ok i attached the log ty and i copied and paste sorry.
OTS logfile created on: 10/14/2009 9:42:02 PM - Run 1
OTS by OldTimer - Version 3.0.22.0 Folder = C:\Users\Richard\Documents\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 68.56% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 62.85 Gb Free Space | 42.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RICHARD-PC
Current User Name: Richard
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
acdaemon.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
acdaemon.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
acdaemon.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
acdaemon.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
acdaemon.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
acservice.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.)
applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.)
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> [2009/10/09 11:24:55 | 00,919,024 | ---- | M] (Google Inc.)
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> [2009/10/09 11:24:55 | 00,919,024 | ---- | M] (Google Inc.)
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> [2009/10/09 11:24:55 | 00,919,024 | ---- | M] (Google Inc.)
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> [2009/10/09 11:24:55 | 00,919,024 | ---- | M] (Google Inc.)
ekrn.exe -> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -> [2009/09/11 07:24:32 | 00,735,960 | ---- | M] (ESET)
ekrn.exe -> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -> [2009/09/11 07:24:32 | 00,735,960 | ---- | M] (ESET)
gogear_vibe_devicemanager.exe -> C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe -> [2009/07/06 15:04:00 | 01,611,152 | ---- | M] (Philips)
ituneshelper.exe -> C:\Program Files (x86)\iTunes\iTunesHelper.exe -> [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/08/01 17:14:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
ots.exe -> C:\Users\Richard\Documents\Downloads\OTS.exe -> [2009/10/14 21:40:27 | 00,519,168 | ---- | M] (OldTimer Tools)
ots.exe -> C:\Users\Richard\Documents\Downloads\OTS.exe -> [2009/10/14 21:40:27 | 00,519,168 | ---- | M] (OldTimer Tools)
[Win32 Services - Safe List]
64bit-(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2008/01/20 19:50:23 | 00,195,584 | ---- | M] (Microsoft Corporation)
64bit-(CscService) Offline Files [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2009/04/11 00:11:16 | 00,604,672 | ---- | M] (Microsoft Corporation)
64bit-(EhttpSrv) ESET HTTP Server [Win32_Own | On_Demand | Stopped] -> C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -> [2009/09/11 07:33:20 | 00,023,296 | ---- | M] (ESET)
64bit-(ekrn) ESET Service [Win32_Own | Auto | Running] -> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -> [2009/09/11 07:24:32 | 00,735,960 | ---- | M] (ESET)
64bit-(Fax) Fax [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\fxssvc.exe -> [2008/01/20 19:47:07 | 00,689,152 | ---- | M] (Microsoft Corporation)
64bit-(UmRdpService) Terminal Services UserMode Port Redirector [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2009/04/11 00:11:28 | 00,252,928 | ---- | M] (Microsoft Corporation)
64bit-(wbengine) Block Level Backup Engine Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2009/04/11 00:11:06 | 01,149,440 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 19:46:39 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 19:51:24 | 01,216,000 | ---- | M] (Microsoft Corporation)
(ACDaemon) ArcSoft Connect Daemon [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/03/29 21:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/03/29 21:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 19:50:39 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 19:50:39 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 08:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2009/02/18 11:40:06 | 00,042,840 | ---- | M] (Microsoft Corporation)
(gupdate1ca3e4ca093b9e8) Google Update Service (gupdate1ca3e4ca093b9e8) [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -> [2009/09/25 18:56:48 | 00,133,104 | ---- | M] (Google Inc.)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2009/02/18 11:39:12 | 00,857,432 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/09/21 16:36:16 | 00,660,256 | ---- | M] (Apple Inc.)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\keyiso.dll -> [2006/11/02 02:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006/11/02 06:34:14 | 00,000,000 | ---D | M]
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2009/04/10 23:28:24 | 00,592,896 | ---- | M] (Microsoft Corporation)
(npggsvc) nProtect GameGuard Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\GameMon.des -> [2009/05/20 01:50:20 | 02,772,302 | ---- | M] (INCA Internet Co., Ltd.)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2009/10/13 14:43:16 | 00,316,664 | ---- | M] (Valve Corporation)
(Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006/11/01 23:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006/11/01 23:35:15 | 00,055,846 | ---- | M] ()
[Driver Services - Safe List]
64bit-(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\csc.sys -> [2009/04/10 21:56:26 | 00,460,800 | ---- | M] (Microsoft Corporation)
64bit-(eamon) eamon [File_System | Auto | Running] -> C:\Windows\SysNative\DRIVERS\eamon.sys -> [2009/09/11 07:17:20 | 00,144,824 | ---- | M] (ESET)
64bit-(ehdrv) ehdrv [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\ehdrv.sys -> [2009/09/11 07:23:52 | 00,136,584 | ---- | M] (ESET)
64bit-(epfw) epfw [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\epfw.sys -> [2009/09/11 07:27:04 | 00,168,544 | ---- | M] (ESET)
64bit-(Epfwndis) Eset Personal Firewall [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Epfwndis.sys -> [2009/06/19 09:10:40 | 00,033,608 | ---- | M] (ESET)
64bit-(epfwwfp) epfwwfp [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\epfwwfp.sys -> [2009/09/11 07:27:10 | 00,044,944 | ---- | M] (ESET)
64bit-(fvevol) BitLocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\fvevol.sys -> [2009/04/11 00:15:32 | 00,160,744 | ---- | M] (Microsoft Corporation)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -> [2009/05/18 14:17:08 | 00,034,152 | ---- | M] (GEAR Software Inc.)
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/01 22:28:10 | 00,273,920 | ---- | M] (Microsoft Corporation)
64bit-(MRV6X64P) Vista 64-bits Native WiFi Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\MRVW13C.sys -> [2007/05/03 08:11:46 | 00,244,736 | ---- | M] (Marvell Semiconductor, Inc)
64bit-(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Rtlh64.sys -> [2007/06/25 05:37:14 | 00,108,032 | ---- | M] (Realtek Corporation )
64bit-(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaudio.sys -> [2009/04/10 22:39:36 | 00,098,944 | ---- | M] (Microsoft Corporation)
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2008/01/20 19:46:34 | 00,046,080 | ---- | M] (Microsoft Corporation)
(archlp) archlp [Kernel | System | Running] -> C:\Windows\SysWow64\drivers\ArcHlp.sys -> [2008/08/12 17:08:04 | 00,143,872 | ---- | M] ()
(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\CSC -> [2009/07/23 15:29:28 | 00,000,000 | ---D | M]
(gdrv) gdrv [Kernel | On_Demand | Stopped] -> C:\Windows\gdrv.sys -> [2009/07/23 16:07:35 | 00,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider)
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWow64\Wbem\mpsdrv.mof -> [2006/09/18 14:35:23 | 00,001,088 | ---- | M] ()
(NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysWow64\npptNT2.sys -> [2005/01/02 14:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.)
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> C:\Windows\SysWow64\Wbem\tcpip.mof -> [2006/09/18 14:36:40 | 00,003,066 | ---- | M] ()
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
HKEY_USERS\.DEFAULT\: "ProxyOverride" -> *.local ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-18\: "ProxyOverride" -> *.local ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> ->
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ ->
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us ->
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 8F 52 A4 04 82 23 CA 01 [binary data] ->
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: URLSearchHooks\\"{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}" [HKLM] -> C:\Windows\SysWOW64\dvmurl.dll [DeviceVM Url Search Hook] -> [2008/05/02 15:08:14 | 00,146,528 | ---- | M] (DeviceVM Inc.)
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Users\Richard\AppData\Roaming\Mozilla\FireFox\Profiles\rqxpncr4.default\prefs.js ->
browser.search.selectedEngine -> "swagbucks.com" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com/webhp?hl=en" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 ->
extensions.enabledItems -> {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> bloodfire@example.com:3.5 ->
extensions.enabledItems -> {241aae70-0022-11de-87af-0800200c9a66}:3.5.2.08.11.09 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 ->
< FireFox Settings [User.js] > -> C:\Users\Richard\AppData\Roaming\Mozilla\FireFox\Profiles\rqxpncr4.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/07/23 18:01:17 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0} -> C:\PROGRAM FILES (X86)\ARCSOFT\MEDIA CONVERTER FOR PHILIPS\INTERNET VIDEO DOWNLOADER\PLUGIN_FIREFOX [C:\PROGRAM FILES (X86)\ARCSOFT\MEDIA CONVERTER FOR PHILIPS\INTERNET VIDEO DOWNLOADER\PLUGIN_FIREFOX] -> [2009/10/04 23:04:53 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009/09/16 20:37:47 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009/10/09 19:47:29 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions -> ->
HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com -> C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD ->
< FireFox Extensions [User Folders] > ->
-> C:\Users\Richard\AppData\Roaming\mozilla\Extensions -> [2009/07/30 14:17:24 | 00,000,000 | ---D | M]
-> C:\Users\Richard\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/07/30 14:17:24 | 00,000,000 | ---D | M]
-> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
-> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
-> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{241aae70-0022-11de-87af-0800200c9a66} -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
-> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
-> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
-> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
-> C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\rqxpncr4.default\extensions\bloodfire@example.com -> [2009/10/09 17:25:26 | 00,102,225 | ---- | M] ()
< FireFox SearchPlugins [User Folders] > ->
C:\Users\Richard\AppData\Roaming\Mozilla\FireFox\Profiles\rqxpncr4.default\searchplugins\ -> C:\Users\Richard\AppData\Roaming\Mozilla\FireFox\Profiles\rqxpncr4.default\searchplugins -> [2009/10/10 11:46:42 | 00,000,000 | ---D | M]
swagbuckscom.xml -> C:\Users\Richard\AppData\Roaming\Mozilla\FireFox\Profiles\rqxpncr4.default\searchplugins\swagbuckscom.xml -> [2009/10/10 11:46:42 | 00,001,183 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009/09/12 13:32:37 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/09/12 13:32:37 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -> [2009/09/12 13:32:37 | 10,776,568 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components -> [2009/09/16 20:37:47 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/09/12 13:32:35 | 00,023,544 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/09/12 13:32:35 | 00,137,208 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins -> [2009/10/09 19:47:29 | 00,000,000 | ---D | M]
np-mswmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
npdeploytk.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/08/01 17:14:12 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
npdnu.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnu.dll -> [2009/07/07 14:20:42 | 00,061,440 | ---- | M] (AOL LLC)
npdnu.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnu.xpt -> [2009/07/07 14:20:42 | 00,000,142 | ---- | M] ()
npdnupdater2.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnupdater2.dll -> [2009/07/07 14:20:42 | 00,065,536 | ---- | M] (AOL LLC)
npdnupdater2.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnupdater2.xpt -> [2009/07/07 14:20:42 | 00,000,179 | ---- | M] ()
npnul32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/09/12 13:32:36 | 00,065,016 | ---- | M] (mozilla.org)
NPOFF12.DLL -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation)
npqtplugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/09/16 20:37:47 | 00,159,744 | ---- | M] (Apple Inc.)
npViewpoint.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npViewpoint.dll -> [2007/04/16 10:07:12 | 00,180,293 | ---- | M] ()
npViewpoint.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npViewpoint.xpt -> [2006/10/09 11:26:35 | 00,000,266 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/09/16 20:37:47 | 00,004,208 | ---- | M] ()
WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007/03/30 10:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007/03/30 10:43:58 | 00,003,352 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins -> [2009/07/23 18:00:56 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/07/15 11:10:00 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/07/15 11:10:00 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/07/15 11:10:00 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/07/15 11:10:00 | 00,002,344 | ---- | M] ()
google.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/07/15 11:10:00 | 00,002,371 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/07/15 11:10:00 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/07/15 11:10:00 | 00,000,792 | ---- | M] ()
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{11222041-111B-46E3-BD29-EFB2449479B1} [HKLM] -> C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll [IEPlugin Class] -> [2008/12/24 17:38:20 | 00,145,920 | ---- | M] (ArcSoft, Inc.)
{201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [AskBar BHO] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/08/01 17:14:12 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"egui" -> C:\Program Files\ESET\ESET Smart Security\egui.exe ["C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice] -> [2009/09/11 07:23:46 | 02,716,216 | ---- | M] (ESET)
"RtHDVCpl" -> C:\Windows\RAVCpl64.exe [RAVCpl64.exe] -> [2008/07/24 03:18:08 | 06,452,256 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Windows\SkyTel.exe [Skytel.exe] -> [2008/07/24 03:18:48 | 01,833,504 | ---- | M] (Realtek Semiconductor Corp.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 19:46:39 | 01,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ArcSoft Connection Service" -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe ["C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"] -> [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.)
"GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation)
"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"] -> [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/09/05 01:54:42 | 00,417,792 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/08/01 17:14:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/10 23:28:04 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/10 23:28:24 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/10 23:28:04 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/10 23:28:24 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Aim" -> C:\Program Files (x86)\AIM\aim.exe ["C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US] -> [2009/09/16 09:10:12 | 03,634,024 | ---- | M] (AOL LLC)
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2009/04/11 00:10:54 | 01,555,968 | ---- | M] (Microsoft Corporation)
"Steam" -> c:\program files (x86)\steam\steam.exe ["c:\program files (x86)\steam\steam.exe" -silent] -> [2009/08/01 23:51:46 | 01,217,784 | ---- | M] (Valve Corporation)
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"ForceActiveDesktopOn" -> [0] -> File not found
\\"BindDirectlyToPropertySetStorage" -> [0] -> File not found
\\"NoActiveDesktopChanges" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [0] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
\\"EnableUIADesktopToggle" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4821 domain(s) found. ->
25 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\] > -> HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2007572775-1956699559-2467264984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.254 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{53B51592-39F5-4C5B-B530-222626A484F5}\\DhcpNameServer -> 192.168.1.254 (NETGEAR WG311v3 54Mbps Wireless PCI Adapter) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 00:10:18 | 03,079,168 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/04/10 23:27:38 | 02,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
MrvGINA.dll -> -> File not found
*MultiFile Done* -> ->
< 64bit-SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{E31004D1-A431-41B8-826F-E902F9D95C81}" [HKLM] -> C:\Windows\SysNative\DreamScene.dll [Windows DreamScene] -> [2007/07/19 16:55:46 | 00,275,360 | ---- | M] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications ->
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{292FF2AC-F194-42FC-A9A9-1B4095147796} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system |
{3747B703-00A5-4EDF-98CB-15729ADA5664} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system |
{3B90AEAF-56F9-4A7A-B14B-AC1C6E181A00} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32805 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{559B0E0F-9C29-4CF3-90AC-85230F422B57} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system |
{5651A646-29CD-4FCE-BB01-3DCCAEF9A971} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32785 | app=%systemroot%\system32\svchost.exe | svc=fdphost |
{62EA648F-4024-470A-A56B-D54CD084BA9C} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32809 | app=%systemroot%\system32\svchost.exe | svc=fdrespub |
{674EB58B-1D72-4C01-AE8A-22180BE3E5D7} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32789 | app=%systemroot%\system32\svchost.exe | svc=fdphost |
{6D80326E-E9B5-4718-A5F7-828C09498837} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system |
{7090B5FE-1487-4FD6-A3A6-F47BAF7C8C2A} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32753 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{7CF91F14-1CDC-44CB-851C-3E86EB17A038} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system |
{87A13BD3-E118-42BC-8EA8-8CE7D43CDF69} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss |
{A7CE8414-4601-40A3-ACB8-C801E53CE386} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{A96A4C99-42B0-4B11-B020-3374B9E10969} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32757 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{C537E840-62C6-4680-827E-2AB2F5E71429} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system |
{D931C874-BDF0-4DE1-A20F-8C5FFE7D0E5B} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system |
{D9371436-3997-427F-917E-2C9CBA6F2104} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{DA59B075-F8AA-41F7-86C1-916120EC2B50} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32801 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{F6B8A1EA-FCF1-474B-AE96-EA0EA940409E} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32811 | app=%systemroot%\system32\svchost.exe | svc=fdrespub |
{F8809FD4-0112-4D4D-AB7D-C1F348D1232F} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{0263ABB3-0247-42EC-B57B-8F41A009669B} -> profile=public | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files (x86)\ventrilo\ventrilo.exe |
{0C2DF3DC-580B-48B8-BA4A-D962B5EBD06A} -> profile=public | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe |
{1C022513-A4A8-440B-B02C-3B7A8C0FA0BE} -> profile=public | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 |
{1CEC82F2-7918-4E3F-8BC7-743166FD25A4} -> profile=private | protocol=17 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
{1E25B0D0-3F4F-4876-86FD-9D8C7E85AF94} -> profile=public | protocol=6 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe |
{207C2E90-C5D2-4F84-A2D9-AC37C2237AD7} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{24294DE9-1A41-4291-937A-16993855C6E6} -> profile=private | protocol=17 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe |
{2BC4E210-DE23-4340-8883-9A34BE8D0F9F} -> profile=public | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 |
{333E22A1-6EA8-48DE-BDFB-D2A919C3C510} -> profile=private | protocol=17 | dir=in | action=allow | name=left 4 dead | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
{34DB8B9B-46DA-4EDA-8455-770626074FD6} -> profile=public | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 |
{3BF9708B-E112-469B-9D82-1F48BE3677A0} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{4524F63A-B9B3-45C5-999F-D50A91D5EB1E} -> profile=private | protocol=17 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe |
{45DD5C3D-AE2F-4CD8-B68D-023E8AAE8117} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{4A5F00C1-9392-44DB-B7CA-6701A5EDDC7F} -> profile=private | protocol=6 | dir=in | action=allow | name=left 4 dead | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
{4C30B5C4-1BFA-4B2D-A183-D5AFE3CFE09B} -> profile=private | protocol=17 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe |
{4DBF565C-599C-4597-8B4F-1210F7405A3C} -> profile=public | protocol=17 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe |
{57475D41-02B7-415B-8012-AD05740FA96E} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{5FB314B3-A5F4-4DB9-ADEB-F74F895BFAA9} -> profile=private | protocol=6 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
{66DD8431-4583-428D-B88B-63FE69F24262} -> profile=private | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe |
{67C5BE2D-F8B3-473C-82C3-9EB6FACCEE8D} -> profile=private | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
{6A4769CC-6CF4-4615-B20A-6C452781CB1E} -> profile=private | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe |
{7A992A76-77E5-4A56-AD54-2397DC1E7FDB} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{7F227A0C-4F7C-4595-A85D-24CC7AD6693D} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{82F38701-EA52-4535-ABF8-C6BFDF583B57} -> profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-32821 | app=%systemroot%\system32\svchost.exe | svc=upnphost |
{962D8A01-0F9F-4DCD-A7FA-38EE695DD98B} -> profile=private | protocol=6 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe |
{9D4094EC-868F-46D2-A4B9-086A01ADBE40} -> profile=private | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
{A891BD5E-3AD3-4F2F-BD54-8676CF2E2B9A} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{ABA0F3C9-E331-4712-88CA-7F8880EAFF0B} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{B9976C92-71CF-48DE-A067-E1B49533F412} -> profile=private | protocol=6 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe |
{BF513B82-E117-45CA-9947-80AB2747B8EB} -> profile=private | protocol=6 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe |
{C194B8D9-1A38-43BA-B00A-864A23058651} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{C731C54F-78CC-4DC5-A46A-B04288446C18} -> profile=public | protocol=6 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe |
{CAC5DEE7-FEDD-40F2-8305-78024E97F1EB} -> profile=private | protocol=17 | dir=in | action=allow | name=purplebean.exe | app=c:\users\richard\appdata\local\temp\purplebean.exe |
{CC35092A-8310-48C5-B1B4-A7398054765C} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{CD9100D5-ED93-464D-A4D9-3B8E43549B39} -> profile=public | protocol=17 | dir=in | action=allow | name=nexon messenger core | app=c:\nexon\combat arms\nmservice.exe |
{D91A0522-57CD-45F5-AFDD-89417A8B7092} -> profile=public | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe |
{DFC30D0D-45F5-40B8-8424-DA150201427A} -> profile=public | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files (x86)\ventrilo\ventrilo.exe |
{E276F479-6AFF-47BE-95AA-D3F50D200951} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{E7774075-8D33-4AC6-886B-779EADEFDE79} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{EC5FC0A2-7646-4C1F-A942-02A945697699} -> profile=public | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 |
{F4D358B7-B4B1-4034-AB70-6E23A505070A} -> profile=private | protocol=6 | dir=in | action=allow | name=purplebean.exe | app=c:\users\richard\appdata\local\temp\purplebean.exe |
TCP Query User{11D47028-87B1-404F-8A96-DA38F8274B9E}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe |
TCP Query User{23225FB4-8FDB-4E04-9ED4-5690ED2EA501}C:\program files (x86)\utorrent\utorrent.exe -> profile=public | protocol=6 | dir=in | action=allow | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe |
TCP Query User{449FB625-9ABE-4C7F-BDB6-664BDBA7765D}C:\program files (x86)\softnyx\gunboundwc\gunbound.gme -> profile=private | protocol=6 | dir=in | action=allow | name=gunbound | app=c:\program files (x86)\softnyx\gunboundwc\gunbound.gme |
TCP Query User{529EF7FE-4896-4F28-A2C8-2AC1A5589312}C:\program files (x86)\aim6\aim6.exe -> profile=public | protocol=6 | dir=in | action=block | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
TCP Query User{65EA2044-2BC0-4AA8-B750-C2077618EE30}C:\programdata\ijjigame\plauncher.exe -> profile=private | protocol=6 | dir=in | action=allow | name=plauncher application | app=c:\programdata\ijjigame\plauncher.exe |
TCP Query User{70F5F803-6605-4F93-BCB8-7FC7B40AE6B3}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe -> profile=public | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe |
TCP Query User{8E0F624C-4F5B-4685-B2C1-439BC90D9D39}C:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe |
TCP Query User{93850699-B00A-4C70-BB66-6C4BE75941FD}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe -> profile=public | protocol=6 | dir=in | action=block | name=left4dead | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
TCP Query User{B4AE72A4-6DE3-4B94-A7F0-46345F5B6F51}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
TCP Query User{CF8B0874-226B-4D19-B26E-12157175BFB5}C:\ijji\english\u_sf\soldierfront.exe -> profile=private | protocol=6 | dir=in | action=allow | name=soldierfront | app=c:\ijji\english\u_sf\soldierfront.exe |
TCP Query User{EFAF5108-A3CE-41DA-8F78-8EFA1EB719D7}C:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe |
UDP Query User{2706EC7E-C589-437D-9155-D5D383167F56}C:\program files (x86)\softnyx\gunboundwc\gunbound.gme -> profile=private | protocol=17 | dir=in | action=allow | name=gunbound | app=c:\program files (x86)\softnyx\gunboundwc\gunbound.gme |
UDP Query User{330D3474-B5CB-4879-B131-C5FBDBCB279A}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe -> profile=public | protocol=17 | dir=in | action=block | name=left4dead | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
UDP Query User{71B3E63D-D8D6-487E-AABD-F25917EC547D}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe -> profile=public | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe |
UDP Query User{734FEFC8-7FD0-4701-9E78-337E885D71E3}C:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\shadowneonx\counter-strike source\hl2.exe |
UDP Query User{7D46BA11-01A5-4202-AC70-7E30BD15FA38}C:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\xricheex\counter-strike source\hl2.exe |
UDP Query User{8BB16ACE-FFF0-4826-9540-A322DD1BE248}C:\program files (x86)\aim6\aim6.exe -> profile=public | protocol=17 | dir=in | action=block | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
UDP Query User{8CDE59F1-4963-4B3F-B302-322213ADA08E}C:\ijji\english\u_sf\soldierfront.exe -> profile=private | protocol=17 | dir=in | action=allow | name=soldierfront | app=c:\ijji\english\u_sf\soldierfront.exe |
UDP Query User{8CE76999-3C34-48F8-A64B-9EA381FD8167}C:\programdata\ijjigame\plauncher.exe -> profile=private | protocol=17 | dir=in | action=allow | name=plauncher application | app=c:\programdata\ijjigame\plauncher.exe |
UDP Query User{8D07BE88-BC2B-41CC-BA72-39EEFAA32339}C:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\dadumbass1\counter-strike source\hl2.exe |
UDP Query User{C552180A-72B4-4DD2-9726-7D47D3D21753}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
UDP Query User{D279E747-EE5C-495B-A7DC-CA21CC728994}C:\program files (x86)\utorrent\utorrent.exe -> profile=public | protocol=17 | dir=in | action=allow | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/04/10 22:34:40 | 00,079,872 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell
\E\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\shell\AutoRun\command
\E\shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
\F
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell
\F\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell\AutoRun\command
\F\shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{7a07f208-7816-11de-bf29-001fd085a998}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a07f208-7816-11de-bf29-001fd085a998}\shell
\{7a07f208-7816-11de-bf29-001fd085a998}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a07f208-7816-11de-bf29-001fd085a998}\shell\AutoRun\command
\{7a07f208-7816-11de-bf29-001fd085a998}\shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
\{d3cc001a-91d6-11de-b036-001fd085a998}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3cc001a-91d6-11de-b036-001fd085a998}\shell
\{d3cc001a-91d6-11de-b036-001fd085a998}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3cc001a-91d6-11de-b036-001fd085a998}\shell\AutoRun\command
\{d3cc001a-91d6-11de-b036-001fd085a998}\shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 10/13/2009 12:59:57 AM Computer Name = Richard-PC | Source = Application Error | ID = 1000 -> Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334, faulting module studiorender.dll, version 0.0.0.0, time stamp 0x47140813, exception code 0xc0000005, fault offset 0x0003198a, process id 0xda0, application start time 0x01ca4b9276ed0b2d.
Application [ Error ] 10/13/2009 6:22:39 PM Computer Name = Richard-PC | Source = Application Error | ID = 1000 -> Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334, faulting module datacache.dll, version 0.0.0.0, time stamp 0x46439c7b, exception code 0xc0000005, fault offset 0x0000b423, process id 0x8c8, application start time 0x01ca4c4e5c372b80.
Application [ Error ] 10/13/2009 10:55:03 PM Computer Name = Richard-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 10/13/2009 11:52:34 PM Computer Name = Richard-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 -> Description =
Application [ Error ] 10/13/2009 11:52:53 PM Computer Name = Richard-PC | Source = Microsoft-Windows-RestartManager | ID = 10007 -> Description =
Application [ Error ] 10/13/2009 11:52:53 PM Computer Name = Richard-PC | Source = Microsoft-Windows-RestartManager | ID = 10007 -> Description =
Application [ Error ] 10/13/2009 11:55:42 PM Computer Name = Richard-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 10/13/2009 11:59:12 PM Computer Name = Richard-PC | Source = SideBySide | ID = 16842830 -> Description = Activation context generation failed for "C:\Users\Richard\Documents\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Application [ Error ] 10/14/2009 5:27:34 PM Computer Name = Richard-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 10/15/2009 12:24:25 AM Computer Name = Richard-PC | Source = WinMgmt | ID = 10 -> Description =
System [ Error ] 9/24/2009 3:12:15 AM Computer Name = Richard-PC | Source = DCOM | ID = 10010 -> Description =
System [ Error ] 9/24/2009 4:49:37 AM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.8 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 9/24/2009 7:10:15 PM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.67 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 9/25/2009 9:35:33 AM Computer Name = Richard-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'SONY DVD RW DW-D22A ATA Device' (IDE\CdRomSONY_DVD_RW_DW-D22A_____________________BYS3____\6&3c85bda&0&0.0.0) disappeared from the system without first being prepared for removal.
System [ Error ] 9/25/2009 9:35:33 AM Computer Name = Richard-PC | Source = cdrom | ID = 262159 -> Description = The device, \Device\CdRom0, is not ready for access yet.
System [ Error ] 9/25/2009 9:35:33 AM Computer Name = Richard-PC | Source = cdrom | ID = 262159 -> Description = The device, \Device\CdRom0, is not ready for access yet.
System [ Error ] 9/25/2009 8:45:25 PM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.8 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 9/25/2009 9:42:50 PM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.9 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 9/26/2009 11:14:16 AM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.9 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 9/27/2009 2:52:11 AM Computer Name = Richard-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.9 for the Network Card with network address 001E2AC2233F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
[Files/Folders - Created Within 30 Days]
ProgramData -> C:\ProgramData -> [2009/10/10 14:36:09 | 00,000,000 | -H-D | M]
{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} -> C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} -> [2009/09/23 06:37:34 | 00,000,000 | ---D | M]
AIM -> C:\ProgramData\AIM -> [2009/09/27 10:17:15 | 00,000,000 | ---D | M]
Apple -> C:\ProgramData\Apple -> [2009/09/16 20:37:14 | 00,000,000 | ---D | M]
Apple Computer -> C:\ProgramData\Apple Computer -> [2009/09/16 20:38:21 | 00,000,000 | ---D | M]
ArcSoft -> C:\ProgramData\ArcSoft -> [2009/10/04 22:53:27 | 00,000,000 | -H-D | M]
ESET -> C:\ProgramData\ESET -> [2009/10/13 20:58:48 | 00,000,000 | ---D | M]
McAfee -> C:\ProgramData\McAfee -> [2009/10/09 17:24:19 | 00,000,000 | ---D | M]
Microsoft -> C:\ProgramData\Microsoft -> [2009/10/09 16:10:30 | 00,000,000 | --SD | M]
Microsoft Help -> C:\ProgramData\Microsoft Help -> [2009/10/13 22:13:03 | 00,000,000 | ---D | M]
NVIDIA -> C:\ProgramData\NVIDIA -> [2009/10/14 21:22:49 | 00,000,000 | ---D | M]
SiteAdvisor -> C:\ProgramData\SiteAdvisor -> [2009/10/03 23:54:35 | 00,000,000 | ---D | M]
Sony -> C:\ProgramData\Sony -> [2009/10/05 20:22:17 | 00,000,000 | ---D | M]
TEMP -> C:\ProgramData\TEMP -> [2009/10/07 17:52:00 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Richard\AppData\Roaming -> [2009/10/13 20:59:59 | 00,000,000 | ---D | M]
.minecraft -> C:\Users\Richard\AppData\Roaming\.minecraft -> [2009/10/01 19:16:11 | 00,000,000 | ---D | M]
Apple Computer -> C:\Users\Richard\AppData\Roaming\Apple Computer -> [2009/09/16 20:40:51 | 00,000,000 | ---D | M]
ArcSoft -> C:\Users\Richard\AppData\Roaming\ArcSoft -> [2009/10/04 10:17:37 | 00,000,000 | ---D | M]
Auslogics -> C:\Users\Richard\AppData\Roaming\Auslogics -> [2009/10/07 20:10:45 | 00,000,000 | ---D | M]
Download Manager -> C:\Users\Richard\AppData\Roaming\Download Manager -> [2009/10/09 16:27:14 | 00,000,000 | ---D | M]
ESET -> C:\Users\Richard\AppData\Roaming\ESET -> [2009/10/13 20:59:59 | 00,000,000 | ---D | M]
FrostWire -> C:\Users\Richard\AppData\Roaming\FrostWire -> [2009/10/14 08:17:58 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Richard\AppData\Roaming\Microsoft -> [2009/10/07 20:42:43 | 00,000,000 | --SD | M]
Publish Providers -> C:\Users\Richard\AppData\Roaming\Publish Providers -> [2009/10/05 20:29:07 | 00,000,000 | ---D | M]
Sony -> C:\Users\Richard\AppData\Roaming\Sony -> [2009/10/05 20:31:59 | 00,000,000 | ---D | M]
Uniblue -> C:\Users\Richard\AppData\Roaming\Uniblue -> [2009/10/04 10:28:44 | 00,000,000 | ---D | M]
Local -> C:\Users\Richard\AppData\Local -> [2009/10/13 20:17:05 | 00,000,000 | ---D | M]
AIM -> C:\Users\Richard\AppData\Local\AIM -> [2009/09/27 10:31:13 | 00,000,000 | ---D | M]
Apple -> C:\Users\Richard\AppData\Local\Apple -> [2009/09/16 20:37:15 | 00,000,000 | ---D | M]
Apple Computer -> C:\Users\Richard\AppData\Local\Apple Computer -> [2009/09/19 23:48:12 | 00,000,000 | ---D | M]
ArcSoft -> C:\Users\Richard\AppData\Local\ArcSoft -> [2009/10/04 22:11:11 | 00,000,000 | ---D | M]
ESET -> C:\Users\Richard\AppData\Local\ESET -> [2009/10/13 20:17:05 | 00,000,000 | ---D | M]
Google -> C:\Users\Richard\AppData\Local\Google -> [2009/09/25 19:00:08 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Richard\AppData\Local\Microsoft -> [2009/10/09 16:30:49 | 00,000,000 | ---D | M]
Microsoft Games -> C:\Users\Richard\AppData\Local\Microsoft Games -> [2009/09/18 22:32:23 | 00,000,000 | ---D | M]
Sony -> C:\Users\Richard\AppData\Local\Sony -> [2009/10/05 20:29:05 | 00,000,000 | ---D | M]
Temp -> C:\Users\Richard\AppData\Local\Temp -> [2009/10/14 21:42:14 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files (x86)\Common Files -> [2009/10/10 14:36:09 | 00,000,000 | ---D | M]
AOL -> C:\Program Files (x86)\Common Files\AOL -> [2009/10/04 09:52:59 | 00,000,000 | ---D | M]
Apple -> C:\Program Files (x86)\Common Files\Apple -> [2009/09/23 06:37:06 | 00,000,000 | ---D | M]
ArcSoft -> C:\Program Files (x86)\Common Files\ArcSoft -> [2009/09/23 06:55:47 | 00,000,000 | ---D | M]
AVSMedia -> C:\Program Files (x86)\Common Files\AVSMedia -> [2009/09/23 21:27:21 | 00,000,000 | ---D | M]
InstallShield -> C:\Program Files (x86)\Common Files\InstallShield -> [2009/09/23 06:54:09 | 00,000,000 | ---D | M]
microsoft shared -> C:\Program Files (x86)\Common Files\microsoft shared -> [2009/10/13 19:46:05 | 00,000,000 | ---D | M]
Software Update Utility -> C:\Program Files (x86)\Common Files\Software Update Utility -> [2009/10/04 09:53:05 | 00,000,000 | ---D | M]
Steam -> C:\Program Files (x86)\Common Files\Steam -> [2009/10/13 20:55:51 | 00,000,000 | ---D | M]
Program Files (x86) -> C:\Program Files (x86) -> [2009/10/14 14:25:44 | 00,000,000 | R--D | M]
AIM -> C:\Program Files (x86)\AIM -> [2009/10/04 09:53:24 | 00,000,000 | ---D | M]
Apple Software Update -> C:\Program Files (x86)\Apple Software Update -> [2009/09/16 20:37:14 | 00,000,000 | ---D | M]
ArcSoft -> C:\Program Files (x86)\ArcSoft -> [2009/10/04 23:04:40 | 00,000,000 | ---D | M]
AviSynth 2.5 -> C:\Program Files (x86)\AviSynth 2.5 -> [2009/09/23 20:56:55 | 00,000,000 | ---D | M]
AVS4YOU -> C:\Program Files (x86)\AVS4YOU -> [2009/09/23 21:27:24 | 00,000,000 | ---D | M]
Bonjour -> C:\Program Files (x86)\Bonjour -> [2009/09/16 20:37:58 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files (x86)\Common Files -> [2009/10/10 14:36:09 | 00,000,000 | ---D | M]
DivX -> C:\Program Files (x86)\DivX -> [2009/09/25 19:26:03 | 00,000,000 | ---D | M]
ERUNT -> C:\Program Files (x86)\ERUNT -> [2009/10/11 11:09:27 | 00,000,000 | ---D | M]
FrostWire -> C:\Program Files (x86)\FrostWire -> [2009/10/04 21:03:31 | 00,000,000 | ---D | M]
Google -> C:\Program Files (x86)\Google -> [2009/09/25 18:58:28 | 00,000,000 | ---D | M]
InstallShield Installation Information -> C:\Program Files (x86)\InstallShield Installation Information -> [2009/10/09 16:49:43 | 00,000,000 | -H-D | M]
Internet Explorer -> C:\Program Files (x86)\Internet Explorer -> [2009/10/13 19:52:18 | 00,000,000 | ---D | M]
iPod -> C:\Program Files (x86)\iPod -> [2009/09/23 06:37:07 | 00,000,000 | ---D | M]
iTunes -> C:\Program Files (x86)\iTunes -> [2009/09/23 06:37:31 | 00,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2009/10/11 11:30:17 | 00,000,000 | ---D | M]
MapleStory -> C:\Program Files (x86)\MapleStory -> [2009/09/26 00:16:18 | 00,000,000 | ---D | M]
Microsoft Works -> C:\Program Files (x86)\Microsoft Works -> [2009/10/13 19:44:37 | 00,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2009/10/14 07:54:59 | 00,000,000 | ---D | M]
QuickTime -> C:\Program Files (x86)\QuickTime -> [2009/09/16 20:37:47 | 00,000,000 | ---D | M]
SiteAdvisor -> C:\Program Files (x86)\SiteAdvisor -> [2009/10/03 23:54:30 | 00,000,000 | ---D | M]
Sony -> C:\Program Files (x86)\Sony -> [2009/10/05 20:22:09 | 00,000,000 | ---D | M]
Sony Setup -> C:\Program Files (x86)\Sony Setup -> [2009/10/05 20:21:03 | 00,000,000 | ---D | M]
SpywareBlaster -> C:\Program Files (x86)\SpywareBlaster -> [2009/10/07 17:37:00 | 00,000,000 | ---D | M]
Steam -> C:\Program Files (x86)\Steam -> [2009/10/14 21:27:21 | 00,000,000 | ---D | M]
Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2009/10/07 17:03:20 | 00,000,000 | ---D | M]
Vstplugins -> C:\Program Files (x86)\Vstplugins -> [2009/10/05 20:22:20 | 00,000,000 | ---D | M]
Windows Mail -> C:\Program Files (x86)\Windows Mail -> [2009/10/13 19:52:18 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/10/09 17:24:16 | 00,000,000 | ---D | M]
Apple -> C:\Program Files\Common Files\Apple -> [2009/09/23 06:34:26 | 00,000,000 | ---D | M]
Program Files -> C:\Program Files -> [2009/10/13 20:58:48 | 00,000,000 | R--D | M]
Common Files -> C:\Program Files\Common Files -> [2009/10/09 17:24:16 | 00,000,000 | ---D | M]
ESET -> C:\Program Files\ESET -> [2009/10/13 20:58:48 | 00,000,000 | ---D | M]
Internet Explorer -> C:\Program Files\Internet Explorer -> [2009/10/13 19:52:17 | 00,000,000 | ---D | M]
iTunes -> C:\Program Files\iTunes -> [2009/09/23 06:37:33 | 00,000,000 | ---D | M]
Recuva -> C:\Program Files\Recuva -> [2009/10/04 11:09:17 | 00,000,000 | ---D | M]
Windows Mail -> C:\Program Files\Windows Mail -> [2009/10/13 19:52:18 | 00,000,000 | ---D | M]
mshtml.dll -> C:\Windows\SysWow64\mshtml.dll -> [2009/10/13 19:15:22 | 05,940,224 | ---- | C] (Microsoft Corporation)
mshtml.dll -> C:\Windows\SysNative\mshtml.dll -> [2009/10/13 19:15:21 | 09,236,992 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysNative\ieframe.dll -> [2009/10/13 19:15:20 | 12,461,568 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysWow64\ieframe.dll -> [2009/10/13 19:15:18 | 11,069,440 | ---- | C] (Microsoft Corporation)
iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2009/10/13 19:15:18 | 02,334,208 | ---- | C] (Microsoft Corporation)
iertutil.dll -> C:\Windows\SysWow64\iertutil.dll -> [2009/10/13 19:15:18 | 01,985,536 | ---- | C] (Microsoft Corporation)
urlmon.dll -> C:\Windows\SysNative\urlmon.dll -> [2009/10/13 19:15:17 | 01,484,288 | ---- | C] (Microsoft Corporation)
urlmon.dll -> C:\Windows\SysWow64\urlmon.dll -> [2009/10/13 19:15:17 | 01,208,832 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2009/10/13 19:15:17 | 01,147,904 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2009/10/13 19:15:17 | 00,916,480 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2009/10/13 19:15:17 | 00,459,776 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\SysNative\occache.dll -> [2009/10/13 19:15:17 | 00,243,712 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\SysWow64\occache.dll -> [2009/10/13 19:15:17 | 00,206,848 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2009/10/13 19:15:16 | 01,538,560 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2009/10/13 19:15:16 | 01,469,440 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2009/10/13 19:15:16 | 00,700,928 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2009/10/13 19:15:16 | 00,594,432 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2009/10/13 19:15:16 | 00,387,584 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2009/10/13 19:15:15 | 00,252,416 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2009/10/13 19:15:15 | 00,184,320 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2009/10/13 19:15:15 | 00,173,056 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2009/10/13 19:15:15 | 00,164,352 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2009/10/13 19:15:15 | 00,162,816 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2009/10/13 19:15:15 | 00,133,632 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2009/10/13 19:15:15 | 00,132,096 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2009/10/13 19:15:15 | 00,109,056 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\SysNative\msfeedsbs.dll -> [2009/10/13 19:15:15 | 00,071,680 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2009/10/13 19:15:15 | 00,070,656 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\SysWow64\msfeedsbs.dll -> [2009/10/13 19:15:15 | 00,055,296 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\SysNative\jsproxy.dll -> [2009/10/13 19:15:15 | 00,031,744 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\SysWow64\jsproxy.dll -> [2009/10/13 19:15:15 | 00,025,600 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2009/10/13 19:15:15 | 00,013,312 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2009/10/13 19:15:15 | 00,012,288 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysWow64\mshtml.tlb -> [2009/10/13 19:15:14 | 01,638,912 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysNative\mshtml.tlb -> [2009/10/13 19:15:14 | 01,638,912 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2009/10/13 19:15:14 | 00,219,136 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\SysNative\iesetup.dll -> [2009/10/13 19:15:14 | 00,077,312 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2009/10/13 19:15:14 | 00,072,192 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2009/10/13 19:15:14 | 00,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2009/10/13 19:15:14 | 00,055,808 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2009/10/13 19:10:06 | 04,698,168 | ---- | C] (Microsoft Corporation)
msv1_0.dll -> C:\Windows\SysNative\msv1_0.dll -> [2009/10/13 19:09:52 | 00,269,312 | ---- | C] (Microsoft Corporation)
msv1_0.dll -> C:\Windows\SysWow64\msv1_0.dll -> [2009/10/13 19:09:52 | 00,218,624 | ---- | C] (Microsoft Corporation)
WMSPDMOD.DLL -> C:\Windows\SysWow64\WMSPDMOD.DLL -> [2009/10/13 19:09:47 | 00,604,672 | ---- | C] (Microsoft Corporation)
WMSPDMOD.DLL -> C:\Windows\SysNative\WMSPDMOD.DLL -> [2009/10/13 19:09:46 | 00,818,688 | ---- | C] (Microsoft Corporation)
msasn1.dll -> C:\Windows\SysNative\msasn1.dll -> [2009/10/13 19:09:40 | 00,082,944 | ---- | C] (Microsoft Corporation)
msasn1.dll -> C:\Windows\SysWow64\msasn1.dll -> [2009/10/13 19:09:40 | 00,060,928 | ---- | C] (Microsoft Corporation)
srv2.sys -> C:\Windows\SysNative\drivers\srv2.sys -> [2009/10/13 19:09:37 | 00,174,592 | ---- | C] (Microsoft Corporation)
ERDNT -> C:\Windows\ERDNT -> [2009/10/11 11:11:38 | 00,000,000 | ---D | C]
Vegas Movie Studio PE 9.0 Projects -> C:\Users\Richard\Documents\Vegas Movie Studio PE 9.0 Projects -> [2009/10/05 20:28:56 | 00,000,000 | ---D | C]
Sony -> C:\ProgramData\Sony -> [2009/10/05 20:22:17 | 00,000,000 | ---D | C]
MSLUP60.dll -> C:\Windows\SysWow64\MSLUP60.dll -> [2009/10/04 22:08:55 | 00,393,216 | ---- | C] (Sample Corporation)
MSLURT.dll -> C:\Windows\SysWow64\MSLURT.dll -> [2009/10/04 22:08:55 | 00,249,856 | ---- | C] (Sample Corporation)
MMCEDT.exe -> C:\Windows\SysWow64\MMCEDT.exe -> [2009/10/04 22:08:55 | 00,061,440 | ---- | C] (ArcSoft Inc.)
MediaConverter -> C:\Users\Richard\Documents\MediaConverter -> [2009/10/04 10:17:38 | 00,000,000 | ---D | C]
SiteAdvisor -> C:\ProgramData\SiteAdvisor -> [2009/10/03 23:54:35 | 00,000,000 | ---D | C]
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009/10/02 14:44:40 | 00,238,960 | ---- | C] (Microsoft Corporation)
AIM -> C:\ProgramData\AIM -> [2009/09/27 10:17:15 | 00,000,000 | ---D | C]
Downloads -> C:\Users\Richard\Documents\Downloads -> [2009/09/25 19:00:58 | 00,000,000 | ---D | C]
Replay Converter 3 -> C:\Windows\Replay Converter 3 -> [2009/09/23 07:37:29 | 00,000,000 | ---D | C]
Media Converter for Philips -> C:\Users\Richard\Documents\Media Converter for Philips -> [2009/09/23 07:03:08 | 00,000,000 | ---D | C]
ArcSoft -> C:\ProgramData\ArcSoft -> [2009/09/23 06:55:57 | 00,000,000 | -H-D | C]
unicows.dll -> C:\Windows\SysWow64\unicows.dll -> [2009/09/23 06:55:38 | 00,245,408 | ---- | C] (Microsoft Corporation)
Philips -> C:\Philips -> [2009/09/23 06:53:35 | 00,000,000 | ---D | C]
temp -> C:\temp -> [2009/09/23 06:52:56 | 00,000,000 | ---D | C]
DRVSTORE -> C:\Windows\SysNative\DRVSTORE -> [2009/09/23 06:37:35 | 00,000,000 | ---D | C]
{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} -> C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} -> [2009/09/23 06:37:06 | 00,000,000 | ---D | C]
Apple Computer -> C:\ProgramData\Apple Computer -> [2009/09/16 20:37:32 | 00,000,000 | ---D | C]
Apple -> C:\ProgramData\Apple -> [2009/09/16 20:37:14 | 00,000,000 | ---D | C]
[Files/Folders - Modified Within 30 Days]
23 C:\Users\Richard\AppData\Local\Temp\*.tmp files -> C:\Users\Richard\AppData\Local\Temp\*.tmp ->
NTUSER.DAT -> C:\Users\Richard\NTUSER.DAT -> [2009/10/14 21:42:20 | 09,175,040 | -HS- | M] ()
User_Feed_Synchronization-{12D2AAC3-713A-447E-8DC7-4B4DEE477597}.job -> C:\Windows\tasks\User_Feed_Synchronization-{12D2AAC3-713A-447E-8DC7-4B4DEE477597}.job -> [2009/10/14 21:42:14 | 00,000,438 | -H-- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009/10/14 21:29:16 | 00,598,350 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009/10/14 21:29:16 | 00,101,988 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009/10/14 21:29:15 | 00,694,964 | ---- | M] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2009/10/14 21:26:07 | 00,035,085 | ---- | M] ()
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2009/10/14 21:26:06 | 00,035,085 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2009/10/14 21:25:46 | 00,000,894 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/14 21:22:51 | 00,003,760 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/14 21:22:51 | 00,003,760 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/10/14 21:22:47 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/10/14 21:22:42 | 00,067,584 | --S- | M] ()
NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Richard\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms -> [2009/10/14 15:17:07 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf -> C:\Users\Richard\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf -> [2009/10/14 15:17:07 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Richard\AppData\Local\IconCache.db -> [2009/10/14 15:17:04 | 02,044,178 | -H-- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2009/10/14 15:16:01 | 00,000,898 | ---- | M] ()
Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2009/10/13 20:17:19 | 00,002,025 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Richard\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/10/13 19:56:10 | 00,100,272 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2009/10/13 19:54:17 | 00,371,440 | ---- | M] ()
win.ini -> C:\Windows\win.ini -> [2009/10/13 19:42:25 | 00,000,219 | ---- | M] ()
Research and explain the XYZ Affair between the U.doc -> C:\Users\Richard\Desktop\Research and explain the XYZ Affair between the U.doc -> [2009/10/12 21:45:07 | 00,077,824 | ---- | M] ()
XYZ Affair home cheat.doc -> C:\Users\Richard\Desktop\XYZ Affair home cheat.doc -> [2009/10/12 08:48:54 | 00,041,984 | ---- | M] ()
NTREGOPT.lnk -> C:\Users\Richard\Desktop\NTREGOPT.lnk -> [2009/10/11 11:09:21 | 00,000,763 | ---- | M] ()
ERUNT.lnk -> C:\Users\Richard\Desktop\ERUNT.lnk -> [2009/10/11 11:09:21 | 00,000,744 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/10/10 18:54:06 | 00,031,744 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2009/10/09 16:30:52 | 00,708,868 | ---- | M] ()
HijackThis.lnk -> C:\Users\Richard\Desktop\HijackThis.lnk -> [2009/10/07 17:03:20 | 00,001,928 | ---- | M] ()
Vegas Movie Studio Platinum 9.0.lnk -> C:\Users\Public\Desktop\Vegas Movie Studio Platinum 9.0.lnk -> [2009/10/05 20:22:24 | 00,001,998 | ---- | M] ()
Internet Video Downloader.lnk -> C:\Users\Public\Desktop\Internet Video Downloader.lnk -> [2009/10/04 23:05:00 | 00,002,206 | ---- | M] ()
Media Converter for Philips.lnk -> C:\Users\Public\Desktop\Media Converter for Philips.lnk -> [2009/10/04 23:05:00 | 00,002,071 | ---- | M] ()
Philips GoGear VIBE Device Manager.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk -> [2009/10/04 23:03:11 | 00,000,921 | ---- | M] ()
Philips GoGear VIBE Device Manager.lnk -> C:\Users\Public\Desktop\Philips GoGear VIBE Device Manager.lnk -> [2009/10/04 23:03:11 | 00,000,887 | ---- | M] ()
TotalMedia Theatre.lnk -> C:\Users\Public\Desktop\TotalMedia Theatre.lnk -> [2009/10/04 22:09:53 | 00,001,848 | ---- | M] ()
FrostWire 4.18.3.lnk -> C:\Users\Richard\Desktop\FrostWire 4.18.3.lnk -> [2009/10/04 21:03:00 | 00,001,046 | ---- | M] ()
Recuva.lnk -> C:\Users\Richard\Desktop\Recuva.lnk -> [2009/10/04 11:09:17 | 00,001,606 | ---- | M] ()
IPH.PH -> C:\IPH.PH -> [2009/10/04 09:53:39 | 00,001,072 | -H-- | M] ()
AIM.lnk -> C:\Users\Public\Desktop\AIM.lnk -> [2009/10/04 09:53:30 | 00,001,752 | ---- | M] ()
CCleaner.lnk -> C:\Users\Richard\Desktop\CCleaner.lnk -> [2009/10/03 22:24:33 | 00,001,724 | ---- | M] ()
mrt.exe -> C:\Windows\SysNative\mrt.exe -> [2009/10/02 11:40:19 | 26,575,296 | ---- | M] (Microsoft Corporation)
Left 4 Dead.lnk -> C:\Users\Richard\Desktop\Left 4 Dead.lnk -> [2009/10/01 20:42:31 | 00,001,792 | ---- | M] ()
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009/10/01 10:29:14 | 00,238,960 | ---- | M] (Microsoft Corporation)
nvdisp.nvu -> C:\Windows\SysNative\nvdisp.nvu -> [2009/09/27 23:12:22 | 00,014,646 | ---- | M] ()
NvApps.xml -> C:\Windows\SysNative\NvApps.xml -> [2009/09/27 18:22:50 | 00,253,738 | ---- | M] ()
NvwsApps.xml -> C:\Windows\SysNative\NvwsApps.xml -> [2009/09/27 18:22:50 | 00,068,587 | ---- | M] ()
likinpark.avi -> C:\Users\Richard\likinpark.avi -> [2009/09/23 22:53:11 | 15,553,6058 | ---- | M] ()
AVS4YOU Software Navigator.lnk -> C:\Users\Richard\Desktop\AVS4YOU Software Navigator.lnk -> [2009/09/23 21:27:24 | 00,001,128 | ---- | M] ()
AVS Video Converter 6.lnk -> C:\Users\Richard\Desktop\AVS Video Converter 6.lnk -> [2009/09/23 21:27:05 | 00,001,079 | ---- | M] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2009/09/23 06:38:10 | 00,001,804 | ---- | M] ()
Msft_User_WpdMtpDr_01_00_00.Wdf -> C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf -> [2009/09/22 21:43:39 | 00,000,000 | -H-- | M] ()
Richs power point2.ppt -> C:\Users\Richard\Documents\Richs power point2.ppt -> [2009/09/21 22:30:21 | 06,273,536 | ---- | M] ()
Scribble words.docx -> C:\Users\Richard\Documents\Scribble words.docx -> [2009/09/21 01:46:06 | 00,373,089 | ---- | M] ()
keyfile3.drm -> C:\Users\Richard\AppData\Local\keyfile3.drm -> [2009/09/20 00:05:44 | 00,004,096 | -H-- | M] ()
Profane.docx -> C:\Users\Richard\Documents\Profane.docx -> [2009/09/18 00:13:00 | 00,010,412 | ---- | M] ()
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2009/09/16 20:37:41 | 00,001,756 | ---- | M] ()
Mzxamyx123.docx -> C:\Users\Richard\Documents\Mzxamyx123.docx -> [2009/09/15 23:43:42 | 00,012,404 | ---- | M] ()
[Files - No Company Name]
Research and explain the XYZ Affair between the U.doc -> C:\Users\Richard\Desktop\Research and explain the XYZ Affair between the U.doc -> [2009/10/12 20:15:51 | 00,077,824 | ---- | C] ()
XYZ Affair home cheat.doc -> C:\Users\Richard\Desktop\XYZ Affair home cheat.doc -> [2009/10/12 20:15:39 | 00,041,984 | ---- | C] ()
NTREGOPT.lnk -> C:\Users\Richard\Desktop\NTREGOPT.lnk -> [2009/10/11 11:09:21 | 00,000,763 | ---- | C] ()
ERUNT.lnk -> C:\Users\Richard\Desktop\ERUNT.lnk -> [2009/10/11 11:09:21 | 00,000,744 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2009/10/09 16:30:52 | 00,708,868 | ---- | C] ()
HijackThis.lnk -> C:\Users\Richard\Desktop\HijackThis.lnk -> [2009/10/07 17:03:20 | 00,001,928 | ---- | C] ()
Vegas Movie Studio Platinum 9.0.lnk -> C:\Users\Public\Desktop\Vegas Movie Studio Platinum 9.0.lnk -> [2009/10/05 20:22:24 | 00,001,998 | ---- | C] ()
TotalMedia Theatre.lnk -> C:\Users\Public\Desktop\TotalMedia Theatre.lnk -> [2009/10/04 22:09:53 | 00,001,848 | ---- | C] ()
ArcHlp.sys -> C:\Windows\SysWow64\drivers\ArcHlp.sys -> [2009/10/04 22:09:47 | 00,143,872 | ---- | C] ()
Recuva.lnk -> C:\Users\Richard\Desktop\Recuva.lnk -> [2009/10/04 11:09:17 | 00,001,606 | ---- | C] ()
AIM.lnk -> C:\Users\Public\Desktop\AIM.lnk -> [2009/10/04 09:53:30 | 00,001,752 | ---- | C] ()
Left 4 Dead.lnk -> C:\Users\Richard\Desktop\Left 4 Dead.lnk -> [2009/10/01 20:42:31 | 00,001,792 | ---- | C] ()
nvdisp.nvu -> C:\Windows\SysNative\nvdisp.nvu -> [2009/09/27 23:12:22 | 00,014,646 | ---- | C] ()
NvApps.xml -> C:\Windows\SysNative\NvApps.xml -> [2009/09/27 18:22:50 | 00,253,738 | ---- | C] ()
NvwsApps.xml -> C:\Windows\SysNative\NvwsApps.xml -> [2009/09/27 18:22:50 | 00,068,587 | ---- | C] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2009/09/25 19:11:22 | 00,000,898 | ---- | C] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2009/09/25 19:11:21 | 00,000,894 | ---- | C] ()
Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2009/09/25 18:58:23 | 00,002,025 | ---- | C] ()
FrostWire 4.18.3.lnk -> C:\Users\Richard\Desktop\FrostWire 4.18.3.lnk -> [2009/09/25 07:28:05 | 00,001,046 | ---- | C] ()
likinpark.avi -> C:\Users\Richard\likinpark.avi -> [2009/09/23 22:48:50 | 15,553,6058 | ---- | C] ()
AVS4YOU Software Navigator.lnk -> C:\Users\Richard\Desktop\AVS4YOU Software Navigator.lnk -> [2009/09/23 21:27:24 | 00,001,128 | ---- | C] ()
AVS Video Converter 6.lnk -> C:\Users\Richard\Desktop\AVS Video Converter 6.lnk -> [2009/09/23 21:27:05 | 00,001,079 | ---- | C] ()
ReplayConverterLog.log -> C:\Users\Richard\AppData\Roaming\ReplayConverterLog.log -> [2009/09/23 07:44:36 | 00,020,318 | ---- | C] ()
desktop.ini -> C:\Users\Richard\AppData\Roaming\desktop.ini -> [2009/09/23 06:56:55 | 00,000,006 | -HS- | C] ()
desktop.ini -> C:\Users\Richard\AppData\Local\desktop.ini -> [2009/09/23 06:56:55 | 00,000,006 | -HS- | C] ()
Internet Video Downloader.lnk -> C:\Users\Public\Desktop\Internet Video Downloader.lnk -> [2009/09/23 06:56:01 | 00,002,206 | ---- | C] ()
Media Converter for Philips.lnk -> C:\Users\Public\Desktop\Media Converter for Philips.lnk -> [2009/09/23 06:56:01 | 00,002,071 | ---- | C] ()
Philips GoGear VIBE Device Manager.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk -> [2009/09/23 06:53:35 | 00,000,921 | ---- | C] ()
Philips GoGear VIBE Device Manager.lnk -> C:\Users\Public\Desktop\Philips GoGear VIBE Device Manager.lnk -> [2009/09/23 06:53:35 | 00,000,887 | ---- | C] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2009/09/23 06:38:10 | 00,001,804 | ---- | C] ()
Msft_User_WpdMtpDr_01_00_00.Wdf -> C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf -> [2009/09/22 21:43:39 | 00,000,000 | -H-- | C] ()
Richs power point2.ppt -> C:\Users\Richard\Documents\Richs power point2.ppt -> [2009/09/21 15:53:42 | 06,273,536 | ---- | C] ()
Scribble words.docx -> C:\Users\Richard\Documents\Scribble words.docx -> [2009/09/21 01:46:02 | 00,373,089 | ---- | C] ()
keyfile3.drm -> C:\Users\Richard\AppData\Local\keyfile3.drm -> [2009/09/20 00:05:44 | 00,004,096 | -H-- | C] ()
Profane.docx -> C:\Users\Richard\Documents\Profane.docx -> [2009/09/18 00:12:59 | 00,010,412 | ---- | C] ()
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2009/09/16 20:37:41 | 00,001,756 | ---- | C] ()
Mzxamyx123.docx -> C:\Users\Richard\Documents\Mzxamyx123.docx -> [2009/09/15 23:43:42 | 00,012,404 | ---- | C] ()
{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> [2009/08/31 13:54:26 | 00,000,268 | ---- | C] ()
d3d8caps.dat -> C:\Users\Richard\AppData\Local\d3d8caps.dat -> [2009/08/25 17:59:41 | 00,000,552 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/08/05 20:52:07 | 00,368,640 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\SysWow64\EhStorAuthn.dll -> [2009/08/05 20:51:41 | 00,117,248 | ---- | C] ()
UserTile.png -> C:\Users\Richard\AppData\Roaming\UserTile.png -> [2009/08/05 10:53:43 | 00,024,088 | ---- | C] ()
ntuser.pol -> C:\ProgramData\ntuser.pol -> [2009/07/29 16:20:33 | 00,000,418 | RHS- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/07/24 02:23:04 | 00,031,744 | ---- | C] ()
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2009/07/23 18:26:45 | 00,035,085 | ---- | C] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2009/07/23 18:26:43 | 00,035,085 | ---- | C] ()
IconCache.db -> C:\Users\Richard\AppData\Local\IconCache.db -> [2009/07/23 18:25:30 | 02,044,178 | -H-- | C] ()
d3d9caps64.dat -> C:\Users\Richard\AppData\Local\d3d9caps64.dat -> [2009/07/23 18:21:02 | 00,000,732 | ---- | C] ()
GSetup.ini -> C:\Windows\GSetup.ini -> [2009/07/23 15:57:36 | 00,000,010 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Richard\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/07/23 15:53:46 | 00,100,272 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 19:49:10 | 00,060,124 | ---- | C] ()
desktop.ini -> C:\Program Files\desktop.ini -> [2006/11/02 08:24:55 | 00,000,174 | -HS- | C] ()
desktop.ini -> C:\Program Files (x86)\desktop.ini -> [2006/11/02 08:24:55 | 00,000,174 | -HS- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 05:34:27 | 00,000,219 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 05:34:27 | 00,000,219 | ---- | C] ()
[File - Lop Check]
[File - Purity Scan]
[Alternate Data Streams]
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >