yoitspat

Members
  • Content count

    41
  • Joined

  • Last visited

About yoitspat

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. so thats whats been infecting my other previous PCs i knew this PC was the source! i wanna wipe this thing out and reinstall the OS of this computer for a fresh slate. How do I go about doing that Elise?
  2. ComboFix 10-10-03.01 - Oscar M. Herrin 10/03/2010 16:25:05.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.680 [GMT -7:00] Running from: c:\documents and settings\Oscar M. Herrin\Desktop\ComboFix.exe AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Oscar M. Herrin\Application Data\inst.exe c:\documents and settings\Oscar M. Herrin\Local Settings\Application Data\{947FF0C5-6C2F-4EDE-A6D2-A6BE6331411A} c:\documents and settings\Oscar M. Herrin\Local Settings\Application Data\{947FF0C5-6C2F-4EDE-A6D2-A6BE6331411A}\chrome.manifest c:\documents and settings\Oscar M. Herrin\Local Settings\Application Data\{947FF0C5-6C2F-4EDE-A6D2-A6BE6331411A}\chrome\content\_cfg.js c:\documents and settings\Oscar M. Herrin\Local Settings\Application Data\{947FF0C5-6C2F-4EDE-A6D2-A6BE6331411A}\chrome\content\overlay.xul c:\documents and settings\Oscar M. Herrin\Local Settings\Application Data\{947FF0C5-6C2F-4EDE-A6D2-A6BE6331411A}\install.rdf c:\windows\izohugewuxiqeni.dll c:\windows\uhewunozabulamuf.dll c:\windows\ujurijaf.dll Infected copy of c:\windows\system32\drivers\i2omp.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE ((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-01 04:04 . 2010-08-19 21:35 -------- d-----w- c:\documents and settings\Oscar M. Herrin\Application Data\Azureus 2010-08-19 21:37 . 2010-08-19 21:37 310208 ----a-w- c:\documents and settings\Oscar M. Herrin\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe 2010-08-19 21:32 . 2010-08-19 21:32 -------- d-----w- c:\program files\Vuze 2010-08-05 19:15 . 2010-08-05 19:15 173 ----a-w- c:\program files\drv_64955781.bat 2010-07-31 07:47 . 2010-07-14 16:18 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-21 23:30 . 2010-07-21 23:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-07-16 18:47 . 2010-07-16 18:47 0 ----a-w- c:\windows\nsreg.dat 2010-07-15 20:32 . 2010-07-14 06:16 120 ----a-w- c:\windows\Kbire.dat 2010-07-15 07:20 . 2010-07-14 06:16 0 ----a-w- c:\windows\Wwowuvebuqa.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\Oscar M. Herrin\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-02 24064] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] c:\documents and settings\Oscar M. Herrin\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Oscar M. Herrin\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\WINDOWS\\system32\\igfxsrvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1353:UDP"= 1353:UDP:Windows Media Format SDK (iexplore.exe) "1352:UDP"= 1352:UDP:Windows Media Format SDK (iexplore.exe) R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [4/18/2010 7:31 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [4/18/2010 7:31 PM 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [4/18/2010 7:30 PM 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [9/27/2009 7:41 PM 329080] R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [4/10/2006 1:15 PM 309829] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [4/18/2010 7:30 PM 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/8/2009 3:08 PM 102448] R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [4/10/2006 1:13 PM 18432] R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\NgVpn.sys [4/10/2006 1:14 PM 68096] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/2/2008 10:07 AM 24064] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11/2/2008 10:12 AM 96856] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [7/29/2010 2:33 PM 18432] S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [4/10/2006 1:14 PM 15360] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [4/19/2007 11:09 AM 99200] S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [7/29/2010 2:42 PM 9472] S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [7/29/2010 2:43 PM 27904] . Contents of the 'Scheduled Tasks' folder 2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyServer = http=127.0.0.1:6522 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Oscar M. Herrin\Application Data\Mozilla\Firefox\Profiles\1qgbhu5t.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 5643 FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - component: c:\documents and settings\Oscar M. Herrin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-DW6 - (no file) HKCU-Run-Qdisitu - c:\windows\entrv3u.dll HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(412) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\program files\iPod\bin\iPodService.exe c:\docume~1\OSCARM~1.HER\LOCALS~1\Temp\RtkBtMnt.exe c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE . ************************************************************************** . Completion time: 2010-10-03 16:40:22 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-03 23:40 Pre-Run: 86,551,011,328 bytes free Post-Run: 87,497,678,848 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 47DE2B11F77D70AA7E28F8620DA09A54
  3. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-29.01) ==== Disk Partitions ========================= ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Acer Crystal Eye webcam Acer ScreenSaver Acrobat.com Ad-Aware SE Personal Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 9 Adobe Stock Photos 1.0 AIM 7 Apple Application Support Apple Mobile Device Support Apple Software Update Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program Aventail Connect Bonjour CloneDVD2 Critical Update for Windows Media Player 11 (KB959772) Download Updater (AOL LLC) DVDFab Platinum 4.0.5.0 by Dr.Pc Putte - Team RES Google Desktop Google Toolbar for Internet Explorer Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Intel® Graphics Media Accelerator Driver InterVideo Register Manager InterVideo WinDVD iTunes Java 6 Update 17 JMicron JMB38X Flash Media Controller Launch Manager Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Math Add-in for Word 2007 Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works Mobile Broadband Drivers Mozilla Firefox (3.6.10) MSN MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton AntiVirus QuickTime REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB980376) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB982135) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) SixaxisDriver 0.91 Skype Toolbars Skype
  4. Elise and Maurice Naggar helped me clean my two PCs with the same problem. This PC im using right now has the following symptoms: - redirected searches - most likely source of why my PCs got infected - rarely redirects on regular searches just when searching for antimalware websites - mom downloaded invitational cards that ended up being over 100 viruses until i cleaned it up by safe mode mbam scan. (she's totally clueless about the internet and its potential dangers fromdownloading) here's a HJT log. ill post a DDS/GMER the next posts. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:27:07 PM, on 9/29/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ngvpnmgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\igfxext.exe C:\DOCUME~1\OSCARM~1.HER\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Oscar M. Herrin\My Documents\Downloads\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\OSCARM~1.HER\LOCALS~1\Temp\Xerox\EReg\opbreg.exe" /Startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Oscar M. Herrin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Qdisitu] rundll32.exe "C:\WINDOWS\entrv3u.dll",Startup O4 - HKUS\S-1-5-21-2029839178-3509207867-3579523219-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2029839178-3509207867-3579523219-1006\..\Run: [cdloader] "C:\Documents and Settings\Oscar M. Herrin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User '?') O4 - HKUS\S-1-5-21-2029839178-3509207867-3579523219-1006\..\Run: [DW6] (User '?') O4 - HKUS\S-1-5-21-2029839178-3509207867-3579523219-1006\..\Run: [Qdisitu] rundll32.exe "C:\WINDOWS\entrv3u.dll",Startup (User '?') O4 - S-1-5-21-2029839178-3509207867-3579523219-1006 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://ra.publicstorage.com/postauthI/epi.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- End of file - 10140 bytes
  5. that is all thanks elise !
  6. in your opinion, which firewall is best? is it ok to have both spybot and adaware?
  7. k elise is that all? my PC seems fine now. in your opinion, which firewall is best? is it ok to have both spybot and adaware? thanks for all your help elise. here's one last hjt log to see if there is anything that needs to be still fixed. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:42:04 PM, on 9/20/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\RocketDock\RocketDock.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Users\PATRIC~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Patrick Herrin\Desktop\HiJackThis.exe C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Windows\system32\msfeedssync.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKCU\..\Run: [RocketDock] "C:\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.5)_Gecko/20091102_Firefox/3.5.5_(.NET_CLR_3.5.30729)" -"http://college.cengage.com/history/us/kennedy/am_pageant/12e/students/flashcards/dswmedia/ch16.html" O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing) O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 11522 bytes
  8. elise i dont have an application/program called Ulead?
  9. sry forgot to include in last post.
  10. here's what it looks like
  11. elise i still got it once it rebooted im going to take a screenshot of what the dialog box looks like. All processes killed ========== OTL ========== HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Patrick Herrin ->Temp folder emptied: 17415885 bytes ->Temporary Internet Files folder emptied: 17062451 bytes ->Java cache emptied: 74358818 bytes ->FireFox cache emptied: 64590296 bytes ->Apple Safari cache emptied: 1392640 bytes ->Flash cache emptied: 228364 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9250 bytes RecycleBin emptied: 57913661 bytes Total Files Cleaned = 222.00 mb OTL by OldTimer - Version 3.2.12.1 log created on 09182010_133422 Files\Folders moved on Reboot... C:\Users\Patrick Herrin\AppData\Local\Temp\VGX7CCD.tmp moved successfully. File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
  12. OTL logfile created on: 9/18/2010 2:32:10 AM - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Patrick Herrin\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69.52 Gb Total Space | 26.26 Gb Free Space | 37.77% Space Free | Partition Type: NTFS Drive D: | 69.52 Gb Total Space | 6.25 Gb Free Space | 8.99% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PATRICK Current User Name: Patrick Herrin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/09/18 02:29:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe PRC - [2010/09/17 14:43:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/09/16 00:14:12 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Patrick Herrin\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/08/31 23:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/05/21 20:50:34 | 001,036,464 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010/04/25 16:44:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010/03/24 16:26:02 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009/07/02 02:56:26 | 000,206,120 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2009/07/02 02:56:18 | 000,152,872 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009/05/21 15:42:28 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009/04/16 17:56:36 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008/11/28 11:56:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/07/22 20:05:18 | 000,846,344 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008/07/02 20:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/04/25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe PRC - [2008/04/25 22:36:20 | 000,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe PRC - [2008/04/25 22:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe PRC - [2008/01/20 19:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/20 19:33:00 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe PRC - [2007/12/06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\RocketDock\RocketDock.exe PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe ========== Modules (SafeList) ========== MOD - [2010/09/18 02:29:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008/01/20 19:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon) SRV - File not found [unknown | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield) SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/16 01:58:21 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/08/07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2009/04/16 17:56:36 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008/11/28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/04/25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008/04/25 22:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc) SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PATRIC~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/07/23 12:07:40 | 000,006,528 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jumi.sys -- (jumi) DRV - [2009/07/09 12:16:04 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009/05/24 07:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009/04/27 23:16:23 | 004,387,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/10/01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/08/06 19:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008/07/03 02:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/06/10 03:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/05/09 13:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008/04/28 06:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008/02/21 20:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008/01/30 02:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2008/01/30 02:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2008/01/23 04:18:28 | 001,187,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2008/01/20 19:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/20 19:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/20 19:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/20 19:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/20 19:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/20 19:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/20 19:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/20 19:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/20 19:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/20 19:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/20 19:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/20 19:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/20 19:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/20 19:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/20 19:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/20 19:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/20 19:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/20 19:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/20 19:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/20 19:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/20 19:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/20 19:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/20 19:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006/11/02 06:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515 IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515 IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "AOL Search" FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=23-05-2010&tb_mrud=17-06-2010" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.search.selectedengine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.search.usedbfororder: true FF - prefs.js..browser.startup.homepage: "http://aol.com/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 41 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:5.0 FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0 FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.0 FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=TRL&o=101840&locale=en_US&q=" FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/25 16:46:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/07/26 23:32:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/27 12:19:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 14:43:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 14:43:11 | 000,000,000 | ---D | M] [2009/08/16 22:49:04 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Extensions [2010/09/18 02:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions [2010/06/21 00:46:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/12 12:39:42 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2010/06/21 00:45:44 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2009/08/30 02:42:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/09/12 14:09:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\djziggy@gmail.com [2010/06/27 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\nasanightlaunch@example.com [2010/09/12 14:09:57 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\personas@christopher.beard [2010/06/17 15:20:01 | 000,002,343 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\aol-search.xml [2009/08/27 22:40:06 | 000,002,235 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\askcom.xml [2010/08/10 16:50:54 | 000,001,820 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\bing.xml [2010/08/10 16:51:10 | 000,004,140 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\youtube.xml [2010/09/16 00:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/09/16 00:30:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/09/16 00:29:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: ([2010/09/15 13:49:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe () O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [bkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001..\Run: [RocketDock] C:\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\5.0_( File not found O4 - Startup: C:\Users\Patrick Herrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Patrick Herrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Patrick Herrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/18 02:29:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe [2010/09/18 02:04:14 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Users\Patrick Herrin\Desktop\spywareblastersetup44.exe [2010/09/18 01:12:07 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010/09/18 01:12:06 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2010/09/18 01:12:04 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010/09/18 01:12:02 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010/09/18 01:11:58 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010/09/18 01:11:28 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2010/09/18 01:11:26 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2010/09/18 01:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010/09/18 01:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010/09/18 00:14:15 | 000,000,000 | --SD | C] -- C:\ComboFix [2010/09/16 00:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/09/15 13:55:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/09/15 13:55:26 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010/09/15 13:30:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/09/13 00:04:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Patrick Herrin\Desktop\HiJackThis.exe [2010/09/06 10:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/09/06 10:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/09/06 10:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/09/02 16:01:23 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Local\Sunbelt Software [2010/07/26 23:46:50 | 000,000,000 | ---D | C] -- D:\Patrick Herrin\PJH\Documents\Documents\Vuze Downloads [2010/07/26 23:46:25 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Roaming\Azureus [2010/07/26 23:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/07/26 23:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar [2010/07/26 23:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze [2010/07/26 23:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer [2010/06/30 02:57:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Local\Nero_AG [2010/06/26 19:45:27 | 000,000,000 | ---D | C] -- D:\Patrick Herrin\PJH\Documents\Documents\InterVideo [2010/06/26 00:45:59 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Local\jipnaowlk [2010/06/23 09:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/06/21 21:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2008/12/04 04:08:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 90 Days ========== [2010/09/18 02:37:55 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{46A271C2-53C3-4C33-B354-020D415A3E42}.job [2010/09/18 02:32:10 | 004,456,448 | -HS- | M] () -- C:\Users\Patrick Herrin\NTUSER.DAT [2010/09/18 02:29:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe [2010/09/18 02:04:57 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Users\Patrick Herrin\Desktop\spywareblastersetup44.exe [2010/09/18 01:50:12 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2010/09/18 01:47:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/18 01:47:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/18 01:47:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/18 01:47:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/18 01:47:36 | 1876,934,656 | -HS- | M] () -- C:\hiberfil.sys [2010/09/18 01:46:16 | 000,524,288 | -HS- | M] () -- C:\Users\Patrick Herrin\NTUSER.DAT{5c8bb18e-1413-11df-86e8-001eecdc1f81}.TMContainer00000000000000000001.regtrans-ms [2010/09/18 01:46:16 | 000,065,536 | -HS- | M] () -- C:\Users\Patrick Herrin\NTUSER.DAT{5c8bb18e-1413-11df-86e8-001eecdc1f81}.TM.blf [2010/09/18 01:46:13 | 002,752,105 | -H-- | M] () -- C:\Users\Patrick Herrin\AppData\Local\IconCache.db [2010/09/18 01:12:08 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010/09/18 01:11:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010/09/18 00:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\prvlcl.dat [2010/09/17 04:25:03 | 002,672,312 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\esetsmartinstaller_enu.exe [2010/09/15 13:49:50 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/09/15 13:49:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/09/13 00:00:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Patrick Herrin\Desktop\HiJackThis.exe [2010/09/12 23:59:27 | 000,001,356 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\d3d9caps.dat [2010/09/12 11:23:32 | 000,001,730 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\DivX Movies.lnk [2010/09/12 11:22:59 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2010/09/07 08:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010/09/06 10:26:56 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2010/09/06 10:26:56 | 000,001,854 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2010/09/06 10:24:01 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/09/06 10:18:10 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/09/04 19:28:40 | 000,077,824 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/01 01:29:39 | 000,721,582 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/09/01 01:29:39 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/09/01 01:29:39 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/08/23 19:18:08 | 000,197,740 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2010/08/22 09:22:46 | 1099,608,729 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\sooml - Wisevid.wmv [2010/08/16 21:07:10 | 010,711,337 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\redsn0w_win_0.9.5b5-5(2).zip [2010/08/16 18:11:55 | 000,001,637 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk [2010/08/16 18:11:55 | 000,001,637 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk [2010/08/11 03:44:48 | 000,409,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/07/26 23:18:37 | 000,001,034 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\FrostWire 4.18.6.lnk [2010/07/01 03:14:06 | 283,519,753 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\dl1 Loombo - Easy way to share your files.m4v [2010/06/29 10:03:30 | 348,632,765 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\The-A-T3am-20.10-T.S-V.2-RDNFO-XViD-IM.G.m4v [2010/06/26 00:47:22 | 000,000,000 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\Bheqaho.bin [2010/06/26 00:47:21 | 000,000,120 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\Kpisi.dat [2010/06/24 16:25:13 | 528,052,694 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\fastpasstv.com kk2 - Wisevid.m4v [2010/06/24 13:25:35 | 000,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini [2010/06/21 21:44:39 | 000,001,854 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\Apple Safari.lnk [2010/06/21 15:40:50 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010/06/21 01:53:18 | 000,000,822 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/06/21 01:52:48 | 000,000,104 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk [2010/06/21 01:19:00 | 000,001,906 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk ========== Files Created - No Company Name ========== [2010/09/18 01:12:08 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010/09/17 04:24:58 | 002,672,312 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\esetsmartinstaller_enu.exe [2010/09/12 11:22:59 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010/09/06 10:26:56 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2010/09/06 10:26:56 | 000,001,854 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2010/09/06 10:24:01 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/09/06 10:18:10 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/09/05 00:19:56 | 1876,934,656 | -HS- | C] () -- C:\hiberfil.sys [2010/08/22 01:11:21 | 1099,608,729 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\sooml - Wisevid.wmv [2010/08/16 21:07:32 | 010,711,337 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\redsn0w_win_0.9.5b5-5(2).zip [2010/07/26 23:31:28 | 000,001,637 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk [2010/07/26 23:31:28 | 000,001,637 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk [2010/07/26 23:18:37 | 000,001,034 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\FrostWire 4.18.6.lnk [2010/07/10 14:39:54 | 000,001,730 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\DivX Movies.lnk [2010/06/30 23:45:54 | 283,519,753 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\dl1 Loombo - Easy way to share your files.m4v [2010/06/29 08:12:03 | 348,632,765 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\The-A-T3am-20.10-T.S-V.2-RDNFO-XViD-IM.G.m4v [2010/06/26 00:47:22 | 000,000,000 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\Bheqaho.bin [2010/06/26 00:47:21 | 000,000,120 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\Kpisi.dat [2010/06/24 14:31:03 | 528,052,694 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\fastpasstv.com kk2 - Wisevid.m4v [2010/06/24 13:25:35 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2010/06/21 21:44:39 | 000,001,854 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\Apple Safari.lnk [2010/06/21 01:53:18 | 000,000,822 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/06/21 01:52:48 | 000,000,104 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk [2010/05/24 23:46:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010/05/24 20:06:21 | 000,000,000 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Roaming\.NANotifyHere [2010/03/10 18:16:44 | 000,033,812 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2010/03/02 01:01:14 | 000,000,448 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Roaming\wklnhst.dat [2010/02/17 00:53:35 | 000,000,036 | ---- | C] () -- C:\Windows\intbook.ini [2010/02/10 23:35:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\viscomtran.dll [2010/02/10 23:35:46 | 006,963,712 | ---- | C] () -- C:\Windows\System32\videotrans.dll [2010/02/10 23:35:46 | 000,172,032 | ---- | C] () -- C:\Windows\System32\viscomgifenc.dll [2010/02/10 23:35:45 | 000,452,608 | ---- | C] () -- C:\Windows\System32\videoformat.dll [2010/02/10 23:35:45 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010/02/10 23:35:45 | 000,154,624 | ---- | C] () -- C:\Windows\System32\imgscaler.dll [2010/02/10 23:35:45 | 000,028,160 | ---- | C] () -- C:\Windows\System32\img_utils.dll [2010/02/10 23:35:45 | 000,019,456 | ---- | C] () -- C:\Windows\System32\videocore.dll [2009/12/09 02:15:33 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2009/12/09 02:15:33 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2009/12/09 02:15:33 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2009/12/09 02:15:33 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2009/12/09 02:15:33 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2009/12/09 02:15:33 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2009/11/12 21:57:46 | 000,000,000 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\prvlcl.dat [2009/09/21 16:05:23 | 000,000,413 | ---- | C] () -- C:\Windows\wininit.ini [2009/09/18 00:57:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/13 16:44:14 | 000,323,584 | ---- | C] () -- C:\Windows\System32\FoxImager.dll [2009/08/23 00:20:45 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009/08/23 00:20:40 | 000,139,152 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Roaming\PnkBstrK.sys [2009/08/18 02:06:14 | 000,000,000 | ---- | C] () -- C:\Windows\WB.ini [2009/08/18 01:56:46 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll [2009/08/17 06:12:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/08/17 00:31:02 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys [2009/08/17 00:01:32 | 000,077,824 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/16 23:52:33 | 000,001,356 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\d3d9caps.dat [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2008/12/24 06:26:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008/12/04 06:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008/12/04 06:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008/12/04 05:31:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008/12/04 04:05:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/12/04 04:05:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008/12/04 05:57:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2008/12/04 05:57:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2009/08/29 22:22:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\acccore [2009/08/16 22:33:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Acer [2008/12/04 05:57:50 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Acer GameZone Console [2010/02/28 19:14:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\AnvSoft [2010/09/02 22:26:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Azureus [2010/03/08 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\com.princess.iq.PrincessWidget.95CF48669C469715948E799FD5617DB57BF9FCEB.1 [2010/06/03 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\DVDFab [2010/09/13 00:10:05 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\FrostWire [2009/08/19 22:06:31 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\GrabPro [2009/10/25 23:29:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\gtk-2.0 [2009/09/19 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\ImgBurn [2009/08/18 00:38:56 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\InterVideo [2009/08/16 22:33:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Leadertech [2010/03/31 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\MoveFab [2010/06/29 21:39:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Orbit [2010/04/18 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\PowerCinema [2009/11/11 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Red Kawa [2010/04/18 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\SoftDMA [2009/09/12 14:26:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Sony [2009/09/12 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Sony Setup [2010/03/02 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Template [2009/08/27 21:48:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Trillian [2009/12/09 07:28:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Ulead Systems [2009/08/18 21:10:29 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Windows SideBar [2010/09/18 01:46:36 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/09/18 02:37:55 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{46A271C2-53C3-4C33-B354-020D415A3E42}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Patrick Herrin\Desktop\WDzlwQ6Qd_s.mp4:TOC.WMV @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:73933431 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F3176E45 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57 < End of report > OTL Extras logfile created on: 9/18/2010 2:32:10 AM - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Patrick Herrin\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69.52 Gb Total Space | 26.26 Gb Free Space | 37.77% Space Free | Partition Type: NTFS Drive D: | 69.52 Gb Total Space | 6.25 Gb Free Space | 8.99% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PATRICK Current User Name: Patrick Herrin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1043F0E3-1AAA-42DA-B2DA-D6585AB3AC9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1620F684-5A25-4F98-B38D-E84F153FC519}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1DCE397A-F897-4FAA-BB47-231986459F3F}" = rport=137 | protocol=17 | dir=out | app=system | "{218E6B50-7F51-4106-91FF-3E9F1337FDC9}" = lport=138 | protocol=17 | dir=in | app=system | "{26EB0733-8B6D-4C1F-B5C4-62C757ECA50F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3274D37E-68AA-4661-99DE-1B0CCC548CB6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{332CF584-49F5-42BE-9E58-13D74D76D556}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4D2E9334-1940-4D5A-BC94-F8C57E0E6FDD}" = rport=138 | protocol=17 | dir=out | app=system | "{543D6B79-ABCA-41E2-A280-5ED63007FA79}" = lport=10243 | protocol=6 | dir=in | app=system | "{5E8359C2-E0FD-49F3-AD0E-4B6902DBBE2A}" = lport=2869 | protocol=6 | dir=in | app=system | "{5F851439-9D1B-40A1-BAD4-24073468E601}" = rport=2869 | protocol=6 | dir=out | app=system | "{5FFC43F9-5D3B-43C8-B75F-702F6125B8FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6F56DD82-5371-43E0-A346-27C10F464144}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{71B9108C-4F01-4AC5-BD9D-17684176185A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{74EE15F4-312C-49A0-83DB-409A4F021E1E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{78C61C19-5096-4656-A623-D4B15A934B27}" = rport=10243 | protocol=6 | dir=out | app=system | "{798930AE-7E91-4063-90D4-031367EC2019}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{80C47E3D-44C9-43A0-85C7-B87EA1DB9683}" = lport=2869 | protocol=6 | dir=in | app=system | "{9655C8C4-31FC-4112-9F16-4756E2259541}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{96977E37-3F28-41B7-9103-873087784C89}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp | "{A1DF2D04-C38F-4DA8-B683-70C1616528AA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B116786B-6C6C-4EFD-AB4E-2E4A5E7EF9C7}" = rport=445 | protocol=6 | dir=out | app=system | "{B8DA82B6-EEBA-4173-BE46-D0AC2008787C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{BEEA31A5-B649-4298-845E-F5AE33A9DA81}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{BF2A3145-C311-4344-AEEC-3BAC69BD51C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C0DF4D31-E6BF-4F3F-9F99-B4FB290C5A39}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CAD06C80-CA7A-4A35-A7FB-D27AB7656496}" = lport=1900 | protocol=17 | dir=in | name=upnp udp | "{D3BA1DF8-C92B-48D4-832D-2BD9C3E41B2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D4376A4E-8756-4220-B2E2-378659F19B18}" = lport=137 | protocol=17 | dir=in | app=system | "{E2C28B74-5155-4A0C-B29E-01EA8B1EA1B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E67DEBEF-7C12-4662-AFF5-173002C44773}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EB1F8B5A-66EE-4C1A-9145-C8FE9B5A409C}" = lport=139 | protocol=6 | dir=in | app=system | "{EEB37157-A5C9-40CD-89DA-92880AFF5AC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F5D85885-CCD0-4D43-B1DF-446C5E380AD3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F944BBC0-82A0-452C-98C3-F54315F167E7}" = rport=139 | protocol=6 | dir=out | app=system | "{F9CDB39D-A2C2-4629-99F0-B3BF86B623A2}" = lport=445 | protocol=6 | dir=in | app=system | "{FA8009B1-B9DE-4936-A5FB-D1DA3B55F212}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FEBCFA8E-A403-4399-8A68-5D5AFC325430}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FFF1B8E1-2EE6-4F3F-952D-9888334A0323}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C87EB4-C531-4F7C-915C-8A0ECCE0C7AC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{00DC681A-E704-4F48-93F2-FDCE845BF719}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{052BD8F1-F177-4AD2-9959-0593ABCA1DC5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{088E0001-94D6-4FD7-9604-4208FC14A663}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0DDE240D-FD2A-4050-AB17-AF76C247A3BE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{0EE6677A-C09E-4D87-A8DF-5B39A5559547}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{11459447-F894-4202-91DF-26BB42ACAF80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{15448FD1-4112-440F-BD33-CBAE27D44CD4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{1D081517-7753-4926-911A-9EDEC1876A96}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1F5347ED-0B6B-40B8-9BD1-CEC738F79CF5}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{259F1611-C159-42C3-AFAF-5539853B7035}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{26F61970-1CCA-4197-9211-E504DB4A0AB8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{270AC6A2-19A3-42DA-98DF-8EDB03ECA208}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{2C5D5D06-2AB5-4895-A08E-C608C68B37AD}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | "{35E6E897-A87F-4BB9-B26B-49E0B013EFFA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{37F68C72-8FCD-44A5-A98A-4FEF1A67C80E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{3AA33A1D-968E-4846-B0B8-3CF7923BEDE1}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{3B460496-22A0-4AD8-9798-16CD1F3A1CA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3C8A0D93-E900-4D38-8132-E4E6FD4A26B7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{3FF653B0-7F15-4799-82C8-62DE106E46A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4464DF46-EC96-4B63-BA34-B5BCDCC80F6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{463446BC-760A-4F21-AF9D-106A8224C499}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{4B3B2BCB-7BFF-43C7-A890-1C8203BD91E7}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{4D319BCE-60DB-40DE-85B7-24DF6AC31545}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{54CB8C16-876F-4A38-86BD-0E6441BCF7D1}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "{5533EFBD-587E-4F6D-8CB1-9F6108E273C2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{555DF32B-7DF6-4542-B3B0-1F33C08293EC}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{58E4146A-2CEA-480C-A424-9F495178F5D8}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | "{5A6A4999-D213-474E-9218-2C40DB4A4009}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{5F0373D1-0B58-4143-8FC0-F1FB89833CEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5F5E6067-EC42-4CF3-8A31-2D153A4B80E5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{643348C5-4BE4-439B-800A-8E9C4BEE8919}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{6B2AEAE6-D7AB-4381-B8CE-AD29C9B4794B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "{710D6FC9-F1BB-40AB-9C09-402E83BB9CDE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{85365ACB-7FD4-4544-A6D6-AC1A08B13411}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{88995018-655D-4F12-9A3C-A4D3CEC138A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8CD3C7EF-7997-48A6-B7CB-3A05F1BF523E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | "{8E039347-8505-40B1-BF76-4459F12D5CB0}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{8FDA9A2C-2248-4307-897A-BA3945AA5A51}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{93986BAE-5214-46DC-B318-141D2814B512}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9611B2E7-4FCC-4D86-9A4F-7CBEBE63251D}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe | "{966FC503-2E9B-4BF2-B96D-B5FB9764537F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{96DCE441-48DA-46F8-A50D-F3E8526A6451}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{9B999CAB-9B69-480A-88C7-A32AEC02450D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A5E4B390-B254-4B6C-BEF3-B6C805B538B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A623743B-C199-46BB-8BAB-819F77AB6FA2}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | "{A8E76D32-584D-446C-89E1-D4AFB9BD085F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{AC063BA3-6E23-47C7-AF22-6201BCE615DF}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{ACA0A148-E6CE-4211-896A-0476E8E1A8AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ACCCB9E1-DF74-4EE2-BAE6-DFFBD1B167D9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{ADA05955-320F-4011-A2B4-CEDAA59F7CD6}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{AE03AEFD-B5DC-418B-BB03-A9FBA641910B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{AF8040E2-6E1D-4296-9A48-5D1FE609F06A}" = protocol=6 | dir=out | app=system | "{B55F5FD5-B75E-4E96-9998-73BA3341777A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B9653C15-6577-483B-B984-5B2C56C676E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B9DB83E8-BE85-49DA-8AC9-04EE0D03CBA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | "{BCD0E400-F7B2-4256-8286-8CC72416597F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{BFD300EF-5968-4676-90D1-96C4F23717A1}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{C16EDDE8-2E8A-4EB3-97C8-280F27891993}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C5841561-FAC2-4A78-9199-79923BC7CB1A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{CFE4FE28-3EC5-4FA2-A6E5-C916CD1B584C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{D2C739B6-32EB-4EEC-AAA9-C4B1674F10ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D64DAAC3-3615-46D7-9676-E10679B9500C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{E0F7EF6D-E0CD-4C5B-895B-4FFA2C43A6E3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E81B51CE-7255-4F43-BE8C-508550BCE5E7}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{EB4E1068-DDFD-448C-97A2-E4C7B3193F2B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{ED5EB088-E2F1-4D36-B1E3-EDA64435286F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F382DC56-CB12-40D5-85C1-7E5BB898A58F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{F3EAA1B4-2C61-44F4-8553-B3DAAD0612B0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{F628CBBA-28B4-4B1E-BDC1-D9C827CE737D}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | "{F984F0E4-CDF0-4853-A15B-CBCA460DDE27}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{FD9E1166-A7C1-4F71-839C-C22D2094F9CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{3B492FDC-0BB5-4849-93B8-2FFC073CC7A9}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | "TCP Query User{AD594DCA-98CB-408C-848C-6836560EEFF0}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "UDP Query User{2B8495D7-51FE-4E6F-8332-AD5A1041C8C4}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "UDP Query User{DAAAF596-A305-4074-8C04-FD00EF501DDC}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0201E035-0F3A-A52B-75C2-C7A817727230}" = CCC Help Italian "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04FDAB5C-986B-7620-3F4F-E5D37F6781E8}" = Catalyst Control Center Localization All "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{1253FE37-2CFA-DDE1-720C-6B9A66605488}" = CCC Help Chinese Traditional "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C51A88E-25D6-AABF-8650-2BAF8336D252}" = CCC Help French "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{2147935B-08C4-BAA2-2FF3-6B8D76FF33C2}" = ATI Catalyst Install Manager "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari "{2F2762EA-D746-5BE3-D612-D2654C943092}" = CCC Help Spanish "{32594C87-E709-7059-2781-2DC3E6AC16BE}" = ccc-utility "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes "{374369F3-A806-6A98-0D60-B22919C15224}" = Catalyst Control Center Graphics Full Existing "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{47A65A53-398C-6FBF-D83A-5BA08C17E553}" = CCC Help Hungarian "{4886820B-C9A2-5F6A-D61E-D697F45D2013}" = CCC Help German "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE19B82-39C9-7601-F6E7-B87D0B6833EC}" = Skins "{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor "{4E915575-2CCA-51C0-33CA-FC8E26C1ABD2}" = CCC Help Russian "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{5E209153-9900-C0A1-D477-5DE3A334377D}" = ccc-core-static "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM) "{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel "{630F1852-FDBC-B67A-ED81-F830A0495747}" = CCC Help Japanese "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{63AF7D26-CC24-0E6D-5C0A-2962EAA54497}" = Catalyst Control Center Graphics Full New "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76393D91-5999-A401-F721-6DDA1389EA0B}" = CCC Help Dutch "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77A7A4C5-31DC-B1FB-02EA-927E3D044186}" = CCC Help Finnish "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{823BFDA3-EE5B-C016-0242-23FC567D66DF}" = Catalyst Control Center Graphics Previews Common "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}" = Putt Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}" = Mythic Mahjong "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8650B9AB-1E2E-4DA4-BD0C-DBE8720D7C2E}" = CCC Help Swedish "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C8A0B95-8350-D8A1-3354-4BDC00B27EC6}" = Catalyst Control Center Core Implementation "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8F8D951A-AD96-B410-8330-F988806E68EA}" = CCC Help Danish "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B35344F-7FA4-B6BA-E64B-930A5BDB9585}" = Catalyst Control Center InstallProxy "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{A2A3AA46-9625-354A-82A2-1E6DF7D52D86}" = CCC Help Turkish "{AC37FE78-545F-E92C-3A9C-6E68DB42140B}" = CCC Help Czech "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AF15A0FC-F5F2-E46A-6837-2B8C5B883109}" = CCC Help Korean "{AFB16B59-3872-3B48-EDD8-B16A8B3BDD0E}" = Catalyst Control Center Graphics Previews Vista "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager "{BA4A3C12-3A9F-C85A-E544-C89428A271D5}" = CCC Help Portuguese "{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner "{BFEE4C93-E490-26FC-D16B-C789F63D33C0}" = CCC Help English "{C0EE4F3C-098F-940C-E5C1-736E7A943CE1}" = CCC Help Chinese Standard "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C31A92DA-E488-A3BC-A694-074A8803527F}" = CCC Help Norwegian "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D34F8493-F267-590E-18E6-E1A468642591}" = Catalyst Control Center InstallProxy "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D439E799-2D99-52DC-F3CF-0501086348D5}" = Catalyst Control Center Graphics Light "{D8F448FA-4AE0-EB3A-599F-C345A37799A0}" = CCC Help Polish "{D9D5FE8B-7A8A-789A-8FF6-21288086F7A3}" = CCC Help Greek "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E91E8912-769D-42F0-8408-0E329443BABC}" = Hawking Technologies HWUG1 Wireless-G USB Adapter "{E9DD7E57-6D95-F664-3B7C-CD013719F2E9}" = CCC Help Thai "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F435F919-9787-832A-FBFE-DBCEC6B8C62C}" = Catalyst Control Center HydraVision Full "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F87F2E18-4720-4F97-B3E5-E930D649D92B}" = Mobile Mouse Server "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "8461-7759-5462-8226" = Vuze "Acer Assist" = Acer Assist "Acer Registration" = Acer Registration "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AIM_7" = AIM 7 "Any Video Converter_is1" = Any Video Converter 3.0.3 "Audacity_is1" = Audacity 1.2.6 "Audioro iPod Converter" = Audioro iPod Converter 2.03 "avast5" = avast! Free Antivirus "AviSynth" = AviSynth 2.5 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Debut" = Debut Video Capture Software "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX Setup "DVDFab 6 by CATER / AHCU_is1" = DVDFab 6.0.1.0 by CATER / AHCU "ENTERPRISER" = Microsoft Office Enterprise 2007 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HyperCam 2" = HyperCam 2 "HyperCam Toolbar" = HyperCam Toolbar "ImgBurn" = ImgBurn "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12 "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1 "LManager" = Launch Manager "LogonStudio Vista" = LogonStudio Vista "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "PunkBusterSvc" = PunkBuster Services "Rainlendar2" = Rainlendar2 (remove only) "RealPlayer 12.0" = RealPlayer "SoftwareUpdUtility" = Download Updater (AOL LLC) "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4 "SynTPDeinstKey" = Synaptics Pointing Device Driver "ViewpointMediaPlayer" = Viewpoint Media Player "WinRAR archiver" = WinRAR archiver "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 7/27/2010 3:33:49 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013 Description = Error - 7/27/2010 3:42:56 AM | Computer Name = officemax-PC | Source = Bonjour Service | ID = 100 Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 7/27/2010 3:42:56 AM | Computer Name = officemax-PC | Source = Bonjour Service | ID = 100 Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 7/27/2010 6:12:52 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013 Description = Error - 7/27/2010 6:14:18 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013 Description = Error - 7/27/2010 6:22:41 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013 Description = Error - 7/27/2010 3:16:24 PM | Computer Name = officemax-PC | Source = Bonjour Service | ID = 100 Description = 380: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 7/27/2010 3:17:12 PM | Computer Name = officemax-PC | Source = EventSystem | ID = 4621 Description = Error - 7/27/2010 3:41:52 PM | Computer Name = Patrick | Source = WinMgmt | ID = 10 Description = Error - 7/27/2010 3:48:36 PM | Computer Name = Patrick | Source = BackItUp5 | ID = 5225 Description = [ System Events ] Error - 12/28/2009 8:52:08 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 8:59:15 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 9:06:22 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 9:23:29 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 9:30:36 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 9:42:43 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 9:49:50 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 10:03:19 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 10:10:26 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 12/28/2009 10:22:26 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. < End of report >
  13. everytime i restart i get this security window labeled secuity on the taskbar. it says something about like invalid info. and then its says this program will be terminated. i don't recognize the icon that is associated with this window.
  14. elise, i just noticed that in my combofix log i forgot to disable windows defender so it wont interfere with combofix. because i forgot, will it affects combofix's ability to work at its best for my PC? shall i run it again?
  15. what other entries need to be fixed in HJT? i know this one must go R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577 could you please review my hjt log above in my first post and recommend the entries that need to be fixed? also what is a good personal firefall that is free? i looked at the preffered lists but i want your opinion on which is the best? thanks elise.