Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help Unknown Adware or Malware Keeps coming Back


  • This topic is locked This topic is locked
3 replies to this topic

#1 virusnoob

virusnoob

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 13 October 2009 - 09:49 AM

i keep having random sounds and ads playing with no browers open. I did a scan with MalwareBytes, Nod32, and Dr.Web. 6 things were found by MalwareBytes and were removed but it came back . Its been happening for a week now it keeps coming back . It has like commercial sounds bout Me winning and HN1N I don't know what to do. There also random popups windows with no browser open. So i found out bout Hijack this and coming here for help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:18 AM, on 10/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: chargeyourprofit browser enhancer - {B0B3389D-DFDA-0844-0A7F-EE3B8E6AE52C} - C:\Windows\SysWow64\vtavuvgjzau.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG311v3\wlancfg5.exe
O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1ca3e4ca093b9e8) (gupdate1ca3e4ca093b9e8) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8839 bytes

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 14 October 2009 - 04:06 PM

Hi,

Please do the following:


Download OTSto your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Check the box that says 64 bit
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 virusnoob

virusnoob

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 14 October 2009 - 10:49 PM

ok i attached the log ty and i copied and paste sorry. :blush:



OTS logfile created on: 10/14/2009 9:42:02 PM - Run 1
OTS by OldTimer - Version 3.0.22.0	 Folder = C:\Users\Richard\Documents\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 68.56% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 62.85 Gb Free Space | 42.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RICHARD-PC
Current User Name: Richard
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
acdaemon.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
acdaemon.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
acdaemon.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
acdaemon.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
acdaemon.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
acservice.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.)
applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.)
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> [2009/10/09 11:24:55 | 00,919,024 | ---- | M] (Google Inc.)
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> [2009/10/09 11:24:55 | 00,919,024 | ---- | M] (Google Inc.)
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> [2009/10/09 11:24:55 | 00,919,024 | ---- | M] (Google Inc.)
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> [2009/10/09 11:24:55 | 00,919,024 | ---- | M] (Google Inc.)
ekrn.exe -> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -> [2009/09/11 07:24:32 | 00,735,960 | ---- | M] (ESET)
ekrn.exe -> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -> [2009/09/11 07:24:32 | 00,735,960 | ---- | M] (ESET)
gogear_vibe_devicemanager.exe -> C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe -> [2009/07/06 15:04:00 | 01,611,152 | ---- | M] (Philips)
ituneshelper.exe -> C:\Program Files (x86)\iTunes\iTunesHelper.exe -> [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/08/01 17:14:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
ots.exe -> C:\Users\Richard\Documents\Downloads\OTS.exe -> [2009/10/14 21:40:27 | 00,519,168 | ---- | M] (OldTimer Tools)
ots.exe -> C:\Users\Richard\Documents\Downloads\OTS.exe -> [2009/10/14 21:40:27 | 00,519,168 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
64bit-(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2008/01/20 19:50:23 | 00,195,584 | ---- | M] (Microsoft Corporation)
64bit-(CscService) Offline Files [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2009/04/11 00:11:16 | 00,604,672 | ---- | M] (Microsoft Corporation)
64bit-(EhttpSrv) ESET HTTP Server [Win32_Own | On_Demand | Stopped] -> C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -> [2009/09/11 07:33:20 | 00,023,296 | ---- | M] (ESET)
64bit-(ekrn) ESET Service [Win32_Own | Auto | Running] -> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -> [2009/09/11 07:24:32 | 00,735,960 | ---- | M] (ESET)
64bit-(Fax) Fax [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\fxssvc.exe -> [2008/01/20 19:47:07 | 00,689,152 | ---- | M] (Microsoft Corporation)
64bit-(UmRdpService) Terminal Services UserMode Port Redirector [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2009/04/11 00:11:28 | 00,252,928 | ---- | M] (Microsoft Corporation)
64bit-(wbengine) Block Level Backup Engine Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2009/04/11 00:11:06 | 01,149,440 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 19:46:39 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 19:51:24 | 01,216,000 | ---- | M] (Microsoft Corporation)
(ACDaemon) ArcSoft Connect Daemon [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/03/29 21:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/03/29 21:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 19:50:39 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 19:50:39 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 08:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2009/02/18 11:40:06 | 00,042,840 | ---- | M] (Microsoft Corporation)
(gupdate1ca3e4ca093b9e8) Google Update Service (gupdate1ca3e4ca093b9e8) [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -> [2009/09/25 18:56:48 | 00,133,104 | ---- | M] (Google Inc.)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2009/02/18 11:39:12 | 00,857,432 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/09/21 16:36:16 | 00,660,256 | ---- | M] (Apple Inc.)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\keyiso.dll -> [2006/11/02 02:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006/11/02 06:34:14 | 00,000,000 | ---D | M]
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2009/04/10 23:28:24 | 00,592,896 | ---- | M] (Microsoft Corporation)
(npggsvc) nProtect GameGuard Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\GameMon.des -> [2009/05/20 01:50:20 | 02,772,302 | ---- | M] (INCA Internet Co., Ltd.)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2009/10/13 14:43:16 | 00,316,664 | ---- | M] (Valve Corporation)
(Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006/11/01 23:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006/11/01 23:35:15 | 00,055,846 | ---- | M] ()
 
[Driver Services - Safe List]
64bit-(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\csc.sys -> [2009/04/10 21:56:26 | 00,460,800 | ---- | M] (Microsoft Corporation)
64bit-(eamon) eamon [File_System | Auto | Running] -> C:\Windows\SysNative\DRIVERS\eamon.sys -> [2009/09/11 07:17:20 | 00,144,824 | ---- | M] (ESET)
64bit-(ehdrv) ehdrv [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\ehdrv.sys -> [2009/09/11 07:23:52 | 00,136,584 | ---- | M] (ESET)
64bit-(epfw) epfw [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\epfw.sys -> [2009/09/11 07:27:04 | 00,168,544 | ---- | M] (ESET)
64bit-(Epfwndis) Eset Personal Firewall [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Epfwndis.sys -> [2009/06/19 09:10:40 | 00,033,608 | ---- | M] (ESET)
64bit-(epfwwfp) epfwwfp [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\epfwwfp.sys -> [2009/09/11 07:27:10 | 00,044,944 | ---- | M] (ESET)
64bit-(fvevol) BitLocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\fvevol.sys -> [2009/04/11 00:15:32 | 00,160,744 | ---- | M] (Microsoft Corporation)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -> [2009/05/18 14:17:08 | 00,034,152 | ---- | M] (GEAR Software Inc.)
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/01 22:28:10 | 00,273,920 | ---- | M] (Microsoft Corporation)
64bit-(MRV6X64P) Vista 64-bits Native WiFi Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\MRVW13C.sys -> [2007/05/03 08:11:46 | 00,244,736 | ---- | M] (Marvell Semiconductor, Inc)
64bit-(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Rtlh64.sys -> [2007/06/25 05:37:14 | 00,108,032 | ---- | M] (Realtek Corporation											)
64bit-(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaudio.sys -> [2009/04/10 22:39:36 | 00,098,944 | ---- | M] (Microsoft Corporation)
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2008/01/20 19:46:34 | 00,046,080 | ---- | M] (Microsoft Corporation)
(archlp) archlp [Kernel | System | Running] -> C:\Windows\SysWow64\drivers\ArcHlp.sys -> [2008/08/12 17:08:04 | 00,143,872 | ---- | M] ()
(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\CSC -> [2009/07/23 15:29:28 | 00,000,000 | ---D | M]
(gdrv) gdrv [Kernel | On_Demand | Stopped] -> C:\Windows\gdrv.sys -> [2009/07/23 16:07:35 | 00,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider)
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWow64\Wbem\mpsdrv.mof -> [2006/09/18 14:35:23 | 00,001,088 | ---- | M] ()
(NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysWow64\npptNT2.sys -> [2005/01/02 14:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.)
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> C:\Windows\SysWow64\Wbem\tcpip.mof -> [2006/09/18 14:36:40 | 00,003,066 | ---- | M] ()
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
HKEY_USERS\.DEFAULT\: "ProxyOverride" -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-18\: "ProxyOverride" -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> -> 
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ -> 
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 8F 52 A4 04 82 23 CA 01  [binary data] -> 
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: URLSearchHooks\\"{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}" [HKLM] -> C:\Windows\SysWOW64\dvmurl.dll [DeviceVM Url Search Hook] -> [2008/05/02 15:08:14 | 00,146,528 | ---- | M] (DeviceVM Inc.)
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Richard\AppData\Roaming\Mozilla\FireFox\Profiles\rqxpncr4.default\prefs.js -> 
browser.search.selectedEngine -> "swagbucks.com" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com/webhp?hl=en" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 ->
extensions.enabledItems -> {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> bloodfire@example.com:3.5 ->
extensions.enabledItems -> {241aae70-0022-11de-87af-0800200c9a66}:3.5.2.08.11.09 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 ->
< FireFox Settings [User.js] > -> C:\Users\Richard\AppData\Roaming\Mozilla\FireFox\Profiles\rqxpncr4.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/07/23 18:01:17 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0} -> C:\PROGRAM FILES (X86)\ARCSOFT\MEDIA CONVERTER FOR PHILIPS\INTERNET VIDEO DOWNLOADER\PLUGIN_FIREFOX [C:\PROGRAM FILES (X86)\ARCSOFT\MEDIA CONVERTER FOR PHILIPS\INTERNET VIDEO DOWNLOADER\PLUGIN_FIREFOX] -> [2009/10/04 23:04:53 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009/09/16 20:37:47 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009/10/09 19:47:29 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com -> C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD -> 
< FireFox Extensions [User Folders] > -> 
 -> C:\Users\Richard\AppData\Roaming\mozilla\Extensions -> [2009/07/30 14:17:24 | 00,000,000 | ---D | M]
 -> C:\Users\Richard\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/07/30 14:17:24 | 00,000,000 | ---D | M]
 -> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
 -> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
 -> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{241aae70-0022-11de-87af-0800200c9a66} -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
 -> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
 -> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
 -> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
 -> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\bloodfire@example.com -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
< FireFox SearchPlugins [User Folders] > -> 
C:\Users\Richard\AppData\Roaming\Mozilla\FireFox\Profiles\rqxpncr4.default\searchplugins\ -> C:\Users\Richard\AppData\Roaming\Mozilla\FireFox\Profiles\rqxpncr4.default\searchplugins -> [2009/10/10 11:46:42 | 00,000,000 | ---D | M]
swagbuckscom.xml -> C:\Users\Richard\AppData\Roaming\Mozilla\FireFox\Profiles\rqxpncr4.default\searchplugins\swagbuckscom.xml -> [2009/10/10 11:46:42 | 00,001,183 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009/09/12 13:32:37 | 10,776,568 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/09/12 13:32:37 | 10,776,568 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -> [2009/09/12 13:32:37 | 10,776,568 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components -> [2009/09/16 20:37:47 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/09/12 13:32:35 | 00,023,544 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/09/12 13:32:35 | 00,137,208 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins -> [2009/10/09 19:47:29 | 00,000,000 | ---D | M]
np-mswmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
npdeploytk.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/08/01 17:14:12 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
npdnu.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnu.dll -> [2009/07/07 14:20:42 | 00,061,440 | ---- | M] (AOL LLC)
npdnu.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnu.xpt -> [2009/07/07 14:20:42 | 00,000,142 | ---- | M] ()
npdnupdater2.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnupdater2.dll -> [2009/07/07 14:20:42 | 00,065,536 | ---- | M] (AOL LLC)
npdnupdater2.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnupdater2.xpt -> [2009/07/07 14:20:42 | 00,000,179 | ---- | M] ()
npnul32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/09/12 13:32:36 | 00,065,016 | ---- | M] (mozilla.org)
NPOFF12.DLL -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation)
npqtplugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npViewpoint.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npViewpoint.dll -> [2007/04/16 10:07:12 | 00,180,293 | ---- | M] ()
npViewpoint.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npViewpoint.xpt -> [2006/10/09 11:26:35 | 00,000,266 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/09/16 20:37:47 | 00,004,208 | ---- | M] ()
WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007/03/30 10:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007/03/30 10:43:58 | 00,003,352 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins -> [2009/07/23 18:00:56 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/07/15 11:10:00 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/07/15 11:10:00 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/07/15 11:10:00 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/07/15 11:10:00 | 00,002,344 | ---- | M] ()
google.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/07/15 11:10:00 | 00,002,371 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/07/15 11:10:00 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/07/15 11:10:00 | 00,000,792 | ---- | M] ()
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1	   localhost
::1			 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{11222041-111B-46E3-BD29-EFB2449479B1} [HKLM] -> C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll [IEPlugin Class] -> [2008/12/24 17:38:20 | 00,145,920 | ---- | M] (ArcSoft, Inc.)
{201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [AskBar BHO] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/08/01 17:14:12 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"egui" -> C:\Program Files\ESET\ESET Smart Security\egui.exe ["C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice] -> [2009/09/11 07:23:46 | 02,716,216 | ---- | M] (ESET)
"RtHDVCpl" -> C:\Windows\RAVCpl64.exe [RAVCpl64.exe] -> [2008/07/24 03:18:08 | 06,452,256 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Windows\SkyTel.exe [Skytel.exe] -> [2008/07/24 03:18:48 | 01,833,504 | ---- | M] (Realtek Semiconductor Corp.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 19:46:39 | 01,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ArcSoft Connection Service" -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe ["C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"] -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
"GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation)
"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"] -> [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/09/05 01:54:42 | 00,417,792 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/08/01 17:14:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/10 23:28:04 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/10 23:28:24 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/10 23:28:04 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/10 23:28:24 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Aim" -> C:\Program Files (x86)\AIM\aim.exe ["C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US] -> [2009/09/16 09:10:12 | 03,634,024 | ---- | M] (AOL LLC)
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2009/04/11 00:10:54 | 01,555,968 | ---- | M] (Microsoft Corporation)
"Steam" -> c:\program files (x86)\steam\steam.exe ["c:\program files (x86)\steam\steam.exe" -silent] -> [2009/08/01 23:51:46 | 01,217,784 | ---- | M] (Valve Corporation)
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"ForceActiveDesktopOn" ->  [0] -> File not found
\\"BindDirectlyToPropertySetStorage" ->  [0] -> File not found
\\"NoActiveDesktopChanges" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [0] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4821 domain(s) found. -> 
25 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{53B51592-39F5-4C5B-B530-222626A484F5}\\DhcpNameServer -> 192.168.1.254   (NETGEAR WG311v3 54Mbps Wireless PCI Adapter) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 00:10:18 | 03,079,168 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/04/10 23:27:38 | 02,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL -> 
MrvGINA.dll ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{E31004D1-A431-41B8-826F-E902F9D95C81}" [HKLM] -> C:\Windows\SysNative\DreamScene.dll [Windows DreamScene] -> [2007/07/19 16:55:46 | 00,275,360 | ---- | M] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{292FF2AC-F194-42FC-A9A9-1B4095147796} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{3747B703-00A5-4EDF-98CB-15729ADA5664} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
{3B90AEAF-56F9-4A7A-B14B-AC1C6E181A00} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32805 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{559B0E0F-9C29-4CF3-90AC-85230F422B57} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
{5651A646-29CD-4FCE-BB01-3DCCAEF9A971} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32785 | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{62EA648F-4024-470A-A56B-D54CD084BA9C} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32809 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{674EB58B-1D72-4C01-AE8A-22180BE3E5D7} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32789 | app=%systemroot%\system32\svchost.exe | svc=fdphost | 
{6D80326E-E9B5-4718-A5F7-828C09498837} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
{7090B5FE-1487-4FD6-A3A6-F47BAF7C8C2A} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32753 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{7CF91F14-1CDC-44CB-851C-3E86EB17A038} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
{87A13BD3-E118-42BC-8EA8-8CE7D43CDF69} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{A7CE8414-4601-40A3-ACB8-C801E53CE386} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
{A96A4C99-42B0-4B11-B020-3374B9E10969} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32757 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{C537E840-62C6-4680-827E-2AB2F5E71429} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{D931C874-BDF0-4DE1-A20F-8C5FFE7D0E5B} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{D9371436-3997-427F-917E-2C9CBA6F2104} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{DA59B075-F8AA-41F7-86C1-916120EC2B50} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32801 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{F6B8A1EA-FCF1-474B-AE96-EA0EA940409E} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32811 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | 
{F8809FD4-0112-4D4D-AB7D-C1F348D1232F} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0263ABB3-0247-42EC-B57B-8F41A009669B} -> profile=public | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files (x86)\ventrilo\ventrilo.exe | 
{0C2DF3DC-580B-48B8-BA4A-D962B5EBD06A} -> profile=public | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | 
{1C022513-A4A8-440B-B02C-3B7A8C0FA0BE} -> profile=public | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
{1CEC82F2-7918-4E3F-8BC7-743166FD25A4} -> profile=private | protocol=17 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
{1E25B0D0-3F4F-4876-86FD-9D8C7E85AF94} -> profile=public | protocol=6 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe | 
{207C2E90-C5D2-4F84-A2D9-AC37C2237AD7} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{24294DE9-1A41-4291-937A-16993855C6E6} -> profile=private | protocol=17 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe | 
{2BC4E210-DE23-4340-8883-9A34BE8D0F9F} -> profile=public | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
{333E22A1-6EA8-48DE-BDFB-D2A919C3C510} -> profile=private | protocol=17 | dir=in | action=allow | name=left 4 dead | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
{34DB8B9B-46DA-4EDA-8455-770626074FD6} -> profile=public | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{3BF9708B-E112-469B-9D82-1F48BE3677A0} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{4524F63A-B9B3-45C5-999F-D50A91D5EB1E} -> profile=private | protocol=17 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe | 
{45DD5C3D-AE2F-4CD8-B68D-023E8AAE8117} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{4A5F00C1-9392-44DB-B7CA-6701A5EDDC7F} -> profile=private | protocol=6 | dir=in | action=allow | name=left 4 dead | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
{4C30B5C4-1BFA-4B2D-A183-D5AFE3CFE09B} -> profile=private | protocol=17 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{4DBF565C-599C-4597-8B4F-1210F7405A3C} -> profile=public | protocol=17 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe | 
{57475D41-02B7-415B-8012-AD05740FA96E} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{5FB314B3-A5F4-4DB9-ADEB-F74F895BFAA9} -> profile=private | protocol=6 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
{66DD8431-4583-428D-B88B-63FE69F24262} -> profile=private | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | 
{67C5BE2D-F8B3-473C-82C3-9EB6FACCEE8D} -> profile=private | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe | 
{6A4769CC-6CF4-4615-B20A-6C452781CB1E} -> profile=private | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | 
{7A992A76-77E5-4A56-AD54-2397DC1E7FDB} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
{7F227A0C-4F7C-4595-A85D-24CC7AD6693D} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{82F38701-EA52-4535-ABF8-C6BFDF583B57} -> profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-32821 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{962D8A01-0F9F-4DCD-A7FA-38EE695DD98B} -> profile=private | protocol=6 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{9D4094EC-868F-46D2-A4B9-086A01ADBE40} -> profile=private | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe | 
{A891BD5E-3AD3-4F2F-BD54-8676CF2E2B9A} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
{ABA0F3C9-E331-4712-88CA-7F8880EAFF0B} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{B9976C92-71CF-48DE-A067-E1B49533F412} -> profile=private | protocol=6 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe | 
{BF513B82-E117-45CA-9947-80AB2747B8EB} -> profile=private | protocol=6 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe | 
{C194B8D9-1A38-43BA-B00A-864A23058651} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{C731C54F-78CC-4DC5-A46A-B04288446C18} -> profile=public | protocol=6 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe | 
{CAC5DEE7-FEDD-40F2-8305-78024E97F1EB} -> profile=private | protocol=17 | dir=in | action=allow | name=purplebean.exe | app=c:\users\richard\appdata\local\temp\purplebean.exe | 
{CC35092A-8310-48C5-B1B4-A7398054765C} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
{CD9100D5-ED93-464D-A4D9-3B8E43549B39} -> profile=public | protocol=17 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe | 
{D91A0522-57CD-45F5-AFDD-89417A8B7092} -> profile=public | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | 
{DFC30D0D-45F5-40B8-8424-DA150201427A} -> profile=public | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files (x86)\ventrilo\ventrilo.exe | 
{E276F479-6AFF-47BE-95AA-D3F50D200951} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
{E7774075-8D33-4AC6-886B-779EADEFDE79} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{EC5FC0A2-7646-4C1F-A942-02A945697699} -> profile=public | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{F4D358B7-B4B1-4034-AB70-6E23A505070A} -> profile=private | protocol=6 | dir=in | action=allow | name=purplebean.exe | app=c:\users\richard\appdata\local\temp\purplebean.exe | 
TCP Query User{11D47028-87B1-404F-8A96-DA38F8274B9E}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe | 
TCP Query User{23225FB4-8FDB-4E04-9ED4-5690ED2EA501}C:\program files (x86)\utorrent\utorrent.exe -> profile=public | protocol=6 | dir=in | action=allow | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe | 
TCP Query User{449FB625-9ABE-4C7F-BDB6-664BDBA7765D}C:\program files (x86)\softnyx\gunboundwc\gunbound.gme -> profile=private | protocol=6 | dir=in | action=allow | name=gunbound | app=c:\program files (x86)\softnyx\gunboundwc\gunbound.gme | 
TCP Query User{529EF7FE-4896-4F28-A2C8-2AC1A5589312}C:\program files (x86)\aim6\aim6.exe -> profile=public | protocol=6 | dir=in | action=block | name=aim | app=c:\program files (x86)\aim6\aim6.exe | 
TCP Query User{65EA2044-2BC0-4AA8-B750-C2077618EE30}C:\programdata\ijjigame\plauncher.exe -> profile=private | protocol=6 | dir=in | action=allow | name=plauncher application | app=c:\programdata\ijjigame\plauncher.exe | 
TCP Query User{70F5F803-6605-4F93-BCB8-7FC7B40AE6B3}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe -> profile=public | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe | 
TCP Query User{8E0F624C-4F5B-4685-B2C1-439BC90D9D39}C:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe | 
TCP Query User{93850699-B00A-4C70-BB66-6C4BE75941FD}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe -> profile=public | protocol=6 | dir=in | action=block | name=left4dead | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
TCP Query User{B4AE72A4-6DE3-4B94-A7F0-46345F5B6F51}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | 
TCP Query User{CF8B0874-226B-4D19-B26E-12157175BFB5}C:\ijji\english\u_sf\soldierfront.exe -> profile=private | protocol=6 | dir=in | action=allow | name=soldierfront | app=c:\ijji\english\u_sf\soldierfront.exe | 
TCP Query User{EFAF5108-A3CE-41DA-8F78-8EFA1EB719D7}C:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe | 
UDP Query User{2706EC7E-C589-437D-9155-D5D383167F56}C:\program files (x86)\softnyx\gunboundwc\gunbound.gme -> profile=private | protocol=17 | dir=in | action=allow | name=gunbound | app=c:\program files (x86)\softnyx\gunboundwc\gunbound.gme | 
UDP Query User{330D3474-B5CB-4879-B131-C5FBDBCB279A}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe -> profile=public | protocol=17 | dir=in | action=block | name=left4dead | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
UDP Query User{71B3E63D-D8D6-487E-AABD-F25917EC547D}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe -> profile=public | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe | 
UDP Query User{734FEFC8-7FD0-4701-9E78-337E885D71E3}C:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe | 
UDP Query User{7D46BA11-01A5-4202-AC70-7E30BD15FA38}C:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe | 
UDP Query User{8BB16ACE-FFF0-4826-9540-A322DD1BE248}C:\program files (x86)\aim6\aim6.exe -> profile=public | protocol=17 | dir=in | action=block | name=aim | app=c:\program files (x86)\aim6\aim6.exe | 
UDP Query User{8CDE59F1-4963-4B3F-B302-322213ADA08E}C:\ijji\english\u_sf\soldierfront.exe -> profile=private | protocol=17 | dir=in | action=allow | name=soldierfront | app=c:\ijji\english\u_sf\soldierfront.exe | 
UDP Query User{8CE76999-3C34-48F8-A64B-9EA381FD8167}C:\programdata\ijjigame\plauncher.exe -> profile=private | protocol=17 | dir=in | action=allow | name=plauncher application | app=c:\programdata\ijjigame\plauncher.exe | 
UDP Query User{8D07BE88-BC2B-41CC-BA72-39EEFAA32339}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe | 
UDP Query User{C552180A-72B4-4DD2-9726-7D47D3D21753}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | 
UDP Query User{D279E747-EE5C-495B-A7DC-CA21CC728994}C:\program files (x86)\utorrent\utorrent.exe -> profile=public | protocol=17 | dir=in | action=allow | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/04/10 22:34:40 | 00,079,872 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell
\E\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\AutoRun\command
\E\shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
\F
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell
\F\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell\AutoRun\command
\F\shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{7a07f208-7816-11de-bf29-001fd085a998}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a07f208-7816-11de-bf29-001fd085a998}\shell
\{7a07f208-7816-11de-bf29-001fd085a998}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a07f208-7816-11de-bf29-001fd085a998}\shell\AutoRun\command
\{7a07f208-7816-11de-bf29-001fd085a998}\shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
\{d3cc001a-91d6-11de-b036-001fd085a998}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3cc001a-91d6-11de-b036-001fd085a998}\shell
\{d3cc001a-91d6-11de-b036-001fd085a998}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3cc001a-91d6-11de-b036-001fd085a998}\shell\AutoRun\command
\{d3cc001a-91d6-11de-b036-001fd085a998}\shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 10/13/2009 12:59:57 AM Computer Name = Richard-PC | Source = Application Error | ID = 1000 -> Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334, faulting module studiorender.dll, version 0.0.0.0, time stamp 0x47140813, exception code 0xc0000005, fault offset 0x0003198a,  process id 0xda0, application start time 0x01ca4b9276ed0b2d.
Application [ Error ] 10/13/2009 6:22:39 PM Computer Name = Richard-PC | Source = Application Error | ID = 1000 -> Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334, faulting module datacache.dll, version 0.0.0.0, time stamp 0x46439c7b, exception code 0xc0000005, fault offset 0x0000b423,  process id 0x8c8, application start time 0x01ca4c4e5c372b80.
Application [ Error ] 10/13/2009 10:55:03 PM Computer Name = Richard-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 10/13/2009 11:52:34 PM Computer Name = Richard-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 -> Description = 
Application [ Error ] 10/13/2009 11:52:53 PM Computer Name = Richard-PC | Source = Microsoft-Windows-RestartManager | ID = 10007 -> Description = 
Application [ Error ] 10/13/2009 11:52:53 PM Computer Name = Richard-PC | Source = Microsoft-Windows-RestartManager | ID = 10007 -> Description = 
Application [ Error ] 10/13/2009 11:55:42 PM Computer Name = Richard-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 10/13/2009 11:59:12 PM Computer Name = Richard-PC | Source = SideBySide | ID = 16842830 -> Description = Activation context generation failed for "C:\Users\Richard\Documents\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.  Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Application [ Error ] 10/14/2009 5:27:34 PM Computer Name = Richard-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 10/15/2009 12:24:25 AM Computer Name = Richard-PC | Source = WinMgmt | ID = 10 -> Description = 
System [ Error ] 9/24/2009 3:12:15 AM Computer Name = Richard-PC | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 9/24/2009 4:49:37 AM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.8 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 9/24/2009 7:10:15 PM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.67 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 9/25/2009 9:35:33 AM Computer Name = Richard-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'SONY DVD RW DW-D22A ATA Device' (IDE\CdRomSONY_DVD_RW_DW-D22A_____________________BYS3____\6&3c85bda&0&0.0.0) disappeared from the system without first being prepared for removal.
System [ Error ] 9/25/2009 9:35:33 AM Computer Name = Richard-PC | Source = cdrom | ID = 262159 -> Description = The device, \Device\CdRom0, is not ready for access yet.
System [ Error ] 9/25/2009 9:35:33 AM Computer Name = Richard-PC | Source = cdrom | ID = 262159 -> Description = The device, \Device\CdRom0, is not ready for access yet.
System [ Error ] 9/25/2009 8:45:25 PM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.8 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 9/25/2009 9:42:50 PM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.9 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 9/26/2009 11:14:16 AM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.9 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 9/27/2009 2:52:11 AM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.9 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
 
[Files/Folders - Created Within 30 Days]
ProgramData -> C:\ProgramData -> [2009/10/10 14:36:09 | 00,000,000 | -H-D | M]
{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} -> C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} -> [2009/09/23 06:37:34 | 00,000,000 | ---D | M]
AIM -> C:\ProgramData\AIM -> [2009/09/27 10:17:15 | 00,000,000 | ---D | M]
Apple -> C:\ProgramData\Apple -> [2009/09/16 20:37:14 | 00,000,000 | ---D | M]
Apple Computer -> C:\ProgramData\Apple Computer -> [2009/09/16 20:38:21 | 00,000,000 | ---D | M]
ArcSoft -> C:\ProgramData\ArcSoft -> [2009/10/04 22:53:27 | 00,000,000 | -H-D | M]
ESET -> C:\ProgramData\ESET -> [2009/10/13 20:58:48 | 00,000,000 | ---D | M]
McAfee -> C:\ProgramData\McAfee -> [2009/10/09 17:24:19 | 00,000,000 | ---D | M]
Microsoft -> C:\ProgramData\Microsoft -> [2009/10/09 16:10:30 | 00,000,000 | --SD | M]
Microsoft Help -> C:\ProgramData\Microsoft Help -> [2009/10/13 22:13:03 | 00,000,000 | ---D | M]
NVIDIA -> C:\ProgramData\NVIDIA -> [2009/10/14 21:22:49 | 00,000,000 | ---D | M]
SiteAdvisor -> C:\ProgramData\SiteAdvisor -> [2009/10/03 23:54:35 | 00,000,000 | ---D | M]
Sony -> C:\ProgramData\Sony -> [2009/10/05 20:22:17 | 00,000,000 | ---D | M]
TEMP -> C:\ProgramData\TEMP -> [2009/10/07 17:52:00 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Richard\AppData\Roaming -> [2009/10/13 20:59:59 | 00,000,000 | ---D | M]
.minecraft -> C:\Users\Richard\AppData\Roaming\.minecraft -> [2009/10/01 19:16:11 | 00,000,000 | ---D | M]
Apple Computer -> C:\Users\Richard\AppData\Roaming\Apple Computer -> [2009/09/16 20:40:51 | 00,000,000 | ---D | M]
ArcSoft -> C:\Users\Richard\AppData\Roaming\ArcSoft -> [2009/10/04 10:17:37 | 00,000,000 | ---D | M]
Auslogics -> C:\Users\Richard\AppData\Roaming\Auslogics -> [2009/10/07 20:10:45 | 00,000,000 | ---D | M]
Download Manager -> C:\Users\Richard\AppData\Roaming\Download Manager -> [2009/10/09 16:27:14 | 00,000,000 | ---D | M]
ESET -> C:\Users\Richard\AppData\Roaming\ESET -> [2009/10/13 20:59:59 | 00,000,000 | ---D | M]
FrostWire -> C:\Users\Richard\AppData\Roaming\FrostWire -> [2009/10/14 08:17:58 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Richard\AppData\Roaming\Microsoft -> [2009/10/07 20:42:43 | 00,000,000 | --SD | M]
Publish Providers -> C:\Users\Richard\AppData\Roaming\Publish Providers -> [2009/10/05 20:29:07 | 00,000,000 | ---D | M]
Sony -> C:\Users\Richard\AppData\Roaming\Sony -> [2009/10/05 20:31:59 | 00,000,000 | ---D | M]
Uniblue -> C:\Users\Richard\AppData\Roaming\Uniblue -> [2009/10/04 10:28:44 | 00,000,000 | ---D | M]
Local -> C:\Users\Richard\AppData\Local -> [2009/10/13 20:17:05 | 00,000,000 | ---D | M]
AIM -> C:\Users\Richard\AppData\Local\AIM -> [2009/09/27 10:31:13 | 00,000,000 | ---D | M]
Apple -> C:\Users\Richard\AppData\Local\Apple -> [2009/09/16 20:37:15 | 00,000,000 | ---D | M]
Apple Computer -> C:\Users\Richard\AppData\Local\Apple Computer -> [2009/09/19 23:48:12 | 00,000,000 | ---D | M]
ArcSoft -> C:\Users\Richard\AppData\Local\ArcSoft -> [2009/10/04 22:11:11 | 00,000,000 | ---D | M]
ESET -> C:\Users\Richard\AppData\Local\ESET -> [2009/10/13 20:17:05 | 00,000,000 | ---D | M]
Google -> C:\Users\Richard\AppData\Local\Google -> [2009/09/25 19:00:08 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Richard\AppData\Local\Microsoft -> [2009/10/09 16:30:49 | 00,000,000 | ---D | M]
Microsoft Games -> C:\Users\Richard\AppData\Local\Microsoft Games -> [2009/09/18 22:32:23 | 00,000,000 | ---D | M]
Sony -> C:\Users\Richard\AppData\Local\Sony -> [2009/10/05 20:29:05 | 00,000,000 | ---D | M]
Temp -> C:\Users\Richard\AppData\Local\Temp -> [2009/10/14 21:42:14 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files (x86)\Common Files -> [2009/10/10 14:36:09 | 00,000,000 | ---D | M]
AOL -> C:\Program Files (x86)\Common Files\AOL -> [2009/10/04 09:52:59 | 00,000,000 | ---D | M]
Apple -> C:\Program Files (x86)\Common Files\Apple -> [2009/09/23 06:37:06 | 00,000,000 | ---D | M]
ArcSoft -> C:\Program Files (x86)\Common Files\ArcSoft -> [2009/09/23 06:55:47 | 00,000,000 | ---D | M]
AVSMedia -> C:\Program Files (x86)\Common Files\AVSMedia -> [2009/09/23 21:27:21 | 00,000,000 | ---D | M]
InstallShield -> C:\Program Files (x86)\Common Files\InstallShield -> [2009/09/23 06:54:09 | 00,000,000 | ---D | M]
microsoft shared -> C:\Program Files (x86)\Common Files\microsoft shared -> [2009/10/13 19:46:05 | 00,000,000 | ---D | M]
Software Update Utility -> C:\Program Files (x86)\Common Files\Software Update Utility -> [2009/10/04 09:53:05 | 00,000,000 | ---D | M]
Steam -> C:\Program Files (x86)\Common Files\Steam -> [2009/10/13 20:55:51 | 00,000,000 | ---D | M]
Program Files (x86) -> C:\Program Files (x86) -> [2009/10/14 14:25:44 | 00,000,000 | R--D | M]
AIM -> C:\Program Files (x86)\AIM -> [2009/10/04 09:53:24 | 00,000,000 | ---D | M]
Apple Software Update -> C:\Program Files (x86)\Apple Software Update -> [2009/09/16 20:37:14 | 00,000,000 | ---D | M]
ArcSoft -> C:\Program Files (x86)\ArcSoft -> [2009/10/04 23:04:40 | 00,000,000 | ---D | M]
AviSynth 2.5 -> C:\Program Files (x86)\AviSynth 2.5 -> [2009/09/23 20:56:55 | 00,000,000 | ---D | M]
AVS4YOU -> C:\Program Files (x86)\AVS4YOU -> [2009/09/23 21:27:24 | 00,000,000 | ---D | M]
Bonjour -> C:\Program Files (x86)\Bonjour -> [2009/09/16 20:37:58 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files (x86)\Common Files -> [2009/10/10 14:36:09 | 00,000,000 | ---D | M]
DivX -> C:\Program Files (x86)\DivX -> [2009/09/25 19:26:03 | 00,000,000 | ---D | M]
ERUNT -> C:\Program Files (x86)\ERUNT -> [2009/10/11 11:09:27 | 00,000,000 | ---D | M]
FrostWire -> C:\Program Files (x86)\FrostWire -> [2009/10/04 21:03:31 | 00,000,000 | ---D | M]
Google -> C:\Program Files (x86)\Google -> [2009/09/25 18:58:28 | 00,000,000 | ---D | M]
InstallShield Installation Information -> C:\Program Files (x86)\InstallShield Installation Information -> [2009/10/09 16:49:43 | 00,000,000 | -H-D | M]
Internet Explorer -> C:\Program Files (x86)\Internet Explorer -> [2009/10/13 19:52:18 | 00,000,000 | ---D | M]
iPod -> C:\Program Files (x86)\iPod -> [2009/09/23 06:37:07 | 00,000,000 | ---D | M]
iTunes -> C:\Program Files (x86)\iTunes -> [2009/09/23 06:37:31 | 00,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2009/10/11 11:30:17 | 00,000,000 | ---D | M]
MapleStory -> C:\Program Files (x86)\MapleStory -> [2009/09/26 00:16:18 | 00,000,000 | ---D | M]
Microsoft Works -> C:\Program Files (x86)\Microsoft Works -> [2009/10/13 19:44:37 | 00,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2009/10/14 07:54:59 | 00,000,000 | ---D | M]
QuickTime -> C:\Program Files (x86)\QuickTime -> [2009/09/16 20:37:47 | 00,000,000 | ---D | M]
SiteAdvisor -> C:\Program Files (x86)\SiteAdvisor -> [2009/10/03 23:54:30 | 00,000,000 | ---D | M]
Sony -> C:\Program Files (x86)\Sony -> [2009/10/05 20:22:09 | 00,000,000 | ---D | M]
Sony Setup -> C:\Program Files (x86)\Sony Setup -> [2009/10/05 20:21:03 | 00,000,000 | ---D | M]
SpywareBlaster -> C:\Program Files (x86)\SpywareBlaster -> [2009/10/07 17:37:00 | 00,000,000 | ---D | M]
Steam -> C:\Program Files (x86)\Steam -> [2009/10/14 21:27:21 | 00,000,000 | ---D | M]
Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2009/10/07 17:03:20 | 00,000,000 | ---D | M]
Vstplugins -> C:\Program Files (x86)\Vstplugins -> [2009/10/05 20:22:20 | 00,000,000 | ---D | M]
Windows Mail -> C:\Program Files (x86)\Windows Mail -> [2009/10/13 19:52:18 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/10/09 17:24:16 | 00,000,000 | ---D | M]
Apple -> C:\Program Files\Common Files\Apple -> [2009/09/23 06:34:26 | 00,000,000 | ---D | M]
Program Files -> C:\Program Files -> [2009/10/13 20:58:48 | 00,000,000 | R--D | M]
Common Files -> C:\Program Files\Common Files -> [2009/10/09 17:24:16 | 00,000,000 | ---D | M]
ESET -> C:\Program Files\ESET -> [2009/10/13 20:58:48 | 00,000,000 | ---D | M]
Internet Explorer -> C:\Program Files\Internet Explorer -> [2009/10/13 19:52:17 | 00,000,000 | ---D | M]
iTunes -> C:\Program Files\iTunes -> [2009/09/23 06:37:33 | 00,000,000 | ---D | M]
Recuva -> C:\Program Files\Recuva -> [2009/10/04 11:09:17 | 00,000,000 | ---D | M]
Windows Mail -> C:\Program Files\Windows Mail -> [2009/10/13 19:52:18 | 00,000,000 | ---D | M]
mshtml.dll -> C:\Windows\SysWow64\mshtml.dll -> [2009/10/13 19:15:22 | 05,940,224 | ---- | C] (Microsoft Corporation)
mshtml.dll -> C:\Windows\SysNative\mshtml.dll -> [2009/10/13 19:15:21 | 09,236,992 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysNative\ieframe.dll -> [2009/10/13 19:15:20 | 12,461,568 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysWow64\ieframe.dll -> [2009/10/13 19:15:18 | 11,069,440 | ---- | C] (Microsoft Corporation)
iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2009/10/13 19:15:18 | 02,334,208 | ---- | C] (Microsoft Corporation)
iertutil.dll -> C:\Windows\SysWow64\iertutil.dll -> [2009/10/13 19:15:18 | 01,985,536 | ---- | C] (Microsoft Corporation)
urlmon.dll -> C:\Windows\SysNative\urlmon.dll -> [2009/10/13 19:15:17 | 01,484,288 | ---- | C] (Microsoft Corporation)
urlmon.dll -> C:\Windows\SysWow64\urlmon.dll -> [2009/10/13 19:15:17 | 01,208,832 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2009/10/13 19:15:17 | 01,147,904 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2009/10/13 19:15:17 | 00,916,480 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2009/10/13 19:15:17 | 00,459,776 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\SysNative\occache.dll -> [2009/10/13 19:15:17 | 00,243,712 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\SysWow64\occache.dll -> [2009/10/13 19:15:17 | 00,206,848 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2009/10/13 19:15:16 | 01,538,560 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2009/10/13 19:15:16 | 01,469,440 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2009/10/13 19:15:16 | 00,700,928 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2009/10/13 19:15:16 | 00,594,432 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2009/10/13 19:15:16 | 00,387,584 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2009/10/13 19:15:15 | 00,252,416 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2009/10/13 19:15:15 | 00,184,320 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2009/10/13 19:15:15 | 00,173,056 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2009/10/13 19:15:15 | 00,164,352 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2009/10/13 19:15:15 | 00,162,816 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2009/10/13 19:15:15 | 00,133,632 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2009/10/13 19:15:15 | 00,132,096 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2009/10/13 19:15:15 | 00,109,056 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\SysNative\msfeedsbs.dll -> [2009/10/13 19:15:15 | 00,071,680 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2009/10/13 19:15:15 | 00,070,656 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\SysWow64\msfeedsbs.dll -> [2009/10/13 19:15:15 | 00,055,296 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\SysNative\jsproxy.dll -> [2009/10/13 19:15:15 | 00,031,744 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\SysWow64\jsproxy.dll -> [2009/10/13 19:15:15 | 00,025,600 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2009/10/13 19:15:15 | 00,013,312 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2009/10/13 19:15:15 | 00,012,288 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysWow64\mshtml.tlb -> [2009/10/13 19:15:14 | 01,638,912 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysNative\mshtml.tlb -> [2009/10/13 19:15:14 | 01,638,912 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2009/10/13 19:15:14 | 00,219,136 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\SysNative\iesetup.dll -> [2009/10/13 19:15:14 | 00,077,312 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2009/10/13 19:15:14 | 00,072,192 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2009/10/13 19:15:14 | 00,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2009/10/13 19:15:14 | 00,055,808 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2009/10/13 19:10:06 | 04,698,168 | ---- | C] (Microsoft Corporation)
msv1_0.dll -> C:\Windows\SysNative\msv1_0.dll -> [2009/10/13 19:09:52 | 00,269,312 | ---- | C] (Microsoft Corporation)
msv1_0.dll -> C:\Windows\SysWow64\msv1_0.dll -> [2009/10/13 19:09:52 | 00,218,624 | ---- | C] (Microsoft Corporation)
WMSPDMOD.DLL -> C:\Windows\SysWow64\WMSPDMOD.DLL -> [2009/10/13 19:09:47 | 00,604,672 | ---- | C] (Microsoft Corporation)
WMSPDMOD.DLL -> C:\Windows\SysNative\WMSPDMOD.DLL -> [2009/10/13 19:09:46 | 00,818,688 | ---- | C] (Microsoft Corporation)
msasn1.dll -> C:\Windows\SysNative\msasn1.dll -> [2009/10/13 19:09:40 | 00,082,944 | ---- | C] (Microsoft Corporation)
msasn1.dll -> C:\Windows\SysWow64\msasn1.dll -> [2009/10/13 19:09:40 | 00,060,928 | ---- | C] (Microsoft Corporation)
srv2.sys -> C:\Windows\SysNative\drivers\srv2.sys -> [2009/10/13 19:09:37 | 00,174,592 | ---- | C] (Microsoft Corporation)
ERDNT -> C:\Windows\ERDNT -> [2009/10/11 11:11:38 | 00,000,000 | ---D | C]
Vegas Movie Studio PE 9.0 Projects -> C:\Users\Richard\Documents\Vegas Movie Studio PE 9.0 Projects -> [2009/10/05 20:28:56 | 00,000,000 | ---D | C]
Sony -> C:\ProgramData\Sony -> [2009/10/05 20:22:17 | 00,000,000 | ---D | C]
MSLUP60.dll -> C:\Windows\SysWow64\MSLUP60.dll -> [2009/10/04 22:08:55 | 00,393,216 | ---- | C] (Sample Corporation)
MSLURT.dll -> C:\Windows\SysWow64\MSLURT.dll -> [2009/10/04 22:08:55 | 00,249,856 | ---- | C] (Sample Corporation)
MMCEDT.exe -> C:\Windows\SysWow64\MMCEDT.exe -> [2009/10/04 22:08:55 | 00,061,440 | ---- | C] (ArcSoft Inc.)
MediaConverter -> C:\Users\Richard\Documents\MediaConverter -> [2009/10/04 10:17:38 | 00,000,000 | ---D | C]
SiteAdvisor -> C:\ProgramData\SiteAdvisor -> [2009/10/03 23:54:35 | 00,000,000 | ---D | C]
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009/10/02 14:44:40 | 00,238,960 | ---- | C] (Microsoft Corporation)
AIM -> C:\ProgramData\AIM -> [2009/09/27 10:17:15 | 00,000,000 | ---D | C]
Downloads -> C:\Users\Richard\Documents\Downloads -> [2009/09/25 19:00:58 | 00,000,000 | ---D | C]
Replay Converter 3 -> C:\Windows\Replay Converter 3 -> [2009/09/23 07:37:29 | 00,000,000 | ---D | C]
Media Converter for Philips -> C:\Users\Richard\Documents\Media Converter for Philips -> [2009/09/23 07:03:08 | 00,000,000 | ---D | C]
ArcSoft -> C:\ProgramData\ArcSoft -> [2009/09/23 06:55:57 | 00,000,000 | -H-D | C]
unicows.dll -> C:\Windows\SysWow64\unicows.dll -> [2009/09/23 06:55:38 | 00,245,408 | ---- | C] (Microsoft Corporation)
Philips -> C:\Philips -> [2009/09/23 06:53:35 | 00,000,000 | ---D | C]
temp -> C:\temp -> [2009/09/23 06:52:56 | 00,000,000 | ---D | C]
DRVSTORE -> C:\Windows\SysNative\DRVSTORE -> [2009/09/23 06:37:35 | 00,000,000 | ---D | C]
{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} -> C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} -> [2009/09/23 06:37:06 | 00,000,000 | ---D | C]
Apple Computer -> C:\ProgramData\Apple Computer -> [2009/09/16 20:37:32 | 00,000,000 | ---D | C]
Apple -> C:\ProgramData\Apple -> [2009/09/16 20:37:14 | 00,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
23 C:\Users\Richard\AppData\Local\Temp\*.tmp files -> C:\Users\Richard\AppData\Local\Temp\*.tmp -> 
NTUSER.DAT -> C:\Users\Richard\NTUSER.DAT -> [2009/10/14 21:42:20 | 09,175,040 | -HS- | M] ()
User_Feed_Synchronization-{12D2AAC3-713A-447E-8DC7-4B4DEE477597}.job -> C:\Windows\tasks\User_Feed_Synchronization-{12D2AAC3-713A-447E-8DC7-4B4DEE477597}.job -> [2009/10/14 21:42:14 | 00,000,438 | -H-- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009/10/14 21:29:16 | 00,598,350 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009/10/14 21:29:16 | 00,101,988 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009/10/14 21:29:15 | 00,694,964 | ---- | M] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2009/10/14 21:26:07 | 00,035,085 | ---- | M] ()
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2009/10/14 21:26:06 | 00,035,085 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2009/10/14 21:25:46 | 00,000,894 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/14 21:22:51 | 00,003,760 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/14 21:22:51 | 00,003,760 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/10/14 21:22:47 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/10/14 21:22:42 | 00,067,584 | --S- | M] ()
NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Richard\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms -> [2009/10/14 15:17:07 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf -> C:\Users\Richard\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf -> [2009/10/14 15:17:07 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Richard\AppData\Local\IconCache.db -> [2009/10/14 15:17:04 | 02,044,178 | -H-- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2009/10/14 15:16:01 | 00,000,898 | ---- | M] ()
Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2009/10/13 20:17:19 | 00,002,025 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Richard\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/10/13 19:56:10 | 00,100,272 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2009/10/13 19:54:17 | 00,371,440 | ---- | M] ()
win.ini -> C:\Windows\win.ini -> [2009/10/13 19:42:25 | 00,000,219 | ---- | M] ()
Research and explain the XYZ Affair  between the U.doc -> C:\Users\Richard\Desktop\Research and explain the XYZ Affair  between the U.doc -> [2009/10/12 21:45:07 | 00,077,824 | ---- | M] ()
XYZ Affair home cheat.doc -> C:\Users\Richard\Desktop\XYZ Affair home cheat.doc -> [2009/10/12 08:48:54 | 00,041,984 | ---- | M] ()
NTREGOPT.lnk -> C:\Users\Richard\Desktop\NTREGOPT.lnk -> [2009/10/11 11:09:21 | 00,000,763 | ---- | M] ()
ERUNT.lnk -> C:\Users\Richard\Desktop\ERUNT.lnk -> [2009/10/11 11:09:21 | 00,000,744 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/10/10 18:54:06 | 00,031,744 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2009/10/09 16:30:52 | 00,708,868 | ---- | M] ()
HijackThis.lnk -> C:\Users\Richard\Desktop\HijackThis.lnk -> [2009/10/07 17:03:20 | 00,001,928 | ---- | M] ()
Vegas Movie Studio Platinum 9.0.lnk -> C:\Users\Public\Desktop\Vegas Movie Studio Platinum 9.0.lnk -> [2009/10/05 20:22:24 | 00,001,998 | ---- | M] ()
Internet Video Downloader.lnk -> C:\Users\Public\Desktop\Internet Video Downloader.lnk -> [2009/10/04 23:05:00 | 00,002,206 | ---- | M] ()
Media Converter for Philips.lnk -> C:\Users\Public\Desktop\Media Converter for Philips.lnk -> [2009/10/04 23:05:00 | 00,002,071 | ---- | M] ()
Philips GoGear VIBE Device Manager.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk -> [2009/10/04 23:03:11 | 00,000,921 | ---- | M] ()
Philips GoGear VIBE Device Manager.lnk -> C:\Users\Public\Desktop\Philips GoGear VIBE Device Manager.lnk -> [2009/10/04 23:03:11 | 00,000,887 | ---- | M] ()
TotalMedia Theatre.lnk -> C:\Users\Public\Desktop\TotalMedia Theatre.lnk -> [2009/10/04 22:09:53 | 00,001,848 | ---- | M] ()
FrostWire 4.18.3.lnk -> C:\Users\Richard\Desktop\FrostWire 4.18.3.lnk -> [2009/10/04 21:03:00 | 00,001,046 | ---- | M] ()
Recuva.lnk -> C:\Users\Richard\Desktop\Recuva.lnk -> [2009/10/04 11:09:17 | 00,001,606 | ---- | M] ()
IPH.PH -> C:\IPH.PH -> [2009/10/04 09:53:39 | 00,001,072 | -H-- | M] ()
AIM.lnk -> C:\Users\Public\Desktop\AIM.lnk -> [2009/10/04 09:53:30 | 00,001,752 | ---- | M] ()
CCleaner.lnk -> C:\Users\Richard\Desktop\CCleaner.lnk -> [2009/10/03 22:24:33 | 00,001,724 | ---- | M] ()
mrt.exe -> C:\Windows\SysNative\mrt.exe -> [2009/10/02 11:40:19 | 26,575,296 | ---- | M] (Microsoft Corporation)
Left 4 Dead.lnk -> C:\Users\Richard\Desktop\Left 4 Dead.lnk -> [2009/10/01 20:42:31 | 00,001,792 | ---- | M] ()
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009/10/01 10:29:14 | 00,238,960 | ---- | M] (Microsoft Corporation)
nvdisp.nvu -> C:\Windows\SysNative\nvdisp.nvu -> [2009/09/27 23:12:22 | 00,014,646 | ---- | M] ()
NvApps.xml -> C:\Windows\SysNative\NvApps.xml -> [2009/09/27 18:22:50 | 00,253,738 | ---- | M] ()
NvwsApps.xml -> C:\Windows\SysNative\NvwsApps.xml -> [2009/09/27 18:22:50 | 00,068,587 | ---- | M] ()
likinpark.avi -> C:\Users\Richard\likinpark.avi -> [2009/09/23 22:53:11 | 15,553,6058 | ---- | M] ()
AVS4YOU Software Navigator.lnk -> C:\Users\Richard\Desktop\AVS4YOU Software Navigator.lnk -> [2009/09/23 21:27:24 | 00,001,128 | ---- | M] ()
AVS Video Converter 6.lnk -> C:\Users\Richard\Desktop\AVS Video Converter 6.lnk -> [2009/09/23 21:27:05 | 00,001,079 | ---- | M] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2009/09/23 06:38:10 | 00,001,804 | ---- | M] ()
Msft_User_WpdMtpDr_01_00_00.Wdf -> C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf -> [2009/09/22 21:43:39 | 00,000,000 | -H-- | M] ()
Richs power point2.ppt -> C:\Users\Richard\Documents\Richs power point2.ppt -> [2009/09/21 22:30:21 | 06,273,536 | ---- | M] ()
Scribble words.docx -> C:\Users\Richard\Documents\Scribble words.docx -> [2009/09/21 01:46:06 | 00,373,089 | ---- | M] ()
keyfile3.drm -> C:\Users\Richard\AppData\Local\keyfile3.drm -> [2009/09/20 00:05:44 | 00,004,096 | -H-- | M] ()
Profane.docx -> C:\Users\Richard\Documents\Profane.docx -> [2009/09/18 00:13:00 | 00,010,412 | ---- | M] ()
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2009/09/16 20:37:41 | 00,001,756 | ---- | M] ()
Mzxamyx123.docx -> C:\Users\Richard\Documents\Mzxamyx123.docx -> [2009/09/15 23:43:42 | 00,012,404 | ---- | M] ()
 
[Files - No Company Name]
Research and explain the XYZ Affair  between the U.doc -> C:\Users\Richard\Desktop\Research and explain the XYZ Affair  between the U.doc -> [2009/10/12 20:15:51 | 00,077,824 | ---- | C] ()
XYZ Affair home cheat.doc -> C:\Users\Richard\Desktop\XYZ Affair home cheat.doc -> [2009/10/12 20:15:39 | 00,041,984 | ---- | C] ()
NTREGOPT.lnk -> C:\Users\Richard\Desktop\NTREGOPT.lnk -> [2009/10/11 11:09:21 | 00,000,763 | ---- | C] ()
ERUNT.lnk -> C:\Users\Richard\Desktop\ERUNT.lnk -> [2009/10/11 11:09:21 | 00,000,744 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2009/10/09 16:30:52 | 00,708,868 | ---- | C] ()
HijackThis.lnk -> C:\Users\Richard\Desktop\HijackThis.lnk -> [2009/10/07 17:03:20 | 00,001,928 | ---- | C] ()
Vegas Movie Studio Platinum 9.0.lnk -> C:\Users\Public\Desktop\Vegas Movie Studio Platinum 9.0.lnk -> [2009/10/05 20:22:24 | 00,001,998 | ---- | C] ()
TotalMedia Theatre.lnk -> C:\Users\Public\Desktop\TotalMedia Theatre.lnk -> [2009/10/04 22:09:53 | 00,001,848 | ---- | C] ()
ArcHlp.sys -> C:\Windows\SysWow64\drivers\ArcHlp.sys -> [2009/10/04 22:09:47 | 00,143,872 | ---- | C] ()
Recuva.lnk -> C:\Users\Richard\Desktop\Recuva.lnk -> [2009/10/04 11:09:17 | 00,001,606 | ---- | C] ()
AIM.lnk -> C:\Users\Public\Desktop\AIM.lnk -> [2009/10/04 09:53:30 | 00,001,752 | ---- | C] ()
Left 4 Dead.lnk -> C:\Users\Richard\Desktop\Left 4 Dead.lnk -> [2009/10/01 20:42:31 | 00,001,792 | ---- | C] ()
nvdisp.nvu -> C:\Windows\SysNative\nvdisp.nvu -> [2009/09/27 23:12:22 | 00,014,646 | ---- | C] ()
NvApps.xml -> C:\Windows\SysNative\NvApps.xml -> [2009/09/27 18:22:50 | 00,253,738 | ---- | C] ()
NvwsApps.xml -> C:\Windows\SysNative\NvwsApps.xml -> [2009/09/27 18:22:50 | 00,068,587 | ---- | C] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2009/09/25 19:11:22 | 00,000,898 | ---- | C] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2009/09/25 19:11:21 | 00,000,894 | ---- | C] ()
Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2009/09/25 18:58:23 | 00,002,025 | ---- | C] ()
FrostWire 4.18.3.lnk -> C:\Users\Richard\Desktop\FrostWire 4.18.3.lnk -> [2009/09/25 07:28:05 | 00,001,046 | ---- | C] ()
likinpark.avi -> C:\Users\Richard\likinpark.avi -> [2009/09/23 22:48:50 | 15,553,6058 | ---- | C] ()
AVS4YOU Software Navigator.lnk -> C:\Users\Richard\Desktop\AVS4YOU Software Navigator.lnk -> [2009/09/23 21:27:24 | 00,001,128 | ---- | C] ()
AVS Video Converter 6.lnk -> C:\Users\Richard\Desktop\AVS Video Converter 6.lnk -> [2009/09/23 21:27:05 | 00,001,079 | ---- | C] ()
ReplayConverterLog.log -> C:\Users\Richard\AppData\Roaming\ReplayConverterLog.log -> [2009/09/23 07:44:36 | 00,020,318 | ---- | C] ()
desktop.ini -> C:\Users\Richard\AppData\Roaming\desktop.ini -> [2009/09/23 06:56:55 | 00,000,006 | -HS- | C] ()
desktop.ini -> C:\Users\Richard\AppData\Local\desktop.ini -> [2009/09/23 06:56:55 | 00,000,006 | -HS- | C] ()
Internet Video Downloader.lnk -> C:\Users\Public\Desktop\Internet Video Downloader.lnk -> [2009/09/23 06:56:01 | 00,002,206 | ---- | C] ()
Media Converter for Philips.lnk -> C:\Users\Public\Desktop\Media Converter for Philips.lnk -> [2009/09/23 06:56:01 | 00,002,071 | ---- | C] ()
Philips GoGear VIBE Device Manager.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk -> [2009/09/23 06:53:35 | 00,000,921 | ---- | C] ()
Philips GoGear VIBE Device Manager.lnk -> C:\Users\Public\Desktop\Philips GoGear VIBE Device Manager.lnk -> [2009/09/23 06:53:35 | 00,000,887 | ---- | C] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2009/09/23 06:38:10 | 00,001,804 | ---- | C] ()
Msft_User_WpdMtpDr_01_00_00.Wdf -> C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf -> [2009/09/22 21:43:39 | 00,000,000 | -H-- | C] ()
Richs power point2.ppt -> C:\Users\Richard\Documents\Richs power point2.ppt -> [2009/09/21 15:53:42 | 06,273,536 | ---- | C] ()
Scribble words.docx -> C:\Users\Richard\Documents\Scribble words.docx -> [2009/09/21 01:46:02 | 00,373,089 | ---- | C] ()
keyfile3.drm -> C:\Users\Richard\AppData\Local\keyfile3.drm -> [2009/09/20 00:05:44 | 00,004,096 | -H-- | C] ()
Profane.docx -> C:\Users\Richard\Documents\Profane.docx -> [2009/09/18 00:12:59 | 00,010,412 | ---- | C] ()
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2009/09/16 20:37:41 | 00,001,756 | ---- | C] ()
Mzxamyx123.docx -> C:\Users\Richard\Documents\Mzxamyx123.docx -> [2009/09/15 23:43:42 | 00,012,404 | ---- | C] ()
{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> [2009/08/31 13:54:26 | 00,000,268 | ---- | C] ()
d3d8caps.dat -> C:\Users\Richard\AppData\Local\d3d8caps.dat -> [2009/08/25 17:59:41 | 00,000,552 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/08/05 20:52:07 | 00,368,640 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\SysWow64\EhStorAuthn.dll -> [2009/08/05 20:51:41 | 00,117,248 | ---- | C] ()
UserTile.png -> C:\Users\Richard\AppData\Roaming\UserTile.png -> [2009/08/05 10:53:43 | 00,024,088 | ---- | C] ()
ntuser.pol -> C:\ProgramData\ntuser.pol -> [2009/07/29 16:20:33 | 00,000,418 | RHS- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/07/24 02:23:04 | 00,031,744 | ---- | C] ()
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2009/07/23 18:26:45 | 00,035,085 | ---- | C] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2009/07/23 18:26:43 | 00,035,085 | ---- | C] ()
IconCache.db -> C:\Users\Richard\AppData\Local\IconCache.db -> [2009/07/23 18:25:30 | 02,044,178 | -H-- | C] ()
d3d9caps64.dat -> C:\Users\Richard\AppData\Local\d3d9caps64.dat -> [2009/07/23 18:21:02 | 00,000,732 | ---- | C] ()
GSetup.ini -> C:\Windows\GSetup.ini -> [2009/07/23 15:57:36 | 00,000,010 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Richard\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/07/23 15:53:46 | 00,100,272 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 19:49:10 | 00,060,124 | ---- | C] ()
desktop.ini -> C:\Program Files\desktop.ini -> [2006/11/02 08:24:55 | 00,000,174 | -HS- | C] ()
desktop.ini -> C:\Program Files (x86)\desktop.ini -> [2006/11/02 08:24:55 | 00,000,174 | -HS- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 05:34:27 | 00,000,219 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 05:34:27 | 00,000,219 | ---- | C] ()
 
[File - Lop Check]
 
[File - Purity Scan]
 
 
[Alternate Data Streams]
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

Attached Files

  • Attached File  OTS.Txt   195.24KB   277 downloads


#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 15 October 2009 - 03:33 AM

instructions deleted

you are being helped here

http://forums.whatth...ne_t107545.html

it is dangerous for your machine to follow two sets of instructions...

I am closing this thread

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users