OTL logfile created on: 9/18/2010 2:32:10 AM - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Patrick Herrin\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69.52 Gb Total Space | 26.26 Gb Free Space | 37.77% Space Free | Partition Type: NTFS Drive D: | 69.52 Gb Total Space | 6.25 Gb Free Space | 8.99% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PATRICK Current User Name: Patrick Herrin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/09/18 02:29:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe PRC - [2010/09/17 14:43:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/09/16 00:14:12 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Patrick Herrin\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/08/31 23:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/05/21 20:50:34 | 001,036,464 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010/04/25 16:44:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010/03/24 16:26:02 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009/07/02 02:56:26 | 000,206,120 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2009/07/02 02:56:18 | 000,152,872 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009/05/21 15:42:28 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009/04/16 17:56:36 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008/11/28 11:56:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/07/22 20:05:18 | 000,846,344 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008/07/02 20:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/04/25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe PRC - [2008/04/25 22:36:20 | 000,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe PRC - [2008/04/25 22:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe PRC - [2008/01/20 19:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/20 19:33:00 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe PRC - [2007/12/06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\RocketDock\RocketDock.exe PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe ========== Modules (SafeList) ========== MOD - [2010/09/18 02:29:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008/01/20 19:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon) SRV - File not found [unknown | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield) SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/16 01:58:21 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/08/07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2009/04/16 17:56:36 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008/11/28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/04/25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008/04/25 22:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc) SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PATRIC~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/07/23 12:07:40 | 000,006,528 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jumi.sys -- (jumi) DRV - [2009/07/09 12:16:04 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009/05/24 07:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009/04/27 23:16:23 | 004,387,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/10/01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/08/06 19:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008/07/03 02:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/06/10 03:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/05/09 13:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008/04/28 06:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008/02/21 20:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008/01/30 02:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2008/01/30 02:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2008/01/23 04:18:28 | 001,187,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2008/01/20 19:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/20 19:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/20 19:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/20 19:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/20 19:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/20 19:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/20 19:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/20 19:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/20 19:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/20 19:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/20 19:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/20 19:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/20 19:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/20 19:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/20 19:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/20 19:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/20 19:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/20 19:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/20 19:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/20 19:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/20 19:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/20 19:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/20 19:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006/11/02 06:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515 IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515 IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "AOL Search" FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=23-05-2010&tb_mrud=17-06-2010" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.search.selectedengine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.search.usedbfororder: true FF - prefs.js..browser.startup.homepage: "http://aol.com/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 41 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:5.0 FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0 FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.0 FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=TRL&o=101840&locale=en_US&q=" FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/25 16:46:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/07/26 23:32:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/27 12:19:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 14:43:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 14:43:11 | 000,000,000 | ---D | M] [2009/08/16 22:49:04 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Extensions [2010/09/18 02:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions [2010/06/21 00:46:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/12 12:39:42 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2010/06/21 00:45:44 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2009/08/30 02:42:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/09/12 14:09:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\djziggy@gmail.com [2010/06/27 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\nasanightlaunch@example.com [2010/09/12 14:09:57 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\personas@christopher.beard [2010/06/17 15:20:01 | 000,002,343 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\aol-search.xml [2009/08/27 22:40:06 | 000,002,235 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\askcom.xml [2010/08/10 16:50:54 | 000,001,820 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\bing.xml [2010/08/10 16:51:10 | 000,004,140 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\youtube.xml [2010/09/16 00:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/09/16 00:30:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/09/16 00:29:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: ([2010/09/15 13:49:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe () O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [bkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001..\Run: [RocketDock] C:\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\5.0_( File not found O4 - Startup: C:\Users\Patrick Herrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Patrick Herrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Patrick Herrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/18 02:29:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe [2010/09/18 02:04:14 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Users\Patrick Herrin\Desktop\spywareblastersetup44.exe [2010/09/18 01:12:07 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010/09/18 01:12:06 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2010/09/18 01:12:04 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010/09/18 01:12:02 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010/09/18 01:11:58 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010/09/18 01:11:28 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2010/09/18 01:11:26 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2010/09/18 01:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010/09/18 01:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010/09/18 00:14:15 | 000,000,000 | --SD | C] -- C:\ComboFix [2010/09/16 00:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/09/15 13:55:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/09/15 13:55:26 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010/09/15 13:30:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/09/13 00:04:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Patrick Herrin\Desktop\HiJackThis.exe [2010/09/06 10:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/09/06 10:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/09/06 10:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/09/02 16:01:23 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Local\Sunbelt Software [2010/07/26 23:46:50 | 000,000,000 | ---D | C] -- D:\Patrick Herrin\PJH\Documents\Documents\Vuze Downloads [2010/07/26 23:46:25 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Roaming\Azureus [2010/07/26 23:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/07/26 23:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar [2010/07/26 23:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze [2010/07/26 23:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer [2010/06/30 02:57:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Local\Nero_AG [2010/06/26 19:45:27 | 000,000,000 | ---D | C] -- D:\Patrick Herrin\PJH\Documents\Documents\InterVideo [2010/06/26 00:45:59 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Local\jipnaowlk [2010/06/23 09:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/06/21 21:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2008/12/04 04:08:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 90 Days ========== [2010/09/18 02:37:55 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{46A271C2-53C3-4C33-B354-020D415A3E42}.job [2010/09/18 02:32:10 | 004,456,448 | -HS- | M] () -- C:\Users\Patrick Herrin\NTUSER.DAT [2010/09/18 02:29:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe [2010/09/18 02:04:57 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Users\Patrick Herrin\Desktop\spywareblastersetup44.exe [2010/09/18 01:50:12 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2010/09/18 01:47:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/18 01:47:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/18 01:47:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/18 01:47:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/18 01:47:36 | 1876,934,656 | -HS- | M] () -- C:\hiberfil.sys [2010/09/18 01:46:16 | 000,524,288 | -HS- | M] () -- C:\Users\Patrick Herrin\NTUSER.DAT{5c8bb18e-1413-11df-86e8-001eecdc1f81}.TMContainer00000000000000000001.regtrans-ms [2010/09/18 01:46:16 | 000,065,536 | -HS- | M] () -- C:\Users\Patrick Herrin\NTUSER.DAT{5c8bb18e-1413-11df-86e8-001eecdc1f81}.TM.blf [2010/09/18 01:46:13 | 002,752,105 | -H-- | M] () -- C:\Users\Patrick Herrin\AppData\Local\IconCache.db [2010/09/18 01:12:08 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010/09/18 01:11:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010/09/18 00:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\prvlcl.dat [2010/09/17 04:25:03 | 002,672,312 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\esetsmartinstaller_enu.exe [2010/09/15 13:49:50 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/09/15 13:49:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/09/13 00:00:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Patrick Herrin\Desktop\HiJackThis.exe [2010/09/12 23:59:27 | 000,001,356 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\d3d9caps.dat [2010/09/12 11:23:32 | 000,001,730 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\DivX Movies.lnk [2010/09/12 11:22:59 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2010/09/07 08:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010/09/06 10:26:56 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2010/09/06 10:26:56 | 000,001,854 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2010/09/06 10:24:01 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/09/06 10:18:10 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/09/04 19:28:40 | 000,077,824 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/01 01:29:39 | 000,721,582 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/09/01 01:29:39 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/09/01 01:29:39 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/08/23 19:18:08 | 000,197,740 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2010/08/22 09:22:46 | 1099,608,729 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\sooml - Wisevid.wmv [2010/08/16 21:07:10 | 010,711,337 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\redsn0w_win_0.9.5b5-5(2).zip [2010/08/16 18:11:55 | 000,001,637 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk [2010/08/16 18:11:55 | 000,001,637 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk [2010/08/11 03:44:48 | 000,409,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/07/26 23:18:37 | 000,001,034 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\FrostWire 4.18.6.lnk [2010/07/01 03:14:06 | 283,519,753 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\dl1 Loombo - Easy way to share your files.m4v [2010/06/29 10:03:30 | 348,632,765 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\The-A-T3am-20.10-T.S-V.2-RDNFO-XViD-IM.G.m4v [2010/06/26 00:47:22 | 000,000,000 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\Bheqaho.bin [2010/06/26 00:47:21 | 000,000,120 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\Kpisi.dat [2010/06/24 16:25:13 | 528,052,694 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\fastpasstv.com kk2 - Wisevid.m4v [2010/06/24 13:25:35 | 000,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini [2010/06/21 21:44:39 | 000,001,854 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\Apple Safari.lnk [2010/06/21 15:40:50 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010/06/21 01:53:18 | 000,000,822 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/06/21 01:52:48 | 000,000,104 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk [2010/06/21 01:19:00 | 000,001,906 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk ========== Files Created - No Company Name ========== [2010/09/18 01:12:08 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010/09/17 04:24:58 | 002,672,312 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\esetsmartinstaller_enu.exe [2010/09/12 11:22:59 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010/09/06 10:26:56 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2010/09/06 10:26:56 | 000,001,854 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2010/09/06 10:24:01 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/09/06 10:18:10 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/09/05 00:19:56 | 1876,934,656 | -HS- | C] () -- C:\hiberfil.sys [2010/08/22 01:11:21 | 1099,608,729 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\sooml - Wisevid.wmv [2010/08/16 21:07:32 | 010,711,337 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\redsn0w_win_0.9.5b5-5(2).zip [2010/07/26 23:31:28 | 000,001,637 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk [2010/07/26 23:31:28 | 000,001,637 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk [2010/07/26 23:18:37 | 000,001,034 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\FrostWire 4.18.6.lnk [2010/07/10 14:39:54 | 000,001,730 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\DivX Movies.lnk [2010/06/30 23:45:54 | 283,519,753 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\dl1 Loombo - Easy way to share your files.m4v [2010/06/29 08:12:03 | 348,632,765 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\The-A-T3am-20.10-T.S-V.2-RDNFO-XViD-IM.G.m4v [2010/06/26 00:47:22 | 000,000,000 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\Bheqaho.bin [2010/06/26 00:47:21 | 000,000,120 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\Kpisi.dat [2010/06/24 14:31:03 | 528,052,694 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\fastpasstv.com kk2 - Wisevid.m4v [2010/06/24 13:25:35 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2010/06/21 21:44:39 | 000,001,854 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\Apple Safari.lnk [2010/06/21 01:53:18 | 000,000,822 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/06/21 01:52:48 | 000,000,104 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk [2010/05/24 23:46:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010/05/24 20:06:21 | 000,000,000 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Roaming\.NANotifyHere [2010/03/10 18:16:44 | 000,033,812 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2010/03/02 01:01:14 | 000,000,448 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Roaming\wklnhst.dat [2010/02/17 00:53:35 | 000,000,036 | ---- | C] () -- C:\Windows\intbook.ini [2010/02/10 23:35:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\viscomtran.dll [2010/02/10 23:35:46 | 006,963,712 | ---- | C] () -- C:\Windows\System32\videotrans.dll [2010/02/10 23:35:46 | 000,172,032 | ---- | C] () -- C:\Windows\System32\viscomgifenc.dll [2010/02/10 23:35:45 | 000,452,608 | ---- | C] () -- C:\Windows\System32\videoformat.dll [2010/02/10 23:35:45 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010/02/10 23:35:45 | 000,154,624 | ---- | C] () -- C:\Windows\System32\imgscaler.dll [2010/02/10 23:35:45 | 000,028,160 | ---- | C] () -- C:\Windows\System32\img_utils.dll [2010/02/10 23:35:45 | 000,019,456 | ---- | C] () -- C:\Windows\System32\videocore.dll [2009/12/09 02:15:33 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2009/12/09 02:15:33 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2009/12/09 02:15:33 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2009/12/09 02:15:33 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2009/12/09 02:15:33 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2009/12/09 02:15:33 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2009/11/12 21:57:46 | 000,000,000 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\prvlcl.dat [2009/09/21 16:05:23 | 000,000,413 | ---- | C] () -- C:\Windows\wininit.ini [2009/09/18 00:57:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/13 16:44:14 | 000,323,584 | ---- | C] () -- C:\Windows\System32\FoxImager.dll [2009/08/23 00:20:45 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009/08/23 00:20:40 | 000,139,152 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Roaming\PnkBstrK.sys [2009/08/18 02:06:14 | 000,000,000 | ---- | C] () -- C:\Windows\WB.ini [2009/08/18 01:56:46 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll [2009/08/17 06:12:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/08/17 00:31:02 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys [2009/08/17 00:01:32 | 000,077,824 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/16 23:52:33 | 000,001,356 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\d3d9caps.dat [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2008/12/24 06:26:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008/12/04 06:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008/12/04 06:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008/12/04 05:31:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008/12/04 04:05:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/12/04 04:05:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008/12/04 05:57:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2008/12/04 05:57:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2009/08/29 22:22:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\acccore [2009/08/16 22:33:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Acer [2008/12/04 05:57:50 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Acer GameZone Console [2010/02/28 19:14:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\AnvSoft [2010/09/02 22:26:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Azureus [2010/03/08 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\com.princess.iq.PrincessWidget.95CF48669C469715948E799FD5617DB57BF9FCEB.1 [2010/06/03 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\DVDFab [2010/09/13 00:10:05 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\FrostWire [2009/08/19 22:06:31 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\GrabPro [2009/10/25 23:29:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\gtk-2.0 [2009/09/19 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\ImgBurn [2009/08/18 00:38:56 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\InterVideo [2009/08/16 22:33:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Leadertech [2010/03/31 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\MoveFab [2010/06/29 21:39:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Orbit [2010/04/18 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\PowerCinema [2009/11/11 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Red Kawa [2010/04/18 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\SoftDMA [2009/09/12 14:26:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Sony [2009/09/12 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Sony Setup [2010/03/02 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Template [2009/08/27 21:48:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Trillian [2009/12/09 07:28:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Ulead Systems [2009/08/18 21:10:29 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Windows SideBar [2010/09/18 01:46:36 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/09/18 02:37:55 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{46A271C2-53C3-4C33-B354-020D415A3E42}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Patrick Herrin\Desktop\WDzlwQ6Qd_s.mp4:TOC.WMV @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:73933431 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F3176E45 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57 < End of report > OTL Extras logfile created on: 9/18/2010 2:32:10 AM - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Patrick Herrin\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69.52 Gb Total Space | 26.26 Gb Free Space | 37.77% Space Free | Partition Type: NTFS Drive D: | 69.52 Gb Total Space | 6.25 Gb Free Space | 8.99% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PATRICK Current User Name: Patrick Herrin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1043F0E3-1AAA-42DA-B2DA-D6585AB3AC9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1620F684-5A25-4F98-B38D-E84F153FC519}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1DCE397A-F897-4FAA-BB47-231986459F3F}" = rport=137 | protocol=17 | dir=out | app=system | "{218E6B50-7F51-4106-91FF-3E9F1337FDC9}" = lport=138 | protocol=17 | dir=in | app=system | "{26EB0733-8B6D-4C1F-B5C4-62C757ECA50F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3274D37E-68AA-4661-99DE-1B0CCC548CB6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{332CF584-49F5-42BE-9E58-13D74D76D556}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4D2E9334-1940-4D5A-BC94-F8C57E0E6FDD}" = rport=138 | protocol=17 | dir=out | app=system | "{543D6B79-ABCA-41E2-A280-5ED63007FA79}" = lport=10243 | protocol=6 | dir=in | app=system | "{5E8359C2-E0FD-49F3-AD0E-4B6902DBBE2A}" = lport=2869 | protocol=6 | dir=in | app=system | "{5F851439-9D1B-40A1-BAD4-24073468E601}" = rport=2869 | protocol=6 | dir=out | app=system | "{5FFC43F9-5D3B-43C8-B75F-702F6125B8FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6F56DD82-5371-43E0-A346-27C10F464144}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{71B9108C-4F01-4AC5-BD9D-17684176185A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{74EE15F4-312C-49A0-83DB-409A4F021E1E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{78C61C19-5096-4656-A623-D4B15A934B27}" = rport=10243 | protocol=6 | dir=out | app=system | "{798930AE-7E91-4063-90D4-031367EC2019}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{80C47E3D-44C9-43A0-85C7-B87EA1DB9683}" = lport=2869 | protocol=6 | dir=in | app=system | "{9655C8C4-31FC-4112-9F16-4756E2259541}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{96977E37-3F28-41B7-9103-873087784C89}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp | "{A1DF2D04-C38F-4DA8-B683-70C1616528AA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B116786B-6C6C-4EFD-AB4E-2E4A5E7EF9C7}" = rport=445 | protocol=6 | dir=out | app=system | "{B8DA82B6-EEBA-4173-BE46-D0AC2008787C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{BEEA31A5-B649-4298-845E-F5AE33A9DA81}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{BF2A3145-C311-4344-AEEC-3BAC69BD51C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C0DF4D31-E6BF-4F3F-9F99-B4FB290C5A39}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CAD06C80-CA7A-4A35-A7FB-D27AB7656496}" = lport=1900 | protocol=17 | dir=in | name=upnp udp | "{D3BA1DF8-C92B-48D4-832D-2BD9C3E41B2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D4376A4E-8756-4220-B2E2-378659F19B18}" = lport=137 | protocol=17 | dir=in | app=system | "{E2C28B74-5155-4A0C-B29E-01EA8B1EA1B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E67DEBEF-7C12-4662-AFF5-173002C44773}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EB1F8B5A-66EE-4C1A-9145-C8FE9B5A409C}" = lport=139 | protocol=6 | dir=in | app=system | "{EEB37157-A5C9-40CD-89DA-92880AFF5AC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F5D85885-CCD0-4D43-B1DF-446C5E380AD3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F944BBC0-82A0-452C-98C3-F54315F167E7}" = rport=139 | protocol=6 | dir=out | app=system | "{F9CDB39D-A2C2-4629-99F0-B3BF86B623A2}" = lport=445 | protocol=6 | dir=in | app=system | "{FA8009B1-B9DE-4936-A5FB-D1DA3B55F212}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FEBCFA8E-A403-4399-8A68-5D5AFC325430}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FFF1B8E1-2EE6-4F3F-952D-9888334A0323}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C87EB4-C531-4F7C-915C-8A0ECCE0C7AC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{00DC681A-E704-4F48-93F2-FDCE845BF719}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{052BD8F1-F177-4AD2-9959-0593ABCA1DC5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{088E0001-94D6-4FD7-9604-4208FC14A663}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0DDE240D-FD2A-4050-AB17-AF76C247A3BE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{0EE6677A-C09E-4D87-A8DF-5B39A5559547}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{11459447-F894-4202-91DF-26BB42ACAF80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{15448FD1-4112-440F-BD33-CBAE27D44CD4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{1D081517-7753-4926-911A-9EDEC1876A96}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1F5347ED-0B6B-40B8-9BD1-CEC738F79CF5}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{259F1611-C159-42C3-AFAF-5539853B7035}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{26F61970-1CCA-4197-9211-E504DB4A0AB8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{270AC6A2-19A3-42DA-98DF-8EDB03ECA208}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{2C5D5D06-2AB5-4895-A08E-C608C68B37AD}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | "{35E6E897-A87F-4BB9-B26B-49E0B013EFFA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{37F68C72-8FCD-44A5-A98A-4FEF1A67C80E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{3AA33A1D-968E-4846-B0B8-3CF7923BEDE1}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{3B460496-22A0-4AD8-9798-16CD1F3A1CA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3C8A0D93-E900-4D38-8132-E4E6FD4A26B7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{3FF653B0-7F15-4799-82C8-62DE106E46A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4464DF46-EC96-4B63-BA34-B5BCDCC80F6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{463446BC-760A-4F21-AF9D-106A8224C499}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{4B3B2BCB-7BFF-43C7-A890-1C8203BD91E7}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{4D319BCE-60DB-40DE-85B7-24DF6AC31545}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{54CB8C16-876F-4A38-86BD-0E6441BCF7D1}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "{5533EFBD-587E-4F6D-8CB1-9F6108E273C2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{555DF32B-7DF6-4542-B3B0-1F33C08293EC}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{58E4146A-2CEA-480C-A424-9F495178F5D8}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | "{5A6A4999-D213-474E-9218-2C40DB4A4009}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{5F0373D1-0B58-4143-8FC0-F1FB89833CEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5F5E6067-EC42-4CF3-8A31-2D153A4B80E5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{643348C5-4BE4-439B-800A-8E9C4BEE8919}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{6B2AEAE6-D7AB-4381-B8CE-AD29C9B4794B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "{710D6FC9-F1BB-40AB-9C09-402E83BB9CDE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{85365ACB-7FD4-4544-A6D6-AC1A08B13411}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{88995018-655D-4F12-9A3C-A4D3CEC138A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8CD3C7EF-7997-48A6-B7CB-3A05F1BF523E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | "{8E039347-8505-40B1-BF76-4459F12D5CB0}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{8FDA9A2C-2248-4307-897A-BA3945AA5A51}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{93986BAE-5214-46DC-B318-141D2814B512}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9611B2E7-4FCC-4D86-9A4F-7CBEBE63251D}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{966FC503-2E9B-4BF2-B96D-B5FB9764537F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{96DCE441-48DA-46F8-A50D-F3E8526A6451}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{9B999CAB-9B69-480A-88C7-A32AEC02450D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A5E4B390-B254-4B6C-BEF3-B6C805B538B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A623743B-C199-46BB-8BAB-819F77AB6FA2}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | "{A8E76D32-584D-446C-89E1-D4AFB9BD085F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{AC063BA3-6E23-47C7-AF22-6201BCE615DF}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{ACA0A148-E6CE-4211-896A-0476E8E1A8AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ACCCB9E1-DF74-4EE2-BAE6-DFFBD1B167D9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{ADA05955-320F-4011-A2B4-CEDAA59F7CD6}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{AE03AEFD-B5DC-418B-BB03-A9FBA641910B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{AF8040E2-6E1D-4296-9A48-5D1FE609F06A}" = protocol=6 | dir=out | app=system | "{B55F5FD5-B75E-4E96-9998-73BA3341777A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B9653C15-6577-483B-B984-5B2C56C676E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B9DB83E8-BE85-49DA-8AC9-04EE0D03CBA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "{BCD0E400-F7B2-4256-8286-8CC72416597F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{BFD300EF-5968-4676-90D1-96C4F23717A1}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{C16EDDE8-2E8A-4EB3-97C8-280F27891993}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C5841561-FAC2-4A78-9199-79923BC7CB1A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{CFE4FE28-3EC5-4FA2-A6E5-C916CD1B584C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{D2C739B6-32EB-4EEC-AAA9-C4B1674F10ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D64DAAC3-3615-46D7-9676-E10679B9500C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{E0F7EF6D-E0CD-4C5B-895B-4FFA2C43A6E3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E81B51CE-7255-4F43-BE8C-508550BCE5E7}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{EB4E1068-DDFD-448C-97A2-E4C7B3193F2B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{ED5EB088-E2F1-4D36-B1E3-EDA64435286F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F382DC56-CB12-40D5-85C1-7E5BB898A58F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{F3EAA1B4-2C61-44F4-8553-B3DAAD0612B0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{F628CBBA-28B4-4B1E-BDC1-D9C827CE737D}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | "{F984F0E4-CDF0-4853-A15B-CBCA460DDE27}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{FD9E1166-A7C1-4F71-839C-C22D2094F9CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{3B492FDC-0BB5-4849-93B8-2FFC073CC7A9}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | "TCP Query User{AD594DCA-98CB-408C-848C-6836560EEFF0}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "UDP Query User{2B8495D7-51FE-4E6F-8332-AD5A1041C8C4}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "UDP Query User{DAAAF596-A305-4074-8C04-FD00EF501DDC}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0201E035-0F3A-A52B-75C2-C7A817727230}" = CCC Help Italian "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04FDAB5C-986B-7620-3F4F-E5D37F6781E8}" = Catalyst Control Center Localization All "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{1253FE37-2CFA-DDE1-720C-6B9A66605488}" = CCC Help Chinese Traditional "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C51A88E-25D6-AABF-8650-2BAF8336D252}" = CCC Help French "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{2147935B-08C4-BAA2-2FF3-6B8D76FF33C2}" = ATI Catalyst Install Manager "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari "{2F2762EA-D746-5BE3-D612-D2654C943092}" = CCC Help Spanish "{32594C87-E709-7059-2781-2DC3E6AC16BE}" = ccc-utility "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes "{374369F3-A806-6A98-0D60-B22919C15224}" = Catalyst Control Center Graphics Full Existing "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{47A65A53-398C-6FBF-D83A-5BA08C17E553}" = CCC Help Hungarian "{4886820B-C9A2-5F6A-D61E-D697F45D2013}" = CCC Help German "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE19B82-39C9-7601-F6E7-B87D0B6833EC}" = Skins "{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor "{4E915575-2CCA-51C0-33CA-FC8E26C1ABD2}" = CCC Help Russian "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{5E209153-9900-C0A1-D477-5DE3A334377D}" = ccc-core-static "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM) "{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel "{630F1852-FDBC-B67A-ED81-F830A0495747}" = CCC Help Japanese "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{63AF7D26-CC24-0E6D-5C0A-2962EAA54497}" = Catalyst Control Center Graphics Full New "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76393D91-5999-A401-F721-6DDA1389EA0B}" = CCC Help Dutch "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77A7A4C5-31DC-B1FB-02EA-927E3D044186}" = CCC Help Finnish "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{823BFDA3-EE5B-C016-0242-23FC567D66DF}" = Catalyst Control Center Graphics Previews Common "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}" = Putt Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}" = Mythic Mahjong "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8650B9AB-1E2E-4DA4-BD0C-DBE8720D7C2E}" = CCC Help Swedish "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C8A0B95-8350-D8A1-3354-4BDC00B27EC6}" = Catalyst Control Center Core Implementation "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8F8D951A-AD96-B410-8330-F988806E68EA}" = CCC Help Danish "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B35344F-7FA4-B6BA-E64B-930A5BDB9585}" = Catalyst Control Center InstallProxy "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{A2A3AA46-9625-354A-82A2-1E6DF7D52D86}" = CCC Help Turkish "{AC37FE78-545F-E92C-3A9C-6E68DB42140B}" = CCC Help Czech "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AF15A0FC-F5F2-E46A-6837-2B8C5B883109}" = CCC Help Korean "{AFB16B59-3872-3B48-EDD8-B16A8B3BDD0E}" = Catalyst Control Center Graphics Previews Vista "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager "{BA4A3C12-3A9F-C85A-E544-C89428A271D5}" = CCC Help Portuguese "{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner "{BFEE4C93-E490-26FC-D16B-C789F63D33C0}" = CCC Help English "{C0EE4F3C-098F-940C-E5C1-736E7A943CE1}" = CCC Help Chinese Standard "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C31A92DA-E488-A3BC-A694-074A8803527F}" = CCC Help Norwegian "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D34F8493-F267-590E-18E6-E1A468642591}" = Catalyst Control Center InstallProxy "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D439E799-2D99-52DC-F3CF-0501086348D5}" = Catalyst Control Center Graphics Light "{D8F448FA-4AE0-EB3A-599F-C345A37799A0}" = CCC Help Polish "{D9D5FE8B-7A8A-789A-8FF6-21288086F7A3}" = CCC Help Greek "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E91E8912-769D-42F0-8408-0E329443BABC}" = Hawking Technologies HWUG1 Wireless-G USB Adapter "{E9DD7E57-6D95-F664-3B7C-CD013719F2E9}" = CCC Help Thai "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F435F919-9787-832A-FBFE-DBCEC6B8C62C}" = Catalyst Control Center HydraVision Full "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F87F2E18-4720-4F97-B3E5-E930D649D92B}" = Mobile Mouse Server "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "8461-7759-5462-8226" = Vuze "Acer Assist" = Acer Assist "Acer Registration" = Acer Registration "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AIM_7" = AIM 7 "Any Video Converter_is1" = Any Video Converter 3.0.3 "Audacity_is1" = Audacity 1.2.6 "Audioro iPod Converter" = Audioro iPod Converter 2.03 "avast5" = avast! Free Antivirus "AviSynth" = AviSynth 2.5 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Debut" = Debut Video Capture Software "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX Setup "DVDFab 6 by CATER / AHCU_is1" = DVDFab 6.0.1.0 by CATER / AHCU "ENTERPRISER" = Microsoft Office Enterprise 2007 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HyperCam 2" = HyperCam 2 "HyperCam Toolbar" = HyperCam Toolbar "ImgBurn" = ImgBurn "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12 "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1 "LManager" = Launch Manager "LogonStudio Vista" = LogonStudio Vista "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "PunkBusterSvc" = PunkBuster Services "Rainlendar2" = Rainlendar2 (remove only) "RealPlayer 12.0" = RealPlayer "SoftwareUpdUtility" = Download Updater (AOL LLC) "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4 "SynTPDeinstKey" = Synaptics Pointing Device Driver "ViewpointMediaPlayer" = Viewpoint Media Player "WinRAR archiver" = WinRAR archiver "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 7/27/2010 3:33:49 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013 Description = Error - 7/27/2010 3:42:56 AM | Computer Name = officemax-PC | Source = Bonjour Service | ID = 100 Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 7/27/2010 3:42:56 AM | Computer Name = officemax-PC | Source = Bonjour Service | ID = 100 Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 7/27/2010 6:12:52 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013 Description = Error - 7/27/2010 6:14:18 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013 Description = Error - 7/27/2010 6:22:41 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013 Description = Error - 7/27/2010 3:16:24 PM | Computer Name = officemax-PC | Source = Bonjour Service | ID = 100 Description = 380: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 7/27/2010 3:17:12 PM | Computer Name = officemax-PC | Source = EventSystem | ID = 4621 Description = Error - 7/27/2010 3:41:52 PM | Computer Name = Patrick | Source = WinMgmt | ID = 10 Description = Error - 7/27/2010 3:48:36 PM | Computer Name = Patrick | Source = BackItUp5 | ID = 5225 Description = [ System Events ] Error - 12/28/2009 8:52:08 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 8:59:15 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 9:06:22 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 9:23:29 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 9:30:36 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 9:42:43 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 9:49:50 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 10:03:19 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 10:10:26 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 10:22:26 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. < End of report >