps. It was after that update that everything started happening. As a last resort should I consider a system restore from before the update? Or should I try and delete the OA++ and now load the newer (came out today) beta and use the trust all selection when setting up? I looked on the beta test site and no one else had anything similar to what I experienced. In other words I'm totally lost and confused.lol

#14 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 04 June 2010 - 04:27 PM

AVP Tool by Kaspersky

IMPORTANT: Save these instructions so you can have access to them while in Safe Mode.

Download the AVP Tool by Kaspersky from Here & save it to your desktop. Be aware that this is a large file.... approximately 60mb.

Reboot your computer into Safe Mode

You can do this by restarting your computer and continually tapping the F8 key until a menu appears
Use your up arrow key to highlight Safe Mode then press Enter
Double click the setup file to run it
Click Next to continue
Accept the License agreement then click Next
It will by default install to your desktop folder. Click Next
Once installed it will open a box. Click the Automatic scan tab
Under Automatic scan make sure the following are checked:

Hidden Startup Objects
System Memory
Disk Boot Sectors
My Computer
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear

Click on Scan at the top right hand corner
It will automatically neutralize any objects found
If some objects are left un-neutralized, click on Neutralize all
If you receive a message that an item cannot be neutralized then choose the Delete option when prompted
Once finished click the Reports button at the bottom
Name the file Kas & save it somewhere convenient like your desktop
Copy/paste only the detected Virus\malware from the report. It will be at the very top under Detected & post those results in your next reply
Note: This program will self uninstall when you close it so save the log before closing it

Proud Graduate of the WTT Classroom

Posted Image

#15 Bryan A

Authentic Member

Authentic Member
163 posts

Interests:Fantasy Football, Raising my Grand Kids, Chess, Golf and Basketball

Posted 04 June 2010 - 06:13 PM

Sweetech I don't know what the heck is going on. After the Kaspersky scan finished I hit report and it generated a screen that gave options to see what was found. It said 2 critical events but would not show what they are. I had options to view all or important or critical events, and then everything froze again when I asked for the critical events to be shown so I could copy and send them to you. I am getting so very frustrated now, i've never had these type of problems before just your every day run of the mill infections. I know you're also frustrated, just don't desert me now. lol

Body Background

skin color theme

[Resolved] Several Problems w/hjt and others

#1 Bryan A

Advertisements

Register to Remove

#2 SweetTech

#3 Bryan A

#4 SweetTech

#5 Bryan A

#6 SweetTech

#7 Bryan A

#8 SweetTech

#9 Bryan A

#10 SweetTech

Advertisements

Register to Remove

#11 Bryan A

#12 SweetTech

#13 Bryan A

#14 SweetTech

#15 Bryan A

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

[Resolved] Several Problems w/hjt and others

#1 Bryan A

Advertisements Register to Remove

#2 SweetTech

#3 Bryan A

#4 SweetTech

#5 Bryan A

#6 SweetTech

#7 Bryan A

#8 SweetTech

#9 Bryan A

#10 SweetTech

Advertisements Register to Remove

#11 Bryan A

#12 SweetTech

#13 Bryan A

#14 SweetTech

#15 Bryan A

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove