Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Speed


  • This topic is locked This topic is locked
12 replies to this topic

#1 MTL86

MTL86

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 12 August 2010 - 04:34 PM

Hi, I recently had the anti malware doctor virus. I removed the virus using rkill and malwarebytes, but i still have 1 problem, the internet on my computer has stared going really slow, Its not a problem with my ISP or my router because my laptop and Ipod touch still have the original internet speeds. My Pc is running windows vista 64 bit edition. I really need some help to solve the internet spped issue, if you need anymore information, just ask.
Thanks in advance

Edited by Pandy, 12 August 2010 - 10:52 PM.
Moved from Vista to a more appropriate forum ~Pandy


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:02 PM

Posted 19 August 2010 - 06:42 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 MTL86

MTL86
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 19 August 2010 - 12:20 PM

So far, I have not solved the internet speed problem. The problem is that, ever since I removed the antimalware doctor virus, the internet speed on my computer has been going very slow. It is not a problem on my ISP or router because the internet on my other 2 computers are working well.

OTL.txt

OTL logfile created on: 19/08/2010 12:59:58 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Home\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.45 Gb Total Space | 242.45 Gb Free Space | 53.47% Space Free | Partition Type: NTFS
Drive D: | 12.31 Gb Total Space | 1.68 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/19 12:55:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.exe
PRC - [2010/08/12 09:13:55 | 000,327,472 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Home\Desktop\Rahul\Modding\Torrents\Utorrent\uTorrent.exe
PRC - [2010/07/30 20:18:11 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 10:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010/02/11 16:47:34 | 000,504,832 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/06/11 02:51:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/11 02:51:48 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/08/29 16:15:42 | 001,662,976 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/01/19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2005/05/04 01:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2005/05/03 23:07:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe


========== Modules (SafeList) ==========

MOD - [2010/08/19 12:55:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 22:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/06/11 02:51:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/05/04 01:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 23:50:28 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pfc.sys -- (pfc)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/26 14:33:40 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 14:33:24 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 14:33:22 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 14:33:22 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/09/05 14:27:12 | 001,449,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:56 | 000,032,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2007/08/02 15:56:40 | 000,924,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\A3ABvx.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV:64bit: - [2007/01/25 13:31:38 | 000,040,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/12/13 17:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2003/11/11 18:55:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
DRV - [2003/09/09 00:30:32 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-644326375-262011582-3349759808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKU\S-1-5-21-644326375-262011582-3349759808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/default.aspx?lang=en-CA
IE - HKU\S-1-5-21-644326375-262011582-3349759808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-644326375-262011582-3349759808-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\HyperCam Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-644326375-262011582-3349759808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-644326375-262011582-3349759808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.0
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.733
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.4.1
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..extensions.enabledItems: {5850AA47-CB1A-4F19-A64F-4D8E833B13E6}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://www.bigseekpro.com/search/toolbar/hypercam/{69DDB586-987E-7874-EFB6-951F43C4B838}?q="


FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/07/09 08:24:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/02 14:12:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/10 19:07:31 | 000,000,000 | ---D | M]

[2010/04/06 07:11:21 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2010/04/06 07:11:21 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/08/16 13:32:31 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions
[2009/08/31 16:19:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 16:53:14 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010/04/24 09:06:40 | 000,000,000 | ---D | M] (Sothink Flash Downloader) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}
[2010/04/24 09:20:35 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/03/01 10:51:24 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions\firebug@software.joehewitt.com
[2010/08/10 19:07:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/22 19:34:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/10 19:07:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-644326375-262011582-3349759808-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-644326375-262011582-3349759808-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-644326375-262011582-3349759808-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-644326375-262011582-3349759808-1000\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files (x86)\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-644326375-262011582-3349759808-1000..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-644326375-262011582-3349759808-1000..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-644326375-262011582-3349759808-1000..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-644326375-262011582-3349759808-1000..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKU\S-1-5-21-644326375-262011582-3349759808-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-644326375-262011582-3349759808-1000..\Run: [uTorrent] C:\Users\Home\Desktop\Rahul\Modding\Torrents\Utorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-644326375-262011582-3349759808-1000..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-644326375-262011582-3349759808-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.ca/s/v/57.07/uploader2.cab (UploadListView Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.ca/downloads/BUM/B..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files (x86)\QuickTax 2007\ic2007pp.dll File not found
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files (x86)\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Cities_Night_skyscraper_005353_.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Cities_Night_skyscraper_005353_.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{188f6472-416c-11df-8416-00221581d20f}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{2a6ac4cf-a41a-11dd-b781-00221581d20f}\Shell\AutoRun\command - "" = M:\WBR1310.exe -- File not found
O33 - MountPoints2\{2a6ac4d4-a41a-11dd-b781-00221581d20f}\Shell - "" = AutoRun
O33 - MountPoints2\{2a6ac4d4-a41a-11dd-b781-00221581d20f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{58b01ef2-a3a4-11dd-82de-00221581d20f}\Shell - "" = AutoRun
O33 - MountPoints2\{58b01ef2-a3a4-11dd-82de-00221581d20f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{89067b38-4234-11df-80d5-00221581d20f}\Shell - "" = AutoRun
O33 - MountPoints2\{89067b38-4234-11df-80d5-00221581d20f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b4abfb61-8b39-11de-8ee7-00221581d20f}\Shell - "" = AutoRun
O33 - MountPoints2\{b4abfb61-8b39-11de-8ee7-00221581d20f}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2010/08/15 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Unknown Artist
[2010/08/14 18:52:33 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Sima's 26th Birthday
[2010/08/11 16:21:51 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 16:21:48 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 16:16:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 16:16:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 16:16:33 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 16:16:32 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 16:16:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 16:16:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 16:16:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 16:16:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 16:16:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 16:16:31 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 16:16:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 12:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/08/11 12:19:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2010/08/11 12:10:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Uniblue
[2010/08/10 19:47:48 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/08/10 19:47:48 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/08/10 19:47:44 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/08/10 19:47:43 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2010/08/10 19:47:43 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2010/08/10 19:46:29 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/08/10 19:46:29 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/08/10 19:46:29 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/08/10 19:46:29 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/08/10 19:44:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/08/10 19:44:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/08/10 19:42:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2010/08/10 19:42:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2010/08/10 19:42:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2010/08/10 19:42:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2010/08/10 19:42:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2010/08/10 19:42:23 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2010/08/10 19:42:23 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2010/08/10 19:42:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2010/08/10 19:42:23 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2010/08/10 19:42:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2010/08/10 19:42:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2010/08/10 19:42:15 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2010/08/10 19:42:14 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2010/08/10 19:42:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2010/08/10 19:42:14 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2010/08/10 19:42:14 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2010/08/10 19:36:57 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Band Pics
[2010/08/10 19:08:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/10 19:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/10 19:07:31 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/10 19:07:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/10 19:07:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/10 19:07:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/10 19:05:51 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/08/10 19:05:50 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/08/10 19:05:48 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/08/10 19:05:47 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/08/10 19:05:46 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/08/10 19:05:46 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/08/10 19:05:44 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/08/10 19:05:44 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/08/10 19:05:44 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/08/10 19:02:52 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2010/08/10 19:02:50 | 010,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/08/10 19:02:46 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/08/10 19:01:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/08/10 19:01:48 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/08/10 19:01:07 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2010/08/10 18:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/08/10 18:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/09 19:37:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2010/08/09 19:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/09 19:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/09 18:51:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{5850AA47-CB1A-4F19-A64F-4D8E833B13E6}
[2010/08/09 18:49:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\0B6A0EA1F3A6DBD71F28ADAD29BD93E6
[2010/08/08 14:21:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Windows Server
[2010/08/06 19:19:31 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Tranfer
[2010/08/05 19:53:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Usha & Chet Visit August 2010
[2010/08/03 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\MKV Converter Studio
[2010/08/03 18:54:48 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Apowersoft
[2010/08/03 17:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2010/08/03 17:44:34 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\iSkysoft Video Converter
[2010/08/03 17:44:04 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Conversion
[2010/08/03 17:43:46 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2010/08/03 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSkysoft
[2010/08/03 15:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2010/08/03 12:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/03 12:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/03 12:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/27 12:59:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Need for Speed World
[2010/07/27 09:25:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Electronic_Arts_Inc
[2010/07/27 09:25:09 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/07/27 09:25:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/07/27 09:25:06 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/07/27 09:25:05 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/07/27 09:25:05 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/07/27 09:25:04 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/07/27 09:25:04 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/07/27 09:25:03 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/07/27 09:25:03 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/07/27 09:25:03 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/07/27 09:25:02 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/07/27 09:25:02 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/07/27 09:25:00 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/07/27 09:24:59 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/07/27 09:24:58 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/07/27 09:24:57 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/07/27 09:24:57 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/07/27 09:24:56 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/07/27 09:24:55 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/07/27 09:24:52 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/07/27 09:24:52 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/07/27 09:24:50 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/07/27 09:24:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/07/27 09:24:49 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/07/27 09:24:48 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/07/27 09:24:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/07/27 09:24:47 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/07/27 09:24:47 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/07/27 09:24:47 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/07/27 09:24:46 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/07/27 09:24:46 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/07/27 09:24:45 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/07/27 09:24:44 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/07/27 09:24:43 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/07/27 09:24:43 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/07/27 09:24:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/07/27 09:24:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/07/27 09:24:32 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/07/27 09:24:32 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/07/27 09:24:31 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/07/27 09:24:31 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/07/27 09:24:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/07/27 09:24:29 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/07/27 09:24:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/07/27 09:24:29 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/07/27 09:24:28 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/07/27 09:24:27 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/07/27 09:24:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/07/27 09:24:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/07/27 09:24:25 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/07/27 09:24:25 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/07/27 09:24:24 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/07/27 09:24:23 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/07/27 09:24:22 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/07/27 09:24:22 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/07/27 09:24:21 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/07/27 09:24:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/07/27 09:24:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/07/27 09:24:19 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/07/27 09:24:18 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/07/27 09:24:15 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/07/27 09:24:15 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/07/27 09:24:15 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/07/27 09:24:15 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/07/27 09:24:14 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/07/27 09:24:13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/07/27 09:24:12 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/07/27 09:24:11 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/07/27 09:24:11 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/07/27 09:24:11 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/07/27 09:24:10 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/07/27 09:24:09 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/07/27 09:24:08 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/07/27 09:24:07 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/07/27 09:24:07 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/07/27 09:24:07 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/07/27 09:24:06 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/07/27 09:24:05 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/07/27 09:24:04 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/07/27 09:24:04 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/07/27 09:24:02 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/07/27 09:24:00 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/07/27 09:23:55 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/07/27 09:23:55 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/07/27 09:23:53 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/07/27 09:23:52 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/07/27 09:23:50 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/07/27 09:23:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/07/27 09:23:48 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/07/27 09:19:36 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/07/27 09:19:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/07/27 09:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/07/26 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Docks
[2010/07/21 20:05:29 | 000,000,000 | -HSD | C] -- C:\Users\Home\Phone Browser
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[18 C:\Users\Home\Desktop\*.tmp files -> C:\Users\Home\Desktop\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/19 12:59:06 | 004,718,592 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
[2010/08/19 12:52:57 | 000,197,120 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 12:52:52 | 194,464,912 | ---- | M] () -- C:\Users\Home\Documents\clip0021.avi
[2010/08/19 12:52:27 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/19 12:52:27 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/19 12:48:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/08/19 12:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-644326375-262011582-3349759808-1000UA.job
[2010/08/19 12:04:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/19 10:05:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/19 08:52:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/19 08:52:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/18 22:56:16 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{be828c88-4be8-11de-bcc9-00221581d20f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/18 22:56:16 | 000,065,536 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{be828c88-4be8-11de-bcc9-00221581d20f}.TM.blf
[2010/08/18 22:55:58 | 003,024,395 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010/08/18 21:04:53 | 000,828,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/18 21:04:53 | 000,694,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/18 21:04:53 | 000,143,782 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/18 19:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-644326375-262011582-3349759808-1000Core.job
[2010/08/18 13:39:17 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4911EE3A-39AA-4348-8E21-D157503C1EE1}.job
[2010/08/15 12:06:19 | 000,000,967 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/08/15 12:06:18 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/08/14 09:46:39 | 000,365,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/13 17:10:35 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010/08/13 12:25:18 | 000,067,740 | ---- | M] () -- C:\Users\Home\Desktop\Untitled.jpg
[2010/08/12 09:14:43 | 000,002,039 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2010/08/12 09:13:55 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/08/11 19:25:36 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/10 20:33:20 | 000,094,680 | ---- | M] () -- C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/10 18:21:53 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/03 12:25:41 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/02 15:57:10 | 000,000,600 | ---- | M] () -- C:\Users\Home\PUTTY.RND
[2010/07/23 11:46:56 | 000,892,928 | ---- | M] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2010/07/23 11:46:56 | 000,675,840 | ---- | M] () -- C:\Windows\SysWow64\ac3filter.ax
[2010/07/23 11:46:54 | 000,496,640 | ---- | M] () -- C:\Windows\SysWow64\xvid.ax
[2010/07/23 11:46:54 | 000,153,600 | ---- | M] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[18 C:\Users\Home\Desktop\*.tmp files -> C:\Users\Home\Desktop\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/19 12:49:47 | 194,464,912 | ---- | C] () -- C:\Users\Home\Documents\clip0021.avi
[2010/08/15 12:06:19 | 000,000,967 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/08/15 12:06:18 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/08/13 12:25:17 | 000,067,740 | ---- | C] () -- C:\Users\Home\Desktop\Untitled.jpg
[2010/08/12 09:14:43 | 000,002,039 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2010/08/12 09:13:55 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/08/11 19:25:36 | 000,002,001 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/11 19:23:20 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-644326375-262011582-3349759808-1000UA.job
[2010/08/11 19:23:19 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-644326375-262011582-3349759808-1000Core.job
[2010/08/11 16:33:39 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/11 16:32:39 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/11 16:32:38 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/11 16:21:54 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/11 16:21:50 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 16:21:46 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 16:16:44 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/11 16:16:42 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/11 16:16:41 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 16:16:38 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/11 16:16:37 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/11 16:16:36 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 16:16:35 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/11 16:16:35 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 16:16:35 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/11 16:16:34 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/11 16:16:34 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/11 16:16:34 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 16:16:34 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/11 16:16:34 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/11 16:16:33 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 16:16:32 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 16:16:32 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 16:16:31 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 16:16:30 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/11 16:16:30 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 16:16:30 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 16:15:55 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/11 16:15:06 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/10 19:47:49 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/08/10 19:47:49 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/08/10 19:47:44 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/08/10 19:47:42 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/08/10 19:47:42 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/08/10 19:46:29 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/08/10 19:46:29 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/08/10 19:46:29 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/08/10 19:46:29 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/08/10 19:46:28 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/08/10 19:42:53 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\winrsmgr.dll
[2010/08/10 19:42:51 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\wsmplpxy.dll
[2010/08/10 19:42:51 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\winrssrv.dll
[2010/08/10 19:42:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\pwrshplugin.dll
[2010/08/10 19:42:40 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\winrs.exe
[2010/08/10 19:42:40 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\winrshost.exe
[2010/08/10 19:42:40 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\wsmprovhost.exe
[2010/08/10 19:42:24 | 000,084,992 | ---- | C] () -- C:\Windows\SysNative\wecapi.dll
[2010/08/10 19:42:24 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\WsmRes.dll
[2010/08/10 19:42:23 | 000,232,960 | ---- | C] () -- C:\Windows\SysNative\wecsvc.dll
[2010/08/10 19:42:23 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wevtfwd.dll
[2010/08/10 19:42:23 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wecutil.exe
[2010/08/10 19:42:16 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/08/10 19:42:16 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2010/08/10 19:42:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/08/10 19:42:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2010/08/10 19:42:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/08/10 19:42:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/08/10 19:42:15 | 000,310,272 | ---- | C] () -- C:\Windows\SysNative\WsmWmiPl.dll
[2010/08/10 19:42:15 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\WsmAuto.dll
[2010/08/10 19:42:14 | 002,050,048 | ---- | C] () -- C:\Windows\SysNative\WsmSvc.dll
[2010/08/10 19:42:14 | 000,370,688 | ---- | C] () -- C:\Windows\SysNative\winrscmd.dll
[2010/08/10 19:42:14 | 000,352,768 | ---- | C] () -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2010/08/10 19:42:14 | 000,348,672 | ---- | C] () -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2010/08/10 19:05:52 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/08/10 19:05:52 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/08/10 19:05:49 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/08/10 19:05:48 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/08/10 19:05:47 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/08/10 19:05:47 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/08/10 19:05:44 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/08/10 19:05:44 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/08/10 19:05:44 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/08/10 19:02:52 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/08/10 19:02:51 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/08/10 19:02:46 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/08/10 19:01:50 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/08/10 19:01:48 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/08/10 19:01:07 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2010/08/10 18:21:53 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/09 19:37:27 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/03 17:43:49 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
[2010/08/03 17:43:46 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2010/08/03 17:43:46 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/08/03 12:25:41 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/03 12:25:40 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/27 09:25:09 | 000,518,488 | ---- | C] () -- C:\Windows\SysNative\XAudio2_7.dll
[2010/07/27 09:25:09 | 000,077,656 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/07/27 09:25:06 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_7.dll
[2010/07/27 09:25:05 | 002,526,056 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/07/27 09:25:05 | 001,907,552 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/07/27 09:25:04 | 000,511,328 | ---- | C] () -- C:\Windows\SysNative\d3dx10_43.dll
[2010/07/27 09:25:04 | 000,276,832 | ---- | C] () -- C:\Windows\SysNative\d3dx11_43.dll
[2010/07/27 09:25:03 | 002,401,112 | ---- | C] () -- C:\Windows\SysNative\D3DX9_43.dll
[2010/07/27 09:25:03 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2010/07/27 09:25:03 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/07/27 09:25:02 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2010/07/27 09:25:02 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/07/27 09:25:00 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2010/07/27 09:24:59 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2010/07/27 09:24:58 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/07/27 09:24:57 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/07/27 09:24:57 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2010/07/27 09:24:56 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2010/07/27 09:24:55 | 002,475,352 | ---- | C] () -- C:\Windows\SysNative\D3DX9_42.dll
[2010/07/27 09:24:52 | 002,430,312 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/07/27 09:24:52 | 000,520,544 | ---- | C] () -- C:\Windows\SysNative\d3dx10_41.dll
[2010/07/27 09:24:50 | 005,425,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_41.dll
[2010/07/27 09:24:49 | 000,521,560 | ---- | C] () -- C:\Windows\SysNative\XAudio2_4.dll
[2010/07/27 09:24:49 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/07/27 09:24:48 | 000,174,936 | ---- | C] () -- C:\Windows\SysNative\xactengine3_4.dll
[2010/07/27 09:24:48 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/07/27 09:24:47 | 005,631,312 | ---- | C] () -- C:\Windows\SysNative\D3DX9_40.dll
[2010/07/27 09:24:47 | 002,605,920 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/07/27 09:24:47 | 000,519,000 | ---- | C] () -- C:\Windows\SysNative\d3dx10_40.dll
[2010/07/27 09:24:46 | 000,518,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_3.dll
[2010/07/27 09:24:46 | 000,074,576 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/07/27 09:24:45 | 000,175,440 | ---- | C] () -- C:\Windows\SysNative\xactengine3_3.dll
[2010/07/27 09:24:44 | 000,025,936 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/07/27 09:24:43 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2010/07/27 09:24:43 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/07/27 09:24:38 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2010/07/27 09:24:32 | 004,992,520 | ---- | C] () -- C:\Windows\SysNative\D3DX9_39.dll
[2010/07/27 09:24:32 | 001,942,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/07/27 09:24:32 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_39.dll
[2010/07/27 09:24:31 | 000,511,496 | ---- | C] () -- C:\Windows\SysNative\XAudio2_1.dll
[2010/07/27 09:24:31 | 000,068,104 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/07/27 09:24:30 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_1.dll
[2010/07/27 09:24:29 | 001,941,528 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/07/27 09:24:29 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_38.dll
[2010/07/27 09:24:29 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/07/27 09:24:28 | 004,991,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_38.dll
[2010/07/27 09:24:27 | 000,489,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_0.dll
[2010/07/27 09:24:26 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_0.dll
[2010/07/27 09:24:26 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/07/27 09:24:25 | 001,860,120 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/07/27 09:24:25 | 000,529,424 | ---- | C] () -- C:\Windows\SysNative\d3dx10_37.dll
[2010/07/27 09:24:24 | 004,910,088 | ---- | C] () -- C:\Windows\SysNative\D3DX9_37.dll
[2010/07/27 09:24:23 | 000,411,656 | ---- | C] () -- C:\Windows\SysNative\xactengine2_10.dll
[2010/07/27 09:24:22 | 002,006,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/07/27 09:24:22 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_36.dll
[2010/07/27 09:24:21 | 005,081,608 | ---- | C] () -- C:\Windows\SysNative\d3dx9_36.dll
[2010/07/27 09:24:19 | 001,985,904 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/07/27 09:24:19 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_35.dll
[2010/07/27 09:24:19 | 000,411,496 | ---- | C] () -- C:\Windows\SysNative\xactengine2_9.dll
[2010/07/27 09:24:18 | 005,073,256 | ---- | C] () -- C:\Windows\SysNative\d3dx9_35.dll
[2010/07/27 09:24:15 | 001,401,200 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/07/27 09:24:15 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_34.dll
[2010/07/27 09:24:15 | 000,409,960 | ---- | C] () -- C:\Windows\SysNative\xactengine2_8.dll
[2010/07/27 09:24:15 | 000,021,000 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/07/27 09:24:14 | 004,496,232 | ---- | C] () -- C:\Windows\SysNative\d3dx9_34.dll
[2010/07/27 09:24:13 | 000,107,368 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll
[2010/07/27 09:24:12 | 000,403,304 | ---- | C] () -- C:\Windows\SysNative\xactengine2_7.dll
[2010/07/27 09:24:11 | 004,494,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_33.dll
[2010/07/27 09:24:11 | 001,400,176 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/07/27 09:24:11 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_33.dll
[2010/07/27 09:24:10 | 000,393,576 | ---- | C] () -- C:\Windows\SysNative\xactengine2_6.dll
[2010/07/27 09:24:09 | 000,390,424 | ---- | C] () -- C:\Windows\SysNative\xactengine2_5.dll
[2010/07/27 09:24:08 | 000,469,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10.dll
[2010/07/27 09:24:07 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll
[2010/07/27 09:24:07 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll
[2010/07/27 09:24:07 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/07/27 09:24:06 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll
[2010/07/27 09:24:05 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll
[2010/07/27 09:24:04 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
[2010/07/27 09:24:04 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
[2010/07/27 09:24:02 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll
[2010/07/27 09:24:00 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll
[2010/07/27 09:23:55 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll
[2010/07/27 09:23:55 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/07/27 09:23:53 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
[2010/07/27 09:23:52 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll
[2010/07/27 09:23:51 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll
[2010/07/27 09:23:50 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
[2010/07/27 09:23:49 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
[2010/07/27 09:23:48 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
[2010/06/22 19:36:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/15 13:31:57 | 000,416,850 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistMSI142D.txt
[2010/06/15 13:31:57 | 000,011,626 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistUI142D.txt
[2010/06/15 13:31:41 | 000,358,466 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistMSI13F6.txt
[2010/06/15 13:31:40 | 000,011,674 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistUI13F6.txt
[2010/05/07 09:42:05 | 000,004,096 | -H-- | C] () -- C:\Users\Home\AppData\Local\keyfile3.drm
[2010/04/24 12:47:41 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/04/24 12:47:41 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/03/31 09:28:30 | 000,000,236 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2010/03/14 16:36:03 | 000,000,063 | ---- | C] () -- C:\Windows\QTWFL.INI
[2009/09/17 19:32:26 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/08/31 12:07:18 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/08/03 09:27:02 | 000,000,247 | -H-- | C] () -- C:\Users\Home\AppData\Roaming\syspnetworkZ4.txt
[2009/07/28 12:56:54 | 000,024,088 | ---- | C] () -- C:\Users\Home\AppData\Roaming\UserTile.png
[2008/11/06 18:07:18 | 000,000,092 | ---- | C] () -- C:\Users\Home\AppData\Local\fusioncache.dat
[2008/11/06 17:43:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/04 21:34:12 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\WlanApp.dll
[2008/11/04 21:34:12 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll
[2008/11/01 13:08:14 | 000,761,508 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/10/26 19:51:57 | 000,197,120 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/08/21 04:03:49 | 000,001,521 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/08/21 03:42:25 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/21 03:42:25 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 22:49:18 | 000,030,720 | ---- | C] () -- C:\Windows\SysWow64\32of32i.dll
[2008/01/20 22:49:18 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\meunw2k.dll
[2008/01/20 22:49:18 | 000,022,529 | ---- | C] () -- C:\Windows\SysWow64\ovstw2k.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007/01/25 13:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2003/09/09 00:30:32 | 000,011,376 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 01:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2008/06/10 22:51:32 | 000,395,800 | ---- | M] (Intel Corporation) MD5=A5AFC75C01044C0DDA0231C4E26C15A0 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys
[2008/06/11 02:51:32 | 000,395,800 | ---- | M] (Intel Corporation) MD5=A5AFC75C01044C0DDA0231C4E26C15A0 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/06/11 02:51:14 | 000,318,488 | ---- | M] (Intel Corporation) MD5=DE7C12E59605EA7EA0CF6345AFEB0F07 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 22:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) MD5=2C040B7ADA5B06F6FACADAC8514AA034 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Home\Documents\clip0021.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Home\Documents\clip0019.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Home\Documents\clip0015.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Home\Documents\clip0014.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Home\Documents\clip0013.avi:TOC.WMV
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0AA053B7
< End of report >

Extras.txt

OTL Extras logfile created on: 19/08/2010 12:59:58 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Home\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.45 Gb Total Space | 242.45 Gb Free Space | 53.47% Space Free | Partition Type: NTFS
Drive D: | 12.31 Gb Total Space | 1.68 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-644326375-262011582-3349759808-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5253C2-4065-4201-838F-AF3168FF38BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0F6298CB-4197-4BAE-803F-8227584D1F95}" = lport=3390 | protocol=6 | dir=in | app=system |
"{154D8AA4-7722-400C-B67D-9E94A30E827B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{186804ED-A106-4418-8CF5-2CCFECB3F2AF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{20D58239-DDF1-4A33-9CC3-72F1A9B3510A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22AE32C9-AF0C-4D63-8D05-7F600CA01310}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2674F7FF-7459-4348-83ED-F822F22CF568}" = rport=138 | protocol=17 | dir=out | app=system |
"{27A2A5B6-845E-43FA-84D6-430B097AAE63}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27C84876-F612-4F7B-B289-9103426E3E7E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{29BB6834-A57A-46BD-AA4E-2EA1658AEA3D}" = rport=445 | protocol=6 | dir=out | app=system |
"{317447CD-23AF-4286-B01A-8A23FEFD3C01}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32014466-10D7-4AA2-8775-07A038620081}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3679A1E8-6ED7-461E-9F0A-29158B33A98E}" = lport=445 | protocol=6 | dir=in | app=system |
"{39E0C0C2-13D5-4B12-936B-BC7963ED2C34}" = lport=3390 | protocol=6 | dir=in | app=system |
"{406F1402-5F7A-49E0-A85F-7F24959FB9F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41B25424-0D67-4F86-B248-2F7117342C1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B6AB5E9-DA04-49FF-9EBA-151B78EDE6BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DD12316-74E3-48A4-8D0C-4728DD319072}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E291B43-A194-4233-ACF6-409D96104D51}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56F64D70-BD80-4B40-81B7-B6098B4C3392}" = rport=137 | protocol=17 | dir=out | app=system |
"{5F592450-0AAB-4CED-8D7D-03E7CCF34F38}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{634BE0B1-A3F0-486C-9D1B-6F1128A794EB}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{654347DE-B703-4749-8E7A-A6E90FE34754}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6C13696A-F803-4AFD-A94A-185728DA39C1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73A04D92-7A9E-4E86-A933-264F4D3298A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76C8FB3F-3353-4169-8CF7-1F4E93460C08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A1342BB-65E1-44FB-9C57-5A0ABD04A512}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F78AD4D-2934-4F7B-B0D4-C3C52812F0AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7FFAA5C2-17A9-4A93-A672-28AE0C9D2263}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80C9169D-E819-490C-A8B2-B8B5C6A6C05A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{81D118A5-E3EC-4A83-AEF4-3CEC9ACA2193}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81FA9947-DB6B-415C-A601-936F7BEA21C1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{86717BDD-083C-44E4-8DA6-8E57A35CBB96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E598C79-5908-43E2-9A31-372CD884C226}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9079EBFD-B956-48E4-8F3A-892D9FB833CF}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FBDA80F-EDBB-440D-96C4-B54650C90372}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2DDAE13-9EA5-4C52-89C1-463D257E7E18}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4F8E662-C395-4052-8CBD-6826FD2D58F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA6761AB-C1B9-4163-AE2D-A114AC60BF54}" = lport=10244 | protocol=6 | dir=in | app=system |
"{B204425A-4979-4C61-B3AE-3DC01C0C98BF}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BC0307E0-EA3D-4C73-9A59-F58E3C103B4A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{BF758450-F684-4299-A729-CB0D78A6AF47}" = lport=138 | protocol=17 | dir=in | app=system |
"{C52F7D9F-1995-414D-8C40-E6C64B83EA08}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB1807DF-FC7B-4C89-A830-DCAF64AC168D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CE4DB576-22C9-4509-B94F-6C4A00DA51BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E090EC7D-0081-412E-AA58-13765290DFF1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3432187-245F-4139-82C9-F5524873DFAB}" = lport=137 | protocol=17 | dir=in | app=system |
"{E58F28B7-F0AE-40F5-9BC7-E49249071C00}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E6110AFB-8A23-464D-BD76-E1A445B3801A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EAD8B7D1-A2B2-4FA5-9C91-B0837D417F41}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED0BCA5C-7EEF-4AFC-ABA0-0445FEBB7D25}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08AAF1A4-A8B2-468A-B148-43FCFBCE9CDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09AAA024-2F43-44CC-BEE8-302E72539DC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0AE55DD3-64AC-4260-AC45-9373C980EFFB}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0DDD0DC4-4596-4D3C-AF78-E4F7F491C328}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E2CF142-C4E7-4C02-A0B4-461D75FE1F7D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{15921E41-8009-4906-AB18-B6AE2E55DF90}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{181A189B-95AB-4899-B524-DEDB668BC342}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1BACE081-6435-4F08-8639-7A11C7D84EFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E3C8E04-0F57-4017-A6CE-2743C0E6F632}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2D570E49-8635-471C-9765-90C1560199A0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{2F613D14-38CB-4CF1-B5A9-2EA67D8216CC}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3379E89D-9413-4F27-8C80-EA4A3A6477C0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37B3B7FF-5D58-47D9-A3D8-16E537F7B779}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{393AC7BB-C366-4FC9-B77D-6285970ADDDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D7DBE10-DD8C-42BA-8FFE-4D812B0F676B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{4A686906-D7C6-4F0D-B317-ED3A7406E468}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{4AC20023-67A0-4CC9-8AAD-70E1376F8406}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5E398DF3-40CE-40DE-A7F2-6FECFE6E57FE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{629E0C4B-F69E-4BEB-A5A2-6903497CEA04}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{62F07A69-835F-4AAF-B406-2C27BF760D0A}" = protocol=6 | dir=in | app=c:\users\home\desktop\modding\torrents\utorrent\utorrent.exe |
"{63777B65-7D33-42DC-A0FE-AB9ED057380A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{67679363-3C5B-4F6B-B5FB-E6D0A95267C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6932E3F2-98D6-47AB-9DC8-5FEF7865E9EA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{6D62F61D-2CA1-4909-A09E-F3DF429C0BF9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{709880C9-866A-4F57-B819-759ABD10BF29}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73237FEC-8768-4CB6-8E6A-74AA4BDA29EB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{7E17A3B4-582C-497D-BE8A-E744AA35C2DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7FA53958-3EE1-4BF2-A8AD-FB1B64621147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AEDEAE0-9879-4012-A33C-6C9D34B6B247}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{8BA1D8DB-ECE6-4BB4-A10A-67B623F4E3FA}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8DCBE716-74DC-4586-9A84-CDC1279DC91C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8FA2C2AF-415C-4EBC-80E9-942CDA8F7098}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{94E9CA94-1CF6-4CFD-AEE8-47538F43DFCE}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{95FE68C3-69D4-4A69-BF24-827BB24C848B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9B2E035F-537F-4ACC-98B8-4BD6A415DE5E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A1FEC12E-B522-44BA-BEBA-FCF7CB5AD12C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{A403D080-1B8F-4E4D-85B8-39E9C156CA11}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A9DDA8B5-52A0-4AE9-8AD9-A51D7341468C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{AB1E7BE8-F3DC-4723-8C98-3FA690238FBC}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{B0B261FE-F81F-4C64-AB9B-B4A4C6044CBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1598F60-7AA4-4945-87F7-EF3B58B72375}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{B786A55D-5A1E-46A8-8FAC-9D8A3D25A43C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C16F61DC-4E97-461E-9872-25339E99E554}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C30B7A0D-CB35-4290-93ED-3C9A065BCE42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{C43C1F71-0300-483C-866A-7C999F60E0EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{C665F394-E3E8-4F2F-8B36-069EE8F6423F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9FBE4D1-44C9-44AD-AA53-8A1C1BDCBE7C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CCCD5B99-6407-44A9-9A02-F54E235B8407}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0094D2B-B02A-4891-98A2-13EE02080F61}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D2A7C97E-11B5-45F2-8930-A890809DA588}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{D588060C-7337-4850-B74B-51CF983CD2DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DA050978-E3C9-4A04-9DF0-4CF66FA08EFB}" = protocol=17 | dir=in | app=c:\users\home\desktop\modding\torrents\utorrent\utorrent.exe |
"{DA98BB54-43ED-4208-8C7E-BA77A3465BFF}" = protocol=6 | dir=out | app=system |
"{DAD21B98-97B2-463B-8596-2EBECC38FCCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E2752712-58D1-4410-B50D-C35985D5E5D8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E2FC0122-DDC0-471E-BB5D-D77794B91E3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3F6DD73-50A5-4B77-B389-42E7F33FFAD8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E6E33705-34B2-48B3-8536-B420DB1DD00C}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{10D0E796-9127-40F0-BB40-1213F22747C8}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{12F04B33-A90A-45A6-A921-5B2C4866F444}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo custom edition\haloce.exe |
"TCP Query User{13790FB0-253D-4AF9-9CCC-A3BEFB9C9EF9}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"TCP Query User{1CD91F40-40AF-4410-A213-9E1A6BC00F7B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{1E076223-8BC1-4AB2-8D76-6F88F8417FA3}C:\program files (x86)\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |
"TCP Query User{26040FC7-F0A6-4C96-BA8E-C46239C584AC}C:\users\home\desktop\rahul\torrents\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\home\desktop\rahul\torrents\utorrent\utorrent.exe |
"TCP Query User{3926693A-7722-49D6-A101-40E518DEA051}C:\users\home\desktop\rahul\torrents\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\home\desktop\rahul\torrents\utorrent\utorrent.exe |
"TCP Query User{40A76EE0-DC1E-4FC6-B60E-876CFB78B315}C:\users\home\appdata\local\microsoft\windows\temporary internet files\content.ie5\2voogzhu\serial.mkv.converter.studio.v2.0.2[1].exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\microsoft\windows\temporary internet files\content.ie5\2voogzhu\serial.mkv.converter.studio.v2.0.2[1].exe |
"TCP Query User{609EEB48-307F-49CE-BC1B-06AA7491E6CC}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{645A1FE8-3BD6-4698-AB58-EBA7A4AC6DC1}C:\users\home\desktop\modding\halo 1\halo 1\haloce.exe" = protocol=6 | dir=in | app=c:\users\home\desktop\modding\halo 1\halo 1\haloce.exe |
"TCP Query User{862D75E5-2C6F-4B7A-AF52-CC0C16B96956}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{8B951DA2-CF0D-4646-B7E1-482F9C559090}C:\users\home\desktop\rahul\modding\torrents\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\home\desktop\rahul\modding\torrents\utorrent\utorrent.exe |
"TCP Query User{95951674-D6B8-4405-ABDA-11AE1D4A1B5A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{9ADA14A7-0809-497B-937E-54F829BD4C78}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{C3737A0C-DE02-452B-AF49-7305F9E4DE57}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{C5AD42E5-40AB-48D4-9C3B-D63277ACF6F5}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"TCP Query User{C982A7B4-73C9-4B4D-8EE1-7A0AA9D18A35}C:\users\home\desktop\modding\halo 1\halo 1\halo.exe" = protocol=6 | dir=in | app=c:\users\home\desktop\modding\halo 1\halo 1\halo.exe |
"TCP Query User{C9A0A7C9-6B62-4F2C-8C47-B79B502A76C5}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{E347CE56-6750-4DF1-9410-B9493E987425}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{F061B75E-5465-4206-A302-F9B8CC327368}C:\users\default\desktop\halo.exe" = protocol=6 | dir=in | app=c:\users\default\desktop\halo.exe |
"TCP Query User{F9238408-CBDC-4247-AB12-23EC5203989A}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{2556E273-A540-47D5-B83D-04C1F62AA80D}C:\users\default\desktop\halo.exe" = protocol=17 | dir=in | app=c:\users\default\desktop\halo.exe |
"UDP Query User{3015D176-77D1-4968-B1BE-AE64554EF8F7}C:\users\home\desktop\rahul\modding\torrents\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\home\desktop\rahul\modding\torrents\utorrent\utorrent.exe |
"UDP Query User{3C0516F7-8260-41FC-808A-13BD08864A53}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{51FD7248-D240-43E1-BA8E-C1E043D7919E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{52CDE8AB-D380-4B2A-A36C-33F9D8F6FE6E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{5B0BE5B8-2F74-46D0-96A2-7636CF82B573}C:\program files (x86)\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amsn\bin\wish.exe |
"UDP Query User{5F66C443-F226-4C44-99EC-0903DCD8234D}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{77C3E8E7-CB37-44E6-93A8-0B385814FB80}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{7AF4BC95-BD8A-49FB-9236-0262D50D874B}C:\users\home\appdata\local\microsoft\windows\temporary internet files\content.ie5\2voogzhu\serial.mkv.converter.studio.v2.0.2[1].exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\microsoft\windows\temporary internet files\content.ie5\2voogzhu\serial.mkv.converter.studio.v2.0.2[1].exe |
"UDP Query User{84254654-5D54-4C5E-BDD3-4F137B0A3B9A}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{97999B91-77E0-45F5-9EFE-41A302650E1E}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{9ABE9C0A-AC4A-4D19-8C63-DC22C3BEC9C5}C:\users\home\desktop\modding\halo 1\halo 1\halo.exe" = protocol=17 | dir=in | app=c:\users\home\desktop\modding\halo 1\halo 1\halo.exe |
"UDP Query User{C0AAB6BF-8CB5-4ADB-AA96-05E0610EF8E4}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{C2D44B46-ADD2-4BAF-B0EC-A18A513F026F}C:\users\home\desktop\rahul\torrents\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\home\desktop\rahul\torrents\utorrent\utorrent.exe |
"UDP Query User{D770B980-6FA1-4A04-941B-5660F93CAF98}C:\users\home\desktop\modding\halo 1\halo 1\haloce.exe" = protocol=17 | dir=in | app=c:\users\home\desktop\modding\halo 1\halo 1\haloce.exe |
"UDP Query User{E51D7AF7-48E3-46F3-8CFE-3D6C80A3E55E}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{F238ACE3-783A-4FE8-A5E6-205E03048998}C:\users\home\desktop\rahul\torrents\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\home\desktop\rahul\torrents\utorrent\utorrent.exe |
"UDP Query User{F3C80450-7175-4CA3-B2FB-3F5D7194E0F8}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo custom edition\haloce.exe |
"UDP Query User{F62105DE-27DF-45AE-BB99-E3ABA1C78BA8}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"UDP Query User{F6B1022F-30AB-42C4-95C4-B8A4D5FC4275}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{F8D9C3D2-CEBB-4A22-884F-AA95D0170A38}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"HyperCam 2 (64 bit)" = HyperCam 2 (64 bit)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0D2A071C-3B74-4AF8-A27D-CB5DA6731626}" = InstallerApp
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0878C51-B88B-4E4C-9061-F95B98290505}" = RangeBooster G WDA-2320
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92B6797-9C07-4E25-AD96-29087D3A2AC2}" = TouchCopy 09
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DC525714-3134-4749-A39F-E3216A4FF9BD}" = Halo CE Cracked Setup
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE18E5E3-9929-4A7C-AA08-E0AEC2FEA75C}" = Air Mouse Server
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2CF483C-7EEE-4B64-A730-14F83CD5AFFE}" = Adobe Encore DVD 1.0
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Emicsoft MKV Converter_is1" = Emicsoft MKV Converter
"Emicsoft Video Converter_is1" = Emicsoft Video Converter
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Fraps" = Fraps (remove only)
"Google Updater" = Google Updater
"Halo" = Microsoft Halo
"Halo Tool Box" = Halo Tool Box
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"igLoader" = igLoader
"ImTOO MPEG Encoder Standard" = ImTOO MPEG Encoder Standard
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"MP4 Converter_is1" = MP4 Converter 1.0
"Nokia PC Suite" = Nokia PC Suite
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Picasa 3" = Picasa 3
"Replay Converter 3" = Replay Converter 3
"Replay_AV_807" = Replay AV 8
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = My HP Games
"WinFF_is1" = WinFF 1.0.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0
"winscp3_is1" = WinSCP 4.0.7
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-644326375-262011582-3349759808-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/03/2010 5:26:31 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/03/2010 11:02:01 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/03/2010 6:29:39 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/03/2010 10:16:02 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/03/2010 10:16:03 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 11/03/2010 11:19:02 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6001.7007, time stamp
0x4a5c650c, faulting module ff_libdts.dll, version 0.0.0.0, time stamp 0x475422c2,
exception code 0xc0000005, fault offset 0x000027bb, process id 0x183c, application
start time 0x01cac12e091f3e0e.

Error - 11/03/2010 9:16:09 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/03/2010 9:17:21 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 11/03/2010 9:17:21 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/03/2010 9:54:48 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 19/11/2008 10:00:23 PM | Computer Name = Home-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 19/11/2008 10:08:43 PM | Computer Name = Home-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 19/11/2008 10:15:58 PM | Computer Name = Home-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 04/05/2009 3:34:48 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/10/2009 1:44:25 PM | Computer Name = Home-PC | Source = McrMgr | ID = 109
Description =

Error - 07/08/2010 5:49:54 PM | Computer Name = Home-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 07/08/2010 5:50:26 PM | Computer Name = Home-PC | Source = Mcx2Svc | ID = 301
Description =

[ System Events ]
Error - 18/08/2010 5:24:12 PM | Computer Name = Home-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.87.2086.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6004.0 Error
code: 0x80072ee2 Error description: The operation timed out

Error - 18/08/2010 6:46:37 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 18/08/2010 6:46:53 PM | Computer Name = Home-PC | Source = HTTP | ID = 15016
Description =

Error - 18/08/2010 6:48:44 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 18/08/2010 8:27:14 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 18/08/2010 9:01:45 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 19/08/2010 8:52:13 AM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 19/08/2010 8:52:30 AM | Computer Name = Home-PC | Source = HTTP | ID = 15016
Description =

Error - 19/08/2010 8:54:09 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 19/08/2010 8:55:23 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

Those are the reports

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:02 PM

Posted 19 August 2010 - 03:24 PM

Hi,

please run the following fix:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    [2010/08/09 18:51:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{5850AA47-CB1A-4F19-A64F-4D8E833B13E6}
    [2010/08/09 18:49:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\0B6A0EA1F3A6DBD71F28ADAD29BD93E6
    [2010/08/08 14:21:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Windows Server
    FF - prefs.js..extensions.enabledItems: {5850AA47-CB1A-4F19-A64F-4D8E833B13E6}:1.9.1
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please also upload the following file to virustotal:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit.

C:\Windows\SysNative\drivers\iastor.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 MTL86

MTL86
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 19 August 2010 - 05:18 PM

Do you know what the problem is?

The log after the fix

All processes killed
========== OTL ==========
C:\Users\Home\AppData\Local\{5850AA47-CB1A-4F19-A64F-4D8E833B13E6}\chrome\content folder moved successfully.
C:\Users\Home\AppData\Local\{5850AA47-CB1A-4F19-A64F-4D8E833B13E6}\chrome folder moved successfully.
C:\Users\Home\AppData\Local\{5850AA47-CB1A-4F19-A64F-4D8E833B13E6} folder moved successfully.
C:\Users\Home\AppData\Roaming\0B6A0EA1F3A6DBD71F28ADAD29BD93E6 folder moved successfully.
C:\Users\Home\AppData\Local\Windows Server folder moved successfully.
Prefs.js: {5850AA47-CB1A-4F19-A64F-4D8E833B13E6}:1.9.1 removed from extensions.enabledItems
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Home
->Temp folder emptied: 1045510260 bytes
->Temporary Internet Files folder emptied: 1308232285 bytes
->Java cache emptied: 100761230 bytes
->FireFox cache emptied: 70055803 bytes
->Google Chrome cache emptied: 235772560 bytes
->Apple Safari cache emptied: 39372800 bytes
->Flash cache emptied: 2168954 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 309646 bytes
->Flash cache emptied: 84 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 316640 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 168992 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 155577723 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 22714171451 bytes

Total Files Cleaned = 24,483.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08192010_173633

Files\Folders moved on Reboot...
File\Folder C:\Users\Home\AppData\Local\Temp\VGXC7C1.tmp not found!
File move failed. C:\Windows\SysNative\SET9109.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIGHGZ6H\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D46FE612\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHJAMQ33\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AIEQ161\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...


The log after the follow-up scan


OTL logfile created on: 19/08/2010 6:06:25 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Home\Desktop\Virus
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.45 Gb Total Space | 264.81 Gb Free Space | 58.40% Space Free | Partition Type: NTFS
Drive D: | 12.31 Gb Total Space | 1.68 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Home\Desktop\Virus\OTL.exe (OldTimer Tools)
PRC - C:\Users\Home\Desktop\Rahul\Modding\Torrents\Utorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe (D-Link)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Home\Desktop\Virus\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini File not found
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys File not found
DRV:64bit: - (pfc) -- C:\Windows\SysNative\drivers\pfc.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys ()
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys ()
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys ()
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys ()
DRV:64bit: - (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) -- C:\Windows\SysNative\DRIVERS\A3ABvx.sys ()
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)
DRV - (SecDrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/default.aspx?lang=en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\HyperCam Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.0
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.733
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.4.1
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.11
FF - prefs.js..keyword.URL: "http://www.bigseekpro.com/search/toolbar/hypercam/{69DDB586-987E-7874-EFB6-951F43C4B838}?q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/14 15:45:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/07/09 08:24:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/02 14:12:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/10 19:07:31 | 000,000,000 | ---D | M]

[2010/04/06 07:11:21 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2009/08/31 15:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/06 07:11:21 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/08/16 13:32:31 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions
[2009/08/31 16:19:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 16:53:14 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010/04/24 09:06:40 | 000,000,000 | ---D | M] (Sothink Flash Downloader) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}
[2010/04/24 09:20:35 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/03/01 10:51:24 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\tfeeyb9q.default\extensions\firebug@software.joehewitt.com
[2010/08/10 19:07:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/02 14:12:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/22 19:34:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/02/07 17:59:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/08/10 19:07:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/02 14:12:37 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/08/02 14:12:37 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/02 14:12:39 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2008/10/14 22:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/06/21 19:15:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/06/21 19:15:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/06/21 19:15:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/06/21 19:15:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/06/21 19:15:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/06/21 19:15:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/06/21 19:15:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/07/03 13:23:12 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/07/03 13:23:12 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/07/03 13:23:12 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/03 13:23:12 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/07/03 13:23:12 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/07/03 13:23:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysNative\ieframe.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files (x86)\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Home\Desktop\Rahul\Modding\Torrents\Utorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.ca/s/v/57.07/uploader2.cab (UploadListView Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.ca/downloads/BUM/B..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files (x86)\QuickTax 2007\ic2007pp.dll File not found
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files (x86)\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Cities_Night_skyscraper_005353_.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Cities_Night_skyscraper_005353_.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{188f6472-416c-11df-8416-00221581d20f}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{2a6ac4cf-a41a-11dd-b781-00221581d20f}\Shell\AutoRun\command - "" = M:\WBR1310.exe -- File not found
O33 - MountPoints2\{2a6ac4d4-a41a-11dd-b781-00221581d20f}\Shell - "" = AutoRun
O33 - MountPoints2\{2a6ac4d4-a41a-11dd-b781-00221581d20f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{58b01ef2-a3a4-11dd-82de-00221581d20f}\Shell - "" = AutoRun
O33 - MountPoints2\{58b01ef2-a3a4-11dd-82de-00221581d20f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{89067b38-4234-11df-80d5-00221581d20f}\Shell - "" = AutoRun
O33 - MountPoints2\{89067b38-4234-11df-80d5-00221581d20f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b4abfb61-8b39-11de-8ee7-00221581d20f}\Shell - "" = AutoRun
O33 - MountPoints2\{b4abfb61-8b39-11de-8ee7-00221581d20f}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/19 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Virus
[2010/08/19 17:36:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/15 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Unknown Artist
[2010/08/14 18:52:33 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Sima's 26th Birthday
[2010/08/11 16:21:51 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 16:21:48 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 16:16:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 16:16:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 16:16:33 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 16:16:32 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 16:16:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 16:16:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 16:16:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 16:16:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 16:16:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 16:16:31 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 16:16:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 12:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/08/11 12:19:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2010/08/11 12:10:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Uniblue
[2010/08/10 19:47:48 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/08/10 19:47:48 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/08/10 19:47:44 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/08/10 19:47:43 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2010/08/10 19:47:43 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2010/08/10 19:46:29 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/08/10 19:46:29 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/08/10 19:46:29 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/08/10 19:46:29 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/08/10 19:44:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/08/10 19:44:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/08/10 19:42:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2010/08/10 19:42:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2010/08/10 19:42:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2010/08/10 19:42:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2010/08/10 19:42:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2010/08/10 19:42:23 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2010/08/10 19:42:23 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2010/08/10 19:42:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2010/08/10 19:42:23 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2010/08/10 19:42:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2010/08/10 19:42:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2010/08/10 19:42:15 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2010/08/10 19:42:14 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2010/08/10 19:42:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2010/08/10 19:42:14 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2010/08/10 19:42:14 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2010/08/10 19:36:57 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Band Pics
[2010/08/10 19:08:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/10 19:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/10 19:07:31 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/10 19:07:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/10 19:07:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/10 19:07:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/10 19:05:51 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/08/10 19:05:50 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/08/10 19:05:48 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/08/10 19:05:47 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/08/10 19:05:46 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/08/10 19:05:46 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/08/10 19:05:44 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/08/10 19:05:44 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/08/10 19:05:44 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/08/10 19:02:52 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2010/08/10 19:02:50 | 010,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/08/10 19:02:46 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/08/10 19:01:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/08/10 19:01:48 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/08/10 19:01:07 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2010/08/10 18:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/08/10 18:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/09 19:37:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2010/08/09 19:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/09 19:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/06 19:19:31 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Tranfer
[2010/08/05 19:53:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Usha & Chet Visit August 2010
[2010/08/03 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\MKV Converter Studio
[2010/08/03 18:54:48 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Apowersoft
[2010/08/03 17:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2010/08/03 17:44:34 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\iSkysoft Video Converter
[2010/08/03 17:44:04 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Conversion
[2010/08/03 17:43:46 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2010/08/03 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSkysoft
[2010/08/03 15:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2010/08/03 12:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/03 12:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/03 12:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/27 12:59:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Need for Speed World
[2010/07/27 09:25:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Electronic_Arts_Inc
[2010/07/27 09:25:09 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/07/27 09:25:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/07/27 09:25:06 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/07/27 09:25:05 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/07/27 09:25:05 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/07/27 09:25:04 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/07/27 09:25:04 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/07/27 09:25:03 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/07/27 09:25:03 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/07/27 09:25:03 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/07/27 09:25:02 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/07/27 09:25:02 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/07/27 09:25:00 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/07/27 09:24:59 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/07/27 09:24:58 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/07/27 09:24:57 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/07/27 09:24:57 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/07/27 09:24:56 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/07/27 09:24:55 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/07/27 09:24:52 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/07/27 09:24:52 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/07/27 09:24:50 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/07/27 09:24:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/07/27 09:24:49 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/07/27 09:24:48 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/07/27 09:24:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/07/27 09:24:47 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/07/27 09:24:47 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/07/27 09:24:47 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/07/27 09:24:46 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/07/27 09:24:46 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/07/27 09:24:45 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/07/27 09:24:44 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/07/27 09:24:43 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/07/27 09:24:43 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/07/27 09:24:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/07/27 09:24:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/07/27 09:24:32 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/07/27 09:24:32 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/07/27 09:24:31 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/07/27 09:24:31 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/07/27 09:24:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/07/27 09:24:29 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/07/27 09:24:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/07/27 09:24:29 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/07/27 09:24:28 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/07/27 09:24:27 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/07/27 09:24:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/07/27 09:24:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/07/27 09:24:25 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/07/27 09:24:25 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/07/27 09:24:24 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/07/27 09:24:23 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/07/27 09:24:22 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/07/27 09:24:22 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/07/27 09:24:21 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/07/27 09:24:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/07/27 09:24:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/07/27 09:24:19 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/07/27 09:24:18 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/07/27 09:24:15 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/07/27 09:24:15 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/07/27 09:24:15 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/07/27 09:24:15 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/07/27 09:24:14 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/07/27 09:24:13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/07/27 09:24:12 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/07/27 09:24:11 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/07/27 09:24:11 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/07/27 09:24:11 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/07/27 09:24:10 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/07/27 09:24:09 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/07/27 09:24:08 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/07/27 09:24:07 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/07/27 09:24:07 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/07/27 09:24:07 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/07/27 09:24:06 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/07/27 09:24:05 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/07/27 09:24:04 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/07/27 09:24:04 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/07/27 09:24:02 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/07/27 09:24:00 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/07/27 09:23:55 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/07/27 09:23:55 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/07/27 09:23:53 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/07/27 09:23:52 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/07/27 09:23:50 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/07/27 09:23:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/07/27 09:23:48 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/07/27 09:19:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/07/27 09:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/07/26 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Docks
[2010/07/21 20:05:29 | 000,000,000 | -HSD | C] -- C:\Users\Home\Phone Browser
[18 C:\Users\Home\Desktop\*.tmp files -> C:\Users\Home\Desktop\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/19 18:06:24 | 004,718,592 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
[2010/08/19 18:05:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/19 17:49:04 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/08/19 17:45:55 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/19 17:45:55 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/19 17:45:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/19 17:45:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/19 17:45:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/19 17:45:03 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{be828c88-4be8-11de-bcc9-00221581d20f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/19 17:45:03 | 000,065,536 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{be828c88-4be8-11de-bcc9-00221581d20f}.TM.blf
[2010/08/19 17:44:42 | 003,052,353 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010/08/19 17:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-644326375-262011582-3349759808-1000UA.job
[2010/08/19 14:20:57 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4911EE3A-39AA-4348-8E21-D157503C1EE1}.job
[2010/08/19 12:52:57 | 000,197,120 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/19 12:52:52 | 194,464,912 | ---- | M] () -- C:\Users\Home\Documents\clip0021.avi
[2010/08/18 21:04:53 | 000,828,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/18 21:04:53 | 000,694,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/18 21:04:53 | 000,143,782 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/18 19:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-644326375-262011582-3349759808-1000Core.job
[2010/08/15 12:06:19 | 000,000,967 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/08/15 12:06:18 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/08/14 09:46:39 | 000,365,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/13 17:10:35 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010/08/13 12:25:18 | 000,067,740 | ---- | M] () -- C:\Users\Home\Desktop\Untitled.jpg
[2010/08/12 09:14:43 | 000,002,039 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2010/08/12 09:13:55 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/08/11 19:25:36 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/10 20:33:20 | 000,094,680 | ---- | M] () -- C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/10 18:21:53 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/03 12:25:41 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/02 15:57:10 | 000,000,600 | ---- | M] () -- C:\Users\Home\PUTTY.RND
[2010/07/23 11:46:56 | 000,892,928 | ---- | M] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2010/07/23 11:46:56 | 000,675,840 | ---- | M] () -- C:\Windows\SysWow64\ac3filter.ax
[2010/07/23 11:46:54 | 000,496,640 | ---- | M] () -- C:\Windows\SysWow64\xvid.ax
[2010/07/23 11:46:54 | 000,153,600 | ---- | M] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
[18 C:\Users\Home\Desktop\*.tmp files -> C:\Users\Home\Desktop\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/19 12:49:47 | 194,464,912 | ---- | C] () -- C:\Users\Home\Documents\clip0021.avi
[2010/08/15 12:06:19 | 000,000,967 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/08/15 12:06:18 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/08/13 12:25:17 | 000,067,740 | ---- | C] () -- C:\Users\Home\Desktop\Untitled.jpg
[2010/08/12 09:14:43 | 000,002,039 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2010/08/12 09:13:55 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/08/11 19:25:36 | 000,002,001 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/11 19:23:20 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-644326375-262011582-3349759808-1000UA.job
[2010/08/11 19:23:19 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-644326375-262011582-3349759808-1000Core.job
[2010/08/11 16:33:39 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/11 16:32:39 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/11 16:32:38 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/11 16:21:54 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/11 16:21:50 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 16:21:46 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 16:16:44 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/11 16:16:42 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/11 16:16:41 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 16:16:38 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/11 16:16:37 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/11 16:16:36 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 16:16:35 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/11 16:16:35 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 16:16:35 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/11 16:16:34 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/11 16:16:34 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/11 16:16:34 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 16:16:34 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/11 16:16:34 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/11 16:16:33 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 16:16:32 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 16:16:32 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 16:16:31 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 16:16:30 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/11 16:16:30 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 16:16:30 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 16:15:55 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/11 16:15:06 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/10 19:47:49 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/08/10 19:47:49 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/08/10 19:47:44 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/08/10 19:47:42 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/08/10 19:47:42 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/08/10 19:46:29 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/08/10 19:46:29 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/08/10 19:46:29 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/08/10 19:46:29 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/08/10 19:46:28 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/08/10 19:42:53 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\winrsmgr.dll
[2010/08/10 19:42:51 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\wsmplpxy.dll
[2010/08/10 19:42:51 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\winrssrv.dll
[2010/08/10 19:42:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\pwrshplugin.dll
[2010/08/10 19:42:40 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\winrs.exe
[2010/08/10 19:42:40 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\winrshost.exe
[2010/08/10 19:42:40 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\wsmprovhost.exe
[2010/08/10 19:42:24 | 000,084,992 | ---- | C] () -- C:\Windows\SysNative\wecapi.dll
[2010/08/10 19:42:24 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\WsmRes.dll
[2010/08/10 19:42:23 | 000,232,960 | ---- | C] () -- C:\Windows\SysNative\wecsvc.dll
[2010/08/10 19:42:23 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wevtfwd.dll
[2010/08/10 19:42:23 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wecutil.exe
[2010/08/10 19:42:16 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/08/10 19:42:16 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2010/08/10 19:42:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/08/10 19:42:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2010/08/10 19:42:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/08/10 19:42:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/08/10 19:42:15 | 000,310,272 | ---- | C] () -- C:\Windows\SysNative\WsmWmiPl.dll
[2010/08/10 19:42:15 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\WsmAuto.dll
[2010/08/10 19:42:14 | 002,050,048 | ---- | C] () -- C:\Windows\SysNative\WsmSvc.dll
[2010/08/10 19:42:14 | 000,370,688 | ---- | C] () -- C:\Windows\SysNative\winrscmd.dll
[2010/08/10 19:42:14 | 000,352,768 | ---- | C] () -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2010/08/10 19:42:14 | 000,348,672 | ---- | C] () -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2010/08/10 19:05:52 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/08/10 19:05:52 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/08/10 19:05:49 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/08/10 19:05:48 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/08/10 19:05:47 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/08/10 19:05:47 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/08/10 19:05:44 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/08/10 19:05:44 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/08/10 19:05:44 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/08/10 19:02:52 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/08/10 19:02:51 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/08/10 19:02:46 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/08/10 19:01:50 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/08/10 19:01:48 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/08/10 19:01:07 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2010/08/10 18:21:53 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/09 19:37:27 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/03 17:43:49 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
[2010/08/03 17:43:46 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2010/08/03 17:43:46 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/08/03 12:25:41 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/03 12:25:40 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/27 09:25:09 | 000,518,488 | ---- | C] () -- C:\Windows\SysNative\XAudio2_7.dll
[2010/07/27 09:25:09 | 000,077,656 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/07/27 09:25:06 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_7.dll
[2010/07/27 09:25:05 | 002,526,056 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/07/27 09:25:05 | 001,907,552 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/07/27 09:25:04 | 000,511,328 | ---- | C] () -- C:\Windows\SysNative\d3dx10_43.dll
[2010/07/27 09:25:04 | 000,276,832 | ---- | C] () -- C:\Windows\SysNative\d3dx11_43.dll
[2010/07/27 09:25:03 | 002,401,112 | ---- | C] () -- C:\Windows\SysNative\D3DX9_43.dll
[2010/07/27 09:25:03 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2010/07/27 09:25:03 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/07/27 09:25:02 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2010/07/27 09:25:02 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/07/27 09:25:00 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2010/07/27 09:24:59 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2010/07/27 09:24:58 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/07/27 09:24:57 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/07/27 09:24:57 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2010/07/27 09:24:56 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2010/07/27 09:24:55 | 002,475,352 | ---- | C] () -- C:\Windows\SysNative\D3DX9_42.dll
[2010/07/27 09:24:52 | 002,430,312 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/07/27 09:24:52 | 000,520,544 | ---- | C] () -- C:\Windows\SysNative\d3dx10_41.dll
[2010/07/27 09:24:50 | 005,425,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_41.dll
[2010/07/27 09:24:49 | 000,521,560 | ---- | C] () -- C:\Windows\SysNative\XAudio2_4.dll
[2010/07/27 09:24:49 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/07/27 09:24:48 | 000,174,936 | ---- | C] () -- C:\Windows\SysNative\xactengine3_4.dll
[2010/07/27 09:24:48 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/07/27 09:24:47 | 005,631,312 | ---- | C] () -- C:\Windows\SysNative\D3DX9_40.dll
[2010/07/27 09:24:47 | 002,605,920 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/07/27 09:24:47 | 000,519,000 | ---- | C] () -- C:\Windows\SysNative\d3dx10_40.dll
[2010/07/27 09:24:46 | 000,518,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_3.dll
[2010/07/27 09:24:46 | 000,074,576 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/07/27 09:24:45 | 000,175,440 | ---- | C] () -- C:\Windows\SysNative\xactengine3_3.dll
[2010/07/27 09:24:44 | 000,025,936 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/07/27 09:24:43 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2010/07/27 09:24:43 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/07/27 09:24:38 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2010/07/27 09:24:32 | 004,992,520 | ---- | C] () -- C:\Windows\SysNative\D3DX9_39.dll
[2010/07/27 09:24:32 | 001,942,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/07/27 09:24:32 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_39.dll
[2010/07/27 09:24:31 | 000,511,496 | ---- | C] () -- C:\Windows\SysNative\XAudio2_1.dll
[2010/07/27 09:24:31 | 000,068,104 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/07/27 09:24:30 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_1.dll
[2010/07/27 09:24:29 | 001,941,528 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/07/27 09:24:29 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_38.dll
[2010/07/27 09:24:29 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/07/27 09:24:28 | 004,991,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_38.dll
[2010/07/27 09:24:27 | 000,489,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_0.dll
[2010/07/27 09:24:26 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_0.dll
[2010/07/27 09:24:26 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/07/27 09:24:25 | 001,860,120 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/07/27 09:24:25 | 000,529,424 | ---- | C] () -- C:\Windows\SysNative\d3dx10_37.dll
[2010/07/27 09:24:24 | 004,910,088 | ---- | C] () -- C:\Windows\SysNative\D3DX9_37.dll
[2010/07/27 09:24:23 | 000,411,656 | ---- | C] () -- C:\Windows\SysNative\xactengine2_10.dll
[2010/07/27 09:24:22 | 002,006,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/07/27 09:24:22 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_36.dll
[2010/07/27 09:24:21 | 005,081,608 | ---- | C] () -- C:\Windows\SysNative\d3dx9_36.dll
[2010/07/27 09:24:19 | 001,985,904 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/07/27 09:24:19 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_35.dll
[2010/07/27 09:24:19 | 000,411,496 | ---- | C] () -- C:\Windows\SysNative\xactengine2_9.dll
[2010/07/27 09:24:18 | 005,073,256 | ---- | C] () -- C:\Windows\SysNative\d3dx9_35.dll
[2010/07/27 09:24:15 | 001,401,200 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/07/27 09:24:15 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_34.dll
[2010/07/27 09:24:15 | 000,409,960 | ---- | C] () -- C:\Windows\SysNative\xactengine2_8.dll
[2010/07/27 09:24:15 | 000,021,000 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/07/27 09:24:14 | 004,496,232 | ---- | C] () -- C:\Windows\SysNative\d3dx9_34.dll
[2010/07/27 09:24:13 | 000,107,368 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll
[2010/07/27 09:24:12 | 000,403,304 | ---- | C] () -- C:\Windows\SysNative\xactengine2_7.dll
[2010/07/27 09:24:11 | 004,494,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_33.dll
[2010/07/27 09:24:11 | 001,400,176 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/07/27 09:24:11 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_33.dll
[2010/07/27 09:24:10 | 000,393,576 | ---- | C] () -- C:\Windows\SysNative\xactengine2_6.dll
[2010/07/27 09:24:09 | 000,390,424 | ---- | C] () -- C:\Windows\SysNative\xactengine2_5.dll
[2010/07/27 09:24:08 | 000,469,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10.dll
[2010/07/27 09:24:07 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll
[2010/07/27 09:24:07 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll
[2010/07/27 09:24:07 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/07/27 09:24:06 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll
[2010/07/27 09:24:05 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll
[2010/07/27 09:24:04 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
[2010/07/27 09:24:04 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
[2010/07/27 09:24:02 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll
[2010/07/27 09:24:00 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll
[2010/07/27 09:23:55 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll
[2010/07/27 09:23:55 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/07/27 09:23:53 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
[2010/07/27 09:23:52 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll
[2010/07/27 09:23:51 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll
[2010/07/27 09:23:50 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
[2010/07/27 09:23:49 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
[2010/07/27 09:23:48 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
[2010/06/22 19:36:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/15 13:31:57 | 000,416,850 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistMSI142D.txt
[2010/06/15 13:31:57 | 000,011,626 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistUI142D.txt
[2010/06/15 13:31:41 | 000,358,466 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistMSI13F6.txt
[2010/06/15 13:31:40 | 000,011,674 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistUI13F6.txt
[2010/05/07 09:42:05 | 000,004,096 | -H-- | C] () -- C:\Users\Home\AppData\Local\keyfile3.drm
[2010/04/24 12:47:41 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/04/24 12:47:41 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/03/31 09:28:30 | 000,000,236 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2010/03/14 16:36:03 | 000,000,063 | ---- | C] () -- C:\Windows\QTWFL.INI
[2009/09/17 19:32:26 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/08/31 12:07:18 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/08/03 09:27:02 | 000,000,247 | -H-- | C] () -- C:\Users\Home\AppData\Roaming\syspnetworkZ4.txt
[2009/07/28 12:56:54 | 000,024,088 | ---- | C] () -- C:\Users\Home\AppData\Roaming\UserTile.png
[2008/11/06 18:07:18 | 000,000,092 | ---- | C] () -- C:\Users\Home\AppData\Local\fusioncache.dat
[2008/11/06 17:43:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/04 21:34:12 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\WlanApp.dll
[2008/11/04 21:34:12 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll
[2008/11/01 13:08:14 | 000,761,508 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/10/26 19:51:57 | 000,197,120 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/08/21 04:03:49 | 000,001,521 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/08/21 03:42:25 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/21 03:42:25 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 22:49:18 | 000,030,720 | ---- | C] () -- C:\Windows\SysWow64\32of32i.dll
[2008/01/20 22:49:18 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\meunw2k.dll
[2008/01/20 22:49:18 | 000,022,529 | ---- | C] () -- C:\Windows\SysWow64\ovstw2k.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007/01/25 13:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2003/09/09 00:30:32 | 000,011,376 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Home\Documents\clip0021.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Home\Documents\clip0019.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Home\Documents\clip0015.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Home\Documents\clip0014.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Home\Documents\clip0013.avi:TOC.WMV
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0AA053B7
< End of report >

I could not upload the file because there is no SysNative folder (I made hidden files view able)

Edited by MTL86, 19 August 2010 - 05:21 PM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:02 PM

Posted 20 August 2010 - 06:35 AM

Hi,

we removed a rogue extension to firefox. This can have some effect on your browsing experience but shouldn't slow down the PC in total.

Could you please check if you can find the file in C:\windows\system32 then?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 MTL86

MTL86
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 20 August 2010 - 08:03 AM

Alright. I found it, but there are 3. They're in 3 different folders

C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8c2759a4
and
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_d2b486ea
and
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_0ae937e2

Which one should I upload?

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:02 PM

Posted 20 August 2010 - 09:17 AM

Hi,

that isn't the correct file.

Could you try typing the path C:\windows\sysnative\drivers\iastor.sys into the window at virustotal?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 MTL86

MTL86
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 20 August 2010 - 11:12 AM

I dont have an sysnative folder but i did find iastor.sys in those 3 folders

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:02 PM

Posted 20 August 2010 - 12:13 PM

Hi,

every 64bit system has a sysnative folder. Basically what used to be the system32 folder on "normal" OS had to be devided into two folders: One for 32bit and for 64bit applications. Sysnative is the folder containing the 64bit applications and SysWow64 is the folder containing 32bit applications.

When you open explorer it will show you the folder name as System32 and choose one of the two folders, the displayed name in explorer is not always the name of the actual folder.

Open Notepad and copy/paste the code box below into a new text file.
CODE
@echo off
copy C:\windows\sysnative\drivers\iastor.sys "%userprofile%\Desktop\copyiastor.bad"
  • Save the file as copy.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "copy.bat" and right click it. Select "run as administrator".
  • A file named copyiastor.bad should appear on your desktop

Let me know if that works.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 MTL86

MTL86
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 21 August 2010 - 11:44 AM

Nope, it didnt work. When i press run as administrator, it opens and closes windows command processor and the file doesn't change

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:02 PM

Posted 25 August 2010 - 06:32 AM

Hi,

ok, let's skip that then. How is the PC doing overall? Do you have a Windows CD from which we could create a live-cd?

Please also run a scan with MBRCheck:
Please download MBRCheck.exe to your desktop.
  1. Double click to run it
  2. It will prompt you with some text
  3. Left click on title bar (where program name and path is written)
  4. From menu chose Edit -> Select All
  5. Now just click Enter key on keyboard to copy selected text
  6. Now paste that text here for me.

regards myrti

Edited by myrti, 25 August 2010 - 02:11 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:02 PM

Posted 30 August 2010 - 05:12 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users