Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

progs not working or stalling windows reboots automatically


  • This topic is locked This topic is locked
291 replies to this topic

#1 balsaplayer

balsaplayer

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 29 August 2010 - 11:04 AM

hi i wonder if someone can help the last few days my pc has been running very slow and browsers freeze for no reason and i can not see messages in YM messenger window yet msn messenger runs fine i have scanned pc with hijack this and here ids the log
i am using vista home with sp2

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:38:08, on 29/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\TypeItIn\TYPEITIN.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {022FCF80-5FEB-4466-AD0C-2DFB0B088C59} - C:\Windows\system32\dmband32.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100819054901.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe"
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\alan\AppData\Local\Temp\989A.tmp
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: RemoteKeysVistaBeta3.exe - Shortcut.lnk = C:\Users\alan\Desktop\RemoteKeys\RemoteKeysVistaBeta3.exe
O4 - Startup: TYPEITIN.EXE - Shortcut.lnk = C:\Program Files\TypeItIn\TYPEITIN.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.sparkpea.net/controls/msnchat45.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13225 bytes

Edited by hamluis, 29 August 2010 - 01:39 PM.
Moved from Vista to Malware Removal Logs forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:00 AM

Posted 04 September 2010 - 07:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 balsaplayer

balsaplayer
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 05 September 2010 - 06:42 PM

Hi thanks for reply have downloade the progs requested and run dds but get no info on how to post all i get is notepad with what looks like a load of code i try to post it here but says i am not allowed to post that type of file here and if i copy and paste to here firefox freezes help please



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:00 AM

Posted 05 September 2010 - 07:00 PM

Can you try running OTL, a similar type of scanner
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 balsaplayer

balsaplayer
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 06 September 2010 - 05:12 AM

Hi thanks for the quick reply have downloaded otl and turned of all virus malaware prog here is the OTL text log
OTL logfile created on: 06/09/2010 11:03:07 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\alan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 1.02 Gb Free Space | 0.71% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 55.12 Gb Free Space | 38.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALAN-PC
Current User Name: alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\alan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Users\alan\AppData\Roaming\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
PRC - C:\Program Files\TypeItIn\TYPEITIN.EXE (WaVGeT)


========== Modules (SafeList) ==========

MOD - C:\Users\alan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100905.003\NAVEX15.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100905.003\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100903.003\IDSvix86.sys (Symantec Corporation)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (Wd) -- C:\Windows\system32\drivers\wd.sys ()
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.0
FF - prefs.js..extensions.enabledItems: {0ed0633c-a54d-47f1-94e7-5bded41ae674}:1.5.47.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1734448&SearchSource=2&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 21:34:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/08/26 12:32:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/08/31 01:32:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components [2010/02/26 09:34:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/06/08 07:00:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/26 19:02:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/31 22:46:29 | 000,000,000 | ---D | M]

[2010/08/20 10:27:53 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Mozilla\Extensions
[2010/02/26 09:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/08/20 10:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/16 13:53:05 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/26 16:22:30 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\o6db26nl.default\extensions
[2010/08/26 16:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\o6db26nl.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/26 16:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\o6db26nl.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}
[2010/08/26 16:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\o6db26nl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/26 16:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\o6db26nl.default\extensions\{dae1762c-1f5e-4890-9fdb-d8771168485d}
[2010/08/26 16:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\o6db26nl.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/26 16:24:53 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\o6db26nl.default\extensions\ChoiceGuard@Microsoft
[2010/09/06 09:41:05 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\zfaeo6k8.alan1\extensions
[2010/08/26 23:55:59 | 000,000,000 | ---D | M] (TranslatorBar 1 Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\zfaeo6k8.alan1\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f}
[2010/08/26 23:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\zfaeo6k8.alan1\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/26 23:55:59 | 000,000,000 | ---D | M] (Free Traffic Bar Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\zfaeo6k8.alan1\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}
[2010/08/26 23:55:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\zfaeo6k8.alan1\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/26 23:56:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\zfaeo6k8.alan1\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/26 23:56:00 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\zfaeo6k8.alan1\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/08/26 23:56:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\zfaeo6k8.alan1\extensions\{dae1762c-1f5e-4890-9fdb-d8771168485d}
[2010/08/26 23:56:00 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\zfaeo6k8.alan1\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(94)
[2010/08/31 01:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\zfaeo6k8.alan1\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/26 23:56:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\zfaeo6k8.alan1\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/20 15:47:08 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\o6db26nl.default\extensions
[2010/08/20 15:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\o6db26nl.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/20 15:47:07 | 000,000,000 | ---D | M] (Free Traffic Bar Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\o6db26nl.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}
[2010/08/20 15:47:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\o6db26nl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/20 15:47:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\o6db26nl.default\extensions\{dae1762c-1f5e-4890-9fdb-d8771168485d}
[2010/08/20 15:47:09 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\o6db26nl.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/20 15:47:07 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\o6db26nl.default\extensions\ChoiceGuard@Microsoft
[2010/08/20 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\zfaeo6k8.alan1\extensions
[2010/08/20 14:32:13 | 000,000,000 | ---D | M] (TranslatorBar 1 Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\zfaeo6k8.alan1\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f}
[2010/08/20 14:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\zfaeo6k8.alan1\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/20 14:32:15 | 000,000,000 | ---D | M] (Free Traffic Bar Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\zfaeo6k8.alan1\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}
[2010/08/20 14:32:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\zfaeo6k8.alan1\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/20 14:32:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\zfaeo6k8.alan1\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/20 14:32:26 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\zfaeo6k8.alan1\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/08/20 14:32:28 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\zfaeo6k8.alan1\extensions\{dae1762c-1f5e-4890-9fdb-d8771168485d}
[2010/08/20 14:32:30 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\zfaeo6k8.alan1\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(94)
[2010/08/20 14:32:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(268)\zfaeo6k8.alan1\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/20 11:24:46 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\o6db26nl.default\extensions
[2010/08/20 15:55:05 | 000,000,000 | ---D | M] (TranslatorBar 1 Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\o6db26nl.default\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f}
[2010/08/20 15:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\o6db26nl.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/20 15:55:05 | 000,000,000 | ---D | M] (Free Traffic Bar Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\o6db26nl.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}
[2010/08/20 15:55:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\o6db26nl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/20 15:55:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\o6db26nl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/20 15:55:05 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\o6db26nl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/08/20 15:55:05 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\o6db26nl.default\extensions\{dae1762c-1f5e-4890-9fdb-d8771168485d}
[2010/08/20 15:55:06 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\o6db26nl.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(94)
[2010/08/20 15:55:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\o6db26nl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/20 15:55:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\o6db26nl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/20 15:54:31 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\qedd78o3.alan\extensions
[2010/08/20 15:54:30 | 000,000,000 | ---D | M] (TranslatorBar 1 Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\qedd78o3.alan\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f}
[2010/08/20 15:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\qedd78o3.alan\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/20 15:54:30 | 000,000,000 | ---D | M] (Free Traffic Bar Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\qedd78o3.alan\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}
[2010/08/20 15:54:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\qedd78o3.alan\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/20 15:54:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\qedd78o3.alan\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/20 15:54:30 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\qedd78o3.alan\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/08/20 15:54:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\qedd78o3.alan\extensions\{dae1762c-1f5e-4890-9fdb-d8771168485d}
[2010/08/20 15:54:30 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\qedd78o3.alan\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(94)
[2010/08/20 15:54:31 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\qedd78o3.alan\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/20 15:54:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\qedd78o3.alan\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/25 12:56:49 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\zfaeo6k8.alan1\extensions
[2010/08/20 15:53:56 | 000,000,000 | ---D | M] (TranslatorBar 1 Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\zfaeo6k8.alan1\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f}
[2010/08/20 15:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\zfaeo6k8.alan1\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/20 15:53:56 | 000,000,000 | ---D | M] (Free Traffic Bar Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\zfaeo6k8.alan1\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}
[2010/08/20 15:53:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\zfaeo6k8.alan1\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/21 13:28:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\zfaeo6k8.alan1\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/20 15:53:56 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\zfaeo6k8.alan1\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/08/20 15:53:56 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\zfaeo6k8.alan1\extensions\{dae1762c-1f5e-4890-9fdb-d8771168485d}
[2010/08/20 15:53:56 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\zfaeo6k8.alan1\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(94)
[2010/08/20 15:53:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\zfaeo6k8.alan1\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/20 15:53:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles(515)\zfaeo6k8.alan1\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/27 09:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/23 20:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/08/26 19:02:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/08/21 13:52:43 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/26 16:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/10/31 23:21:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/05 20:09:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2010/08/30 16:52:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/26 19:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\updater@foxstart.com
[2010/08/01 23:12:10 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/08/01 23:12:10 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/08/30 16:51:47 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/17 18:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npkimi.dll
[2010/08/01 23:12:10 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/11/24 18:29:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/24 18:29:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/24 18:29:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/24 18:29:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/24 18:29:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/24 18:29:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/24 18:29:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/08/01 23:12:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/01 23:12:10 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/08/01 23:12:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/01 23:12:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/08/01 23:12:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/01 23:12:10 | 000,002,014 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxstart.xml
[2010/08/01 23:12:10 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/08/26 23:51:17 | 000,002,423 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml
[2010/08/01 23:12:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/08/01 23:12:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/06 10:58:40 | 000,416,917 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 14391 more lines...
O2 - BHO: (no name) - {022FCF80-5FEB-4466-AD0C-2DFB0B088C59} - C:\Windows\System32\dmband32.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100819054901.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe File not found
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe ()
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RTHDBPL] C:\Users\alan\AppData\Local\Temp\989A.tmp File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RemoteKeysVistaBeta3.exe - Shortcut.lnk = C:\Users\alan\Desktop\RemoteKeys\RemoteKeysVistaBeta3.exe (freewarehits.de)
O4 - Startup: C:\Users\alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TYPEITIN.EXE - Shortcut.lnk = C:\Program Files\TypeItIn\TYPEITIN.EXE (WaVGeT)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://www.sparkpea.net/controls/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\alan\Pictures\Jen at mams 2-1.jpg
O24 - Desktop BackupWallPaper: C:\Users\alan\Pictures\Jen at mams 2-1.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/08/20 14:09:35 | 000,000,000 | ---D | M] - D:\autodesk -- [ NTFS ]
O33 - MountPoints2\{10d7a373-9737-11de-be95-f50511ef129c}\Shell - "" = AutoRun
O33 - MountPoints2\{10d7a373-9737-11de-be95-f50511ef129c}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{10d7a376-9737-11de-be95-f50511ef129c}\Shell - "" = AutoRun
O33 - MountPoints2\{10d7a376-9737-11de-be95-f50511ef129c}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{1208e810-cb1e-11de-8215-d0f05e5ac082}\Shell - "" = AutoRun
O33 - MountPoints2\{1208e810-cb1e-11de-8215-d0f05e5ac082}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{1208e81d-cb1e-11de-8215-d0f05e5ac082}\Shell - "" = AutoRun
O33 - MountPoints2\{1208e81d-cb1e-11de-8215-d0f05e5ac082}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{26ffcbe7-aa48-11dd-acd9-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{26ffcbe7-aa48-11dd-acd9-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{26ffcbe9-aa48-11dd-acd9-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{26ffcbe9-aa48-11dd-acd9-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{2d204ef0-9732-11de-969f-975d797fc881}\Shell - "" = AutoRun
O33 - MountPoints2\{2d204ef0-9732-11de-969f-975d797fc881}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{2d204f0a-9732-11de-969f-975d797fc881}\Shell - "" = AutoRun
O33 - MountPoints2\{2d204f0a-9732-11de-969f-975d797fc881}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{2ea9db50-aaf6-11df-a37a-8f8c4236a1bc}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea9db50-aaf6-11df-a37a-8f8c4236a1bc}\Shell\AutoRun\command - "" = N:\Autorun.exe -- File not found
O33 - MountPoints2\{33a0902f-cdf4-11de-acf0-c10879642bf1}\Shell - "" = AutoRun
O33 - MountPoints2\{33a0902f-cdf4-11de-acf0-c10879642bf1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{33a0903b-cdf4-11de-acf0-c10879642bf1}\Shell - "" = AutoRun
O33 - MountPoints2\{33a0903b-cdf4-11de-acf0-c10879642bf1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{340daed8-f306-11dd-842d-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{340daed8-f306-11dd-842d-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{340daeed-f306-11dd-842d-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{340daeed-f306-11dd-842d-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{340daef0-f306-11dd-842d-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{340daef0-f306-11dd-842d-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{4417bdfd-77ac-11de-a0b0-b09c21761ef7}\Shell - "" = AutoRun
O33 - MountPoints2\{4417bdfd-77ac-11de-a0b0-b09c21761ef7}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{4417be0e-77ac-11de-a0b0-b09c21761ef7}\Shell - "" = AutoRun
O33 - MountPoints2\{4417be0e-77ac-11de-a0b0-b09c21761ef7}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{5849fc7d-cded-11de-b7c2-ee25e107b98c}\Shell - "" = AutoRun
O33 - MountPoints2\{5849fc7d-cded-11de-b7c2-ee25e107b98c}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{5849fc8e-cded-11de-b7c2-ee25e107b98c}\Shell - "" = AutoRun
O33 - MountPoints2\{5849fc8e-cded-11de-b7c2-ee25e107b98c}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{5f2463d6-a824-11dd-ba2e-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{5f2463d6-a824-11dd-ba2e-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{5f2463eb-a824-11dd-ba2e-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{5f2463eb-a824-11dd-ba2e-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{5f2463f9-a824-11dd-ba2e-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{5f2463f9-a824-11dd-ba2e-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{5f2463fb-a824-11dd-ba2e-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{5f2463fb-a824-11dd-ba2e-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{690f06e4-f2f0-11dd-8ad5-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{690f06e4-f2f0-11dd-8ad5-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{690f0709-f2f0-11dd-8ad5-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{690f0709-f2f0-11dd-8ad5-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{754972b5-06aa-11de-82d3-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{754972b5-06aa-11de-82d3-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{754972d9-06aa-11de-82d3-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{754972d9-06aa-11de-82d3-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{7efbee09-69bd-11de-8578-bc35ee2ee247}\Shell - "" = AutoRun
O33 - MountPoints2\{7efbee09-69bd-11de-8578-bc35ee2ee247}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{7efbee1a-69bd-11de-8578-bc35ee2ee247}\Shell - "" = AutoRun
O33 - MountPoints2\{7efbee1a-69bd-11de-8578-bc35ee2ee247}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{7efbee1d-69bd-11de-8578-bc35ee2ee247}\Shell - "" = AutoRun
O33 - MountPoints2\{7efbee1d-69bd-11de-8578-bc35ee2ee247}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{7efbee1f-69bd-11de-8578-bc35ee2ee247}\Shell - "" = AutoRun
O33 - MountPoints2\{7efbee1f-69bd-11de-8578-bc35ee2ee247}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{7efbef15-69bd-11de-8578-9aa3833e52a4}\Shell - "" = AutoRun
O33 - MountPoints2\{7efbef15-69bd-11de-8578-9aa3833e52a4}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{7efbef16-69bd-11de-8578-9aa3833e52a4}\Shell - "" = AutoRun
O33 - MountPoints2\{7efbef16-69bd-11de-8578-9aa3833e52a4}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{85f6468d-973a-11de-80ed-ee61635f839d}\Shell - "" = AutoRun
O33 - MountPoints2\{85f6468d-973a-11de-80ed-ee61635f839d}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{85f646a8-973a-11de-80ed-ee61635f839d}\Shell - "" = AutoRun
O33 - MountPoints2\{85f646a8-973a-11de-80ed-ee61635f839d}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{935636c5-ca67-11de-9f24-f42543872a74}\Shell - "" = AutoRun
O33 - MountPoints2\{935636c5-ca67-11de-9f24-f42543872a74}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{935636d1-ca67-11de-9f24-f42543872a74}\Shell - "" = AutoRun
O33 - MountPoints2\{935636d1-ca67-11de-9f24-f42543872a74}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{95966f75-44b9-11de-a16a-dfdd6bb61b97}\Shell - "" = AutoRun
O33 - MountPoints2\{95966f75-44b9-11de-a16a-dfdd6bb61b97}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{95966f90-44b9-11de-a16a-dfdd6bb61b97}\Shell - "" = AutoRun
O33 - MountPoints2\{95966f90-44b9-11de-a16a-dfdd6bb61b97}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{95966f96-44b9-11de-a16a-dfdd6bb61b97}\Shell - "" = AutoRun
O33 - MountPoints2\{95966f96-44b9-11de-a16a-dfdd6bb61b97}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{9a890d95-973f-11de-abce-badc0d1333e8}\Shell - "" = AutoRun
O33 - MountPoints2\{9a890d95-973f-11de-abce-badc0d1333e8}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{9a890d97-973f-11de-abce-badc0d1333e8}\Shell - "" = AutoRun
O33 - MountPoints2\{9a890d97-973f-11de-abce-badc0d1333e8}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{a4b4af6b-76a4-11de-8942-f372bd80b494}\Shell - "" = AutoRun
O33 - MountPoints2\{a4b4af6b-76a4-11de-8942-f372bd80b494}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{a5323581-7c4a-11de-a45a-c1936ffadbb7}\Shell - "" = AutoRun
O33 - MountPoints2\{a5323581-7c4a-11de-a45a-c1936ffadbb7}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{a5323583-7c4a-11de-a45a-c1936ffadbb7}\Shell - "" = AutoRun
O33 - MountPoints2\{a5323583-7c4a-11de-a45a-c1936ffadbb7}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{a5323597-7c4a-11de-a45a-af958f4dc0fe}\Shell - "" = AutoRun
O33 - MountPoints2\{a5323597-7c4a-11de-a45a-af958f4dc0fe}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{a5323598-7c4a-11de-a45a-af958f4dc0fe}\Shell - "" = AutoRun
O33 - MountPoints2\{a5323598-7c4a-11de-a45a-af958f4dc0fe}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{a532359c-7c4a-11de-a45a-a5b4f7570317}\Shell - "" = AutoRun
O33 - MountPoints2\{a532359c-7c4a-11de-a45a-a5b4f7570317}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{a53235ad-7c4a-11de-a45a-a5b4f7570317}\Shell - "" = AutoRun
O33 - MountPoints2\{a53235ad-7c4a-11de-a45a-a5b4f7570317}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{acb8746d-ab4b-11dd-bdef-0021850af4e3}\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found
O33 - MountPoints2\{acb8746d-ab4b-11dd-bdef-0021850af4e3}\Shell\Shell00\Command - "" = K:\Autorun.exe -- File not found
O33 - MountPoints2\{acb8746d-ab4b-11dd-bdef-0021850af4e3}\Shell\Shell01\Command - "" = K:\Autorun.exe -- File not found
O33 - MountPoints2\{acb8746d-ab4b-11dd-bdef-0021850af4e3}\Shell\Shell02\Command - "" = K:\Autorun.exe -- File not found
O33 - MountPoints2\{ad933750-c7e6-11dd-ac29-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{ad933750-c7e6-11dd-ac29-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{adf1a887-cb21-11de-81af-d793dd7be4f3}\Shell - "" = AutoRun
O33 - MountPoints2\{adf1a887-cb21-11de-81af-d793dd7be4f3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{adf1aa6f-cb21-11de-81af-f44402873d7b}\Shell - "" = AutoRun
O33 - MountPoints2\{adf1aa6f-cb21-11de-81af-f44402873d7b}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{adf1aa7d-cb21-11de-81af-977d12d6d6f0}\Shell - "" = AutoRun
O33 - MountPoints2\{adf1aa7d-cb21-11de-81af-977d12d6d6f0}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{b9290d43-88e6-11de-81f6-d7f7ec26a5ce}\Shell - "" = AutoRun
O33 - MountPoints2\{b9290d43-88e6-11de-81f6-d7f7ec26a5ce}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c29b63a3-8786-11de-bc7b-876f00e223c4}\Shell - "" = AutoRun
O33 - MountPoints2\{c29b63a3-8786-11de-bc7b-876f00e223c4}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c29b63b4-8786-11de-bc7b-876f00e223c4}\Shell - "" = AutoRun
O33 - MountPoints2\{c29b63b4-8786-11de-bc7b-876f00e223c4}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c6263a67-c98b-11de-815d-9093c7deee94}\Shell - "" = AutoRun
O33 - MountPoints2\{c6263a67-c98b-11de-815d-9093c7deee94}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c6263ab4-c98b-11de-815d-90806b2684b6}\Shell - "" = AutoRun
O33 - MountPoints2\{c6263ab4-c98b-11de-815d-90806b2684b6}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c721c096-7bb5-11de-9486-bae5878d6be1}\Shell - "" = AutoRun
O33 - MountPoints2\{c721c096-7bb5-11de-9486-bae5878d6be1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c721c098-7bb5-11de-9486-bae5878d6be1}\Shell - "" = AutoRun
O33 - MountPoints2\{c721c098-7bb5-11de-9486-bae5878d6be1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c721c09a-7bb5-11de-9486-bae5878d6be1}\Shell - "" = AutoRun
O33 - MountPoints2\{c721c09a-7bb5-11de-9486-bae5878d6be1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c855a83a-a81f-11dd-979f-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{c855a83a-a81f-11dd-979f-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{c855a84c-a81f-11dd-979f-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{c855a84c-a81f-11dd-979f-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{d4d455b0-7c48-11de-9652-9ca3e414d69a}\Shell - "" = AutoRun
O33 - MountPoints2\{d4d455b0-7c48-11de-9652-9ca3e414d69a}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{d4d455cb-7c48-11de-9652-9ca3e414d69a}\Shell - "" = AutoRun
O33 - MountPoints2\{d4d455cb-7c48-11de-9652-9ca3e414d69a}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{d9eb6626-cf02-11de-b050-a78d47b637c7}\Shell - "" = AutoRun
O33 - MountPoints2\{d9eb6626-cf02-11de-b050-a78d47b637c7}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{d9eb6664-cf02-11de-b050-b703e44e71ec}\Shell - "" = AutoRun
O33 - MountPoints2\{d9eb6664-cf02-11de-b050-b703e44e71ec}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{d9eb6666-cf02-11de-b050-b703e44e71ec}\Shell - "" = AutoRun
O33 - MountPoints2\{d9eb6666-cf02-11de-b050-b703e44e71ec}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{d9eb67c8-cf02-11de-b050-9a50adb6edc6}\Shell - "" = AutoRun
O33 - MountPoints2\{d9eb67c8-cf02-11de-b050-9a50adb6edc6}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{d9eb6808-cf02-11de-b050-f7c3c6966566}\Shell - "" = AutoRun
O33 - MountPoints2\{d9eb6808-cf02-11de-b050-f7c3c6966566}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{dcdab00a-aa6c-11dd-8060-f5449755293e}\Shell - "" = AutoRun
O33 - MountPoints2\{dcdab00a-aa6c-11dd-8060-f5449755293e}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{dcdab01d-aa6c-11dd-8060-f5449755293e}\Shell - "" = AutoRun
O33 - MountPoints2\{dcdab01d-aa6c-11dd-8060-f5449755293e}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{de843759-94e7-11de-9b0f-a4c396c312dd}\Shell - "" = AutoRun
O33 - MountPoints2\{de843759-94e7-11de-9b0f-a4c396c312dd}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{de843774-94e7-11de-9b0f-a4c396c312dd}\Shell - "" = AutoRun
O33 - MountPoints2\{de843774-94e7-11de-9b0f-a4c396c312dd}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4bafb87-a7b1-11dd-adac-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{e4bafb87-a7b1-11dd-adac-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4bafb9e-a7b1-11dd-adac-0021850af4e3}\Shell - "" = AutoRun
O33 - MountPoints2\{e4bafb9e-a7b1-11dd-adac-0021850af4e3}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{e5b47b34-bbb8-11de-b151-c1464957842d}\Shell - "" = AutoRun
O33 - MountPoints2\{e5b47b34-bbb8-11de-b151-c1464957842d}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{ef0a8f7e-8663-11de-9462-c8fc7f609ff9}\Shell - "" = AutoRun
O33 - MountPoints2\{ef0a8f7e-8663-11de-9462-c8fc7f609ff9}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{ef0a8f80-8663-11de-9462-c8fc7f609ff9}\Shell - "" = AutoRun
O33 - MountPoints2\{ef0a8f80-8663-11de-9462-c8fc7f609ff9}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{fa1b1a89-cde8-11de-b216-d03d824c3bf1}\Shell - "" = AutoRun
O33 - MountPoints2\{fa1b1a89-cde8-11de-b216-d03d824c3bf1}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{fa1b1a9a-cde8-11de-b216-d03d824c3bf1}\Shell - "" = AutoRun
O33 - MountPoints2\{fa1b1a9a-cde8-11de-b216-d03d824c3bf1}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Start.exe -- File not found
O33 - MountPoints2\E\Shell\Install\Command - "" = E:\Start.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/06 10:43:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\alan\Desktop\OTL.exe
[2010/08/30 21:34:09 | 000,000,000 | ---D | C] -- C:\Users\alan\AppData\Roaming\FOG Downloader
[2010/08/30 21:33:57 | 000,000,000 | ---D | C] -- C:\Users\alan\runes
[2010/08/30 16:52:06 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/08/30 16:52:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/30 16:52:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/30 16:52:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/30 16:38:10 | 000,000,000 | ---D | C] -- C:\Users\alan\AppData\Roaming\Tific
[2010/08/30 15:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\WildView
[2010/08/28 05:52:51 | 000,000,000 | ---D | C] -- C:\Users\alan\AppData\Local\CrashDumps
[2010/08/27 11:30:28 | 000,000,000 | ---D | C] -- C:\Users\alan\AppData\Local\Yahoo
[2010/08/27 11:04:56 | 000,000,000 | ---D | C] -- C:\Users\alan\AppData\Roaming\yahoo!(128)
[2010/08/27 09:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/27 09:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/27 08:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/08/27 08:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/08/27 04:58:26 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symtdiv.sys
[2010/08/27 04:58:25 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\cchpx86.sys
[2010/08/27 04:58:25 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symds.sys
[2010/08/27 04:58:25 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.sys
[2010/08/27 04:58:25 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.sys
[2010/08/27 04:58:25 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\ironx86.sys
[2010/08/27 04:58:25 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.sys
[2010/08/27 04:58:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1107000.00C
[2010/08/27 00:34:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/08/27 00:34:31 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/08/27 00:34:31 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/08/27 00:27:05 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/27 00:27:05 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/27 00:27:03 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/27 00:26:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/27 00:26:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/27 00:26:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/27 00:26:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/27 00:26:34 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/27 00:26:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/27 00:26:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/27 00:26:33 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/27 00:26:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/27 00:26:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/27 00:26:31 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/27 00:26:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/27 00:26:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/27 00:26:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/27 00:26:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/27 00:26:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/27 00:26:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/08/27 00:26:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/08/27 00:26:17 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/27 00:23:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/08/27 00:22:59 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/08/27 00:22:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/08/27 00:22:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/08/26 12:24:31 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/08/26 12:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/26 12:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/08/26 12:24:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2010/08/26 12:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/08/26 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/08/25 00:07:33 | 000,000,000 | ---D | C] -- C:\Users\alan\AppData\Local\{4C859C5C-084B-4C63-8B94-85DE8276D2B2}
[2010/08/23 10:58:28 | 000,000,000 | ---D | C] -- C:\Users\alan\Desktop\stone lang packs
[2010/08/20 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\alan\Desktop\ulead gif anim
[2010/08/20 14:29:23 | 000,000,000 | ---D | C] -- C:\Users\alan\Desktop\firefox profiles
[2010/08/20 10:10:45 | 000,000,000 | ---D | C] -- C:\Users\alan\Desktop\Profiles
[2010/08/19 23:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee(454)
[2010/08/19 05:49:01 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010/08/19 05:48:52 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010/08/19 05:48:52 | 000,160,720 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010/08/19 05:48:52 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/08/19 05:48:52 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010/08/19 05:48:52 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010/08/19 05:48:52 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/08/19 00:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/08/19 00:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/08/19 00:13:38 | 000,034,152 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2010/08/18 20:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2010/08/18 20:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2010/08/18 19:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/08/18 19:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/08/18 19:06:26 | 000,000,000 | ---D | C] -- C:\Users\alan\Desktop\mcfee
[2010/08/18 18:52:10 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\ROBOEX32.DLL
[2010/08/18 18:52:10 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\INETWH32.dll
[2010/08/18 18:47:11 | 000,000,000 | ---D | C] -- C:\Users\alan\Desktop\gif creat
[2010/08/13 21:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\IWONGEI
[2010/08/12 01:08:33 | 000,000,000 | ---D | C] -- C:\Users\alan\AppData\Roaming\Urmeez
[2010/08/12 01:08:33 | 000,000,000 | ---D | C] -- C:\Users\alan\AppData\Roaming\Esgeli
[2010/08/11 08:06:33 | 000,000,000 | ---D | C] -- C:\Users\alan\AppData\Roaming\WinRAR
[2010/08/11 08:06:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/08/11 08:06:23 | 000,325,632 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\cmicryptinstall32.dll
[2010/08/11 08:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\1791232077
[2010/08/10 00:21:07 | 000,000,000 | ---D | C] -- C:\Users\alan\Desktop\about me ffs
[2008/11/01 17:19:58 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/11/01 17:19:56 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Users\alan\AppData\Roaming\*.tmp files -> C:\Users\alan\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/06 11:02:39 | 008,388,608 | -HS- | M] () -- C:\Users\alan\ntuser.dat
[2010/09/06 10:58:40 | 000,416,917 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/06 10:43:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\alan\Desktop\OTL.exe
[2010/09/06 10:38:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/06 10:24:46 | 000,712,556 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/06 10:24:46 | 000,613,256 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/06 10:24:46 | 000,112,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/06 10:18:07 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/06 10:17:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/06 09:41:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/06 09:41:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/06 03:58:35 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/09/06 01:37:05 | 001,995,120 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/09/06 00:56:18 | 000,000,776 | ---- | M] () -- C:\Users\alan\Desktop\SpywareBlaster.lnk
[2010/09/06 00:18:31 | 000,525,824 | ---- | M] () -- C:\Users\alan\Desktop\dds.scr
[2010/09/06 00:17:42 | 000,000,176 | ---- | M] () -- C:\Users\alan\defogger_reenable
[2010/09/06 00:00:01 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/09/05 09:21:51 | 000,293,376 | ---- | M] () -- C:\Users\alan\Desktop\tzw11scm.exe
[2010/09/05 09:21:12 | 000,050,477 | ---- | M] () -- C:\Users\alan\Desktop\Defogger.exe
[2010/09/04 15:41:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/04 15:41:15 | 2146,660,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/30 20:50:18 | 000,271,290 | ---- | M] () -- C:\Users\alan\Desktop\hangstan.swf
[2010/08/30 16:51:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/30 16:51:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/08/30 16:51:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/30 16:51:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/30 16:37:59 | 000,524,288 | -HS- | M] () -- C:\Users\alan\ntuser.dat{1f6478a6-b44c-11df-9468-e64719fd072e}.TMContainer00000000000000000002.regtrans-ms
[2010/08/30 16:37:59 | 000,524,288 | -HS- | M] () -- C:\Users\alan\ntuser.dat{1f6478a6-b44c-11df-9468-e64719fd072e}.TMContainer00000000000000000001.regtrans-ms
[2010/08/30 16:37:59 | 000,065,536 | -HS- | M] () -- C:\Users\alan\ntuser.dat{1f6478a6-b44c-11df-9468-e64719fd072e}.TM.blf
[2010/08/30 16:36:43 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/08/30 16:35:17 | 000,410,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/27 12:08:19 | 000,524,288 | -HS- | M] () -- C:\Users\alan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/27 12:08:19 | 000,065,536 | -HS- | M] () -- C:\Users\alan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/27 12:08:02 | 003,889,740 | -H-- | M] () -- C:\Users\alan\AppData\Local\IconCache.db
[2010/08/27 08:50:05 | 000,000,930 | ---- | M] () -- C:\Users\alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/27 08:50:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/27 00:30:04 | 000,000,603 | ---- | M] () -- C:\Windows\win.ini
[2010/08/26 19:02:51 | 000,001,712 | ---- | M] () -- C:\Users\alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/26 19:02:51 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/26 12:24:31 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/08/26 12:24:31 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/08/26 12:24:31 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/08/26 11:04:22 | 195,771,950 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/26 10:41:44 | 000,000,680 | ---- | M] () -- C:\Users\alan\AppData\Local\d3d9caps.dat
[2010/08/26 09:59:58 | 000,000,738 | ---- | M] () -- C:\Windows\tasks\McAfee Cleanup.job
[2010/08/26 07:35:01 | 000,114,784 | ---- | M] () -- C:\Users\alan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/25 12:45:31 | 000,000,120 | ---- | M] () -- C:\Users\alan\AppData\Local\Ggacinohaz.dat
[2010/08/25 00:07:36 | 000,000,000 | ---- | M] () -- C:\Users\alan\AppData\Local\Brexoxicak.bin
[2010/08/22 22:50:38 | 000,010,267 | ---- | M] () -- C:\Users\alan\Documents\valentina 22222.jpg
[2010/08/22 22:50:05 | 000,016,002 | ---- | M] () -- C:\Users\alan\Documents\mab 222222222.jpg
[2010/08/22 22:40:14 | 000,098,319 | ---- | M] () -- C:\Users\alan\Documents\Picture 041(2).jpg
[2010/08/21 02:34:29 | 000,000,112 | ---- | M] () -- C:\ProgramData\06HlEXikg.dat
[2010/08/20 09:45:40 | 014,994,006 | ---- | M] () -- C:\Users\alan\Desktop\Firefox 3.6.8 (en-GB) - 2010-08-20.pcv
[2010/08/18 19:59:53 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/08/18 18:52:11 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2010/08/18 18:52:11 | 000,000,217 | ---- | M] () -- C:\Windows\Ulead32.ini
[2010/08/17 15:26:05 | 000,055,808 | ---- | M] () -- C:\Users\alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/13 06:04:31 | 000,000,293 | ---- | M] () -- C:\Windows\wininit.ini
[2010/08/12 22:21:02 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2010/08/12 06:04:06 | 000,004,178 | -HS- | M] () -- C:\Users\alan\AppData\Roaming\02000000b323647d982P.manifest
[2010/08/12 06:02:06 | 000,000,817 | ---- | M] () -- C:\ProgramData\1492545322
[2010/08/12 05:46:50 | 000,000,138 | -HS- | M] () -- C:\Users\alan\AppData\Roaming\02000000b323647d982O.manifest
[2010/08/12 05:46:50 | 000,000,051 | -HS- | M] () -- C:\Users\alan\AppData\Roaming\02000000b323647d982C.manifest
[2010/08/12 05:46:30 | 000,000,011 | -HS- | M] () -- C:\Users\alan\AppData\Roaming\02000000b323647d982S.manifest
[2010/08/12 05:46:21 | 000,000,571 | -HS- | M] () -- C:\ProgramData\145112954
[2010/08/12 01:12:13 | 000,000,019 | ---- | M] () -- C:\Users\alan\AppData\Roaming\876682d
[2010/08/11 08:06:32 | 000,000,141 | ---- | M] () -- C:\ProgramData\sl1766305256
[2010/08/11 08:06:23 | 000,325,632 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\cmicryptinstall32.dll
[2010/08/11 08:06:15 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/08/07 19:56:44 | 000,004,593 | ---- | M] () -- C:\Users\alan\Documents\--30000--15044_product_1223746171_thumb_medium.jpg
[2010/08/07 19:39:10 | 000,000,512 | ---- | M] () -- C:\Users\alan\Documents\heart1layout.gif
[1 C:\Users\alan\AppData\Roaming\*.tmp files -> C:\Users\alan\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/06 00:17:25 | 000,000,176 | ---- | C] () -- C:\Users\alan\defogger_reenable
[2010/09/05 09:21:51 | 000,293,376 | ---- | C] () -- C:\Users\alan\Desktop\tzw11scm.exe
[2010/09/05 09:21:12 | 000,050,477 | ---- | C] () -- C:\Users\alan\Desktop\Defogger.exe
[2010/09/05 09:17:15 | 000,525,824 | ---- | C] () -- C:\Users\alan\Desktop\dds.scr
[2010/08/30 20:50:17 | 000,271,290 | ---- | C] () -- C:\Users\alan\Desktop\hangstan.swf
[2010/08/30 16:37:59 | 000,524,288 | -HS- | C] () -- C:\Users\alan\ntuser.dat{1f6478a6-b44c-11df-9468-e64719fd072e}.TMContainer00000000000000000002.regtrans-ms
[2010/08/30 16:37:59 | 000,524,288 | -HS- | C] () -- C:\Users\alan\ntuser.dat{1f6478a6-b44c-11df-9468-e64719fd072e}.TMContainer00000000000000000001.regtrans-ms
[2010/08/30 16:37:59 | 000,065,536 | -HS- | C] () -- C:\Users\alan\ntuser.dat{1f6478a6-b44c-11df-9468-e64719fd072e}.TM.blf
[2010/08/30 16:33:53 | 001,995,120 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/08/27 08:50:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/27 08:50:04 | 000,000,930 | ---- | C] () -- C:\Users\alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/27 04:58:25 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.cat
[2010/08/27 04:58:25 | 000,007,787 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnetv.cat
[2010/08/27 04:58:25 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.cat
[2010/08/27 04:58:25 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.cat
[2010/08/27 04:58:25 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.cat
[2010/08/27 04:58:25 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symds.cat
[2010/08/27 04:58:25 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\cchpx86.cat
[2010/08/27 04:58:25 | 000,007,368 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet.cat
[2010/08/27 04:58:25 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.inf
[2010/08/27 04:58:25 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symds.inf
[2010/08/27 04:58:25 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\cchpx86.inf
[2010/08/27 04:58:25 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnetv.inf
[2010/08/27 04:58:25 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet.inf
[2010/08/27 04:58:25 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.inf
[2010/08/27 04:58:25 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.inf
[2010/08/27 04:58:25 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.inf
[2010/08/27 04:58:03 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1107000.00C\isolate.ini
[2010/08/26 19:02:51 | 000,001,712 | ---- | C] () -- C:\Users\alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/26 19:02:51 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/26 17:59:34 | 2146,660,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/26 12:24:31 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/08/26 12:24:31 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/08/26 12:24:29 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/08/26 09:59:58 | 000,000,738 | ---- | C] () -- C:\Windows\tasks\McAfee Cleanup.job
[2010/08/25 00:07:36 | 000,000,000 | ---- | C] () -- C:\Users\alan\AppData\Local\Brexoxicak.bin
[2010/08/25 00:07:35 | 000,000,120 | ---- | C] () -- C:\Users\alan\AppData\Local\Ggacinohaz.dat
[2010/08/22 22:50:38 | 000,010,267 | ---- | C] () -- C:\Users\alan\Documents\valentina 22222.jpg
[2010/08/22 22:50:05 | 000,016,002 | ---- | C] () -- C:\Users\alan\Documents\mab 222222222.jpg
[2010/08/22 22:40:10 | 000,098,319 | ---- | C] () -- C:\Users\alan\Documents\Picture 041(2).jpg
[2010/08/21 02:34:29 | 000,000,112 | ---- | C] () -- C:\ProgramData\06HlEXikg.dat
[2010/08/20 09:45:16 | 014,994,006 | ---- | C] () -- C:\Users\alan\Desktop\Firefox 3.6.8 (en-GB) - 2010-08-20.pcv
[2010/08/18 19:59:53 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/08/18 18:52:11 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2010/08/13 19:34:59 | 000,000,077 | ---- | C] () -- C:\Users\alan\AppData\Roaming\Rim.Desktop.Exception.log
[2010/08/12 22:21:12 | 000,001,602 | ---- | C] () -- C:\Users\alan\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/12 22:21:02 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2010/08/12 05:47:04 | 000,000,293 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/12 01:08:01 | 000,000,019 | ---- | C] () -- C:\Users\alan\AppData\Roaming\876682d
[2010/08/11 08:06:48 | 000,000,571 | -HS- | C] () -- C:\ProgramData\145112954
[2010/08/11 08:06:47 | 000,000,817 | ---- | C] () -- C:\ProgramData\1492545322
[2010/08/11 08:06:32 | 000,000,141 | ---- | C] () -- C:\ProgramData\sl1766305256
[2010/08/11 08:06:15 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/08/11 08:05:58 | 000,004,178 | -HS- | C] () -- C:\Users\alan\AppData\Roaming\02000000b323647d982P.manifest
[2010/08/11 08:05:58 | 000,000,138 | -HS- | C] () -- C:\Users\alan\AppData\Roaming\02000000b323647d982O.manifest
[2010/08/11 08:05:58 | 000,000,051 | -HS- | C] () -- C:\Users\alan\AppData\Roaming\02000000b323647d982C.manifest
[2010/08/11 08:05:58 | 000,000,011 | -HS- | C] () -- C:\Users\alan\AppData\Roaming\02000000b323647d982S.manifest
[2010/08/07 19:39:08 | 000,000,512 | ---- | C] () -- C:\Users\alan\Documents\heart1layout.gif
[2010/08/07 19:05:00 | 000,004,593 | ---- | C] () -- C:\Users\alan\Documents\--30000--15044_product_1223746171_thumb_medium.jpg
[2010/06/09 00:32:14 | 000,001,258 | ---- | C] () -- C:\Users\alan\AppData\Roaming\BBMS_EXCEPTION.txt
[2010/02/24 12:03:10 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/24 11:52:09 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/19 18:44:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/18 18:14:26 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2009/06/18 00:45:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/20 09:56:57 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/05/19 22:00:22 | 000,000,680 | ---- | C] () -- C:\Users\alan\AppData\Local\d3d9caps.dat
[2009/02/16 13:35:08 | 000,466,944 | ---- | C] () -- C:\Windows\RemoveDevice.dll
[2009/02/15 21:35:29 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/11/05 21:59:31 | 000,000,217 | ---- | C] () -- C:\Windows\Ulead32.ini
[2008/11/04 12:24:31 | 000,023,888 | ---- | C] () -- C:\Users\alan\AppData\Roaming\UserTile.png
[2008/11/03 18:00:22 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/11/01 17:19:56 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/11/01 01:44:02 | 009,611,520 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/11/01 01:44:02 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/10/30 19:47:11 | 000,055,808 | ---- | C] () -- C:\Users\alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/30 00:58:59 | 000,003,450 | ---- | C] () -- C:\Users\alan\AppData\Roaming\wklnhst.dat
[2008/10/30 00:08:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/29 20:45:25 | 000,041,472 | ---- | C] () -- C:\Windows\System32\TYPEITIN.DLL
[2008/06/06 19:24:14 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/06/06 19:24:14 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/03/16 21:42:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/16 21:10:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/16 20:03:42 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008/03/16 20:03:42 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:54:05 | 000,022,072 | ---- | C] () -- C:\Windows\System32\drivers\wd.sys
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/08/17 16:48:21 | 000,000,000 | -HSD | M] -- C:\Users\alan\AppData\Roaming\.#
[2008/03/16 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Acer GameZone Console
[2009/05/27 10:02:07 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Autodesk
[2009/07/28 15:09:11 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Big Fish Games
[2009/11/10 13:35:12 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Birdstep Technology
[2008/11/01 20:40:20 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Bytemobile
[2009/05/20 10:22:04 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\DAEMON Tools Lite
[2009/01/31 15:03:10 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\DriverCure
[2009/04/16 17:43:41 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Emulators
[2010/08/26 12:29:00 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Esgeli
[2008/11/08 13:44:40 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\eSobi
[2010/02/26 09:34:23 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Flock
[2010/08/30 21:34:09 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\FOG Downloader
[2009/10/20 05:58:43 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\HCM Updater
[2009/11/23 20:41:42 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\ICQ
[2010/08/21 11:09:50 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Irhiep
[2009/07/29 16:15:44 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\iWin
[2008/11/08 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Jasc
[2010/08/26 16:24:53 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\LimeWire
[2010/08/26 06:43:36 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Nyaziz
[2010/08/26 06:40:36 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Oxacab
[2008/11/04 12:24:30 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\PeerNetworking
[2010/08/26 16:24:54 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\PhotoScape
[2010/08/13 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Research In Motion
[2009/11/06 00:58:47 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\T-Mobile
[2010/08/31 01:32:04 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\T-Mobile Internet Manager
[2008/11/01 16:26:00 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Template
[2010/08/30 16:38:10 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Tific
[2010/06/15 09:25:47 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Uniblue
[2010/08/19 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Urmeez
[2009/04/13 22:55:04 | 000,000,000 | ---D | M] -- C:\Users\alan\AppData\Roaming\Windows Live Writer
[2010/09/06 10:16:57 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EC2246A6
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:131C0EE9
< End of report >


#6 balsaplayer

balsaplayer
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 06 September 2010 - 05:14 AM

here is the OTL extras report

OTL Extras logfile created on: 06/09/2010 11:03:07 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\alan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 1.02 Gb Free Space | 0.71% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 55.12 Gb Free Space | 38.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALAN-PC
Current User Name: alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- C:\Windows\System32\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022E46A2-58F1-4C1C-AB5E-58B64FF10688}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0BA2F006-D038-4210-A541-93E247A16752}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1ED0E882-5916-43F2-A348-0CC1035DD8C8}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{2164D50F-F911-4D27-8608-F212440D5394}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2238226C-8A6D-44D2-9074-6AF08A64C29B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{26FA6448-1841-4D56-9A87-44881412C3C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{293A4BA5-2295-4B05-B0C9-2AADD71B2E92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{29EF82AF-7387-491B-944F-84F528D5A599}" = lport=139 | protocol=6 | dir=in | app=system |
"{2F2B486D-842F-4CB8-9DE3-C89BF0B8194C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3662F149-30B9-4723-B269-24245E10F123}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4026C063-ADD3-4B2F-9F37-9649616C1128}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{41E88FFC-5485-4534-AF57-ADFDD49FFC04}" = rport=137 | protocol=17 | dir=out | app=system |
"{4768C428-B7CC-4A89-9186-3CAD0D91D2EE}" = rport=139 | protocol=6 | dir=out | app=system |
"{59404B50-FBDB-42D2-9BD9-77FFEE717962}" = lport=137 | protocol=17 | dir=in | app=system |
"{6CE89093-654D-406F-B9B2-BEE719C84104}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{79A5DBF1-19C9-43D1-AD9E-447B076BE6D4}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F0967F2-E7E9-4AC3-A408-086DE808BC22}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{8374877B-300F-4CAB-861D-120A3F3632F7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{87ABA7B9-DCBA-4046-B04A-5CAC484BCB01}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A59A0F2-F27F-47E0-9CF9-62D27AB13BA6}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{90C1746C-98B7-477B-9F5E-581F3BE6ED60}" = rport=10243 | protocol=6 | dir=out | app=system |
"{936FFF38-EC21-40D2-BD75-6D35915060B0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{985C45E4-6703-4E86-81F0-6851BB6C3FFF}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{9BFD4347-9DDA-4AE1-8CFC-078B47E5B970}" = lport=5357 | protocol=6 | dir=in | app=system |
"{A446AE2B-8FDF-468B-B0E9-94407C70AB14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE69AF77-9B09-49F3-9971-9CA07EA91D2F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B159D1B9-A8C4-4332-96E2-E5D26DECD3AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{BAD29B72-1792-445C-BC94-8D9BEC8D74F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCF3DAF0-D091-4B31-947C-74C335F059AF}" = lport=5358 | protocol=6 | dir=in | app=system |
"{C54D077B-C952-4E36-BC39-7E8649B0A549}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C692E005-8A95-42FE-8C5F-36A7E0A2B009}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9AA1341-38D3-4AA6-980F-7641A4BD7A38}" = rport=445 | protocol=6 | dir=out | app=system |
"{CC6542AC-0EC1-4FAF-855B-D774862C77A4}" = rport=5357 | protocol=6 | dir=out | app=system |
"{D3552B09-F161-4303-ACAD-C540ECC6C554}" = rport=5358 | protocol=6 | dir=out | app=system |
"{E63C8EE5-3735-4D1A-95FA-860522A8E8D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{E6828EA7-44C8-49C1-9757-E7C9E38507C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E8487C6D-6191-4C6F-A004-F6CE237FCB49}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{EBE9076E-6F5E-4D29-9806-1B969AF384B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EEBD0AB0-CE65-48FE-B5CD-BEB1BF812DFF}" = lport=138 | protocol=17 | dir=in | app=system |
"{EF12D9AD-E4ED-41AB-A488-287AD758FBBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033491EE-0BD1-46E1-9CF0-92A8347EB98A}" = protocol=6 | dir=out | app=system |
"{04DC0789-809D-4C69-B40C-579E755D5612}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{05372D66-6EDF-4B27-B916-B3F17CBAF979}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{0AC74127-BCF8-4391-9772-C36BC747DE4C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{17E56CF3-61CF-4BA2-A08A-C02410014198}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BA71665-3B78-40D2-84EE-EBE9ED065B58}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1F33E2C6-C810-47D0-9426-CCC0156A9BEB}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{2869AD66-A0E4-45C5-B3AB-0B5786482405}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{28EF59BF-151A-4E9F-AB61-50DC323E76DD}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{378CC958-15EC-4CB4-A5CF-55B2595D0006}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{37E79EDA-A589-422D-8821-23560DE28515}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{39863CA9-3184-4F99-9510-39E313EE846B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{39F5387A-B93E-4492-8D12-F0B78DC0C430}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3B0374CC-8201-4C67-8E6D-C36A1BF2C112}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{40D7481C-3AFC-455B-8ADB-9EB501CA49B1}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{430482AC-D461-43CB-A998-E89959707E41}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{4F39F971-47B6-4494-85B0-208E4D8811F3}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{5A4014AE-16FF-471A-AE37-1D326CE9851A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5AE5FE09-1860-48B1-B36D-64DF2EE907B0}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{604E3969-6710-4589-8B66-87DE17FAF4E6}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{63D79C66-478D-4962-A2D0-DB21A45650BE}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{6C333DB7-FFDE-4DD9-A583-755600223A84}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{70441C18-3E53-4EFF-B676-D2C732DCB557}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{742D084D-DA71-49CD-BCFC-C518F182D70B}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{7804598B-CAFD-4DAA-8E5C-9BB5119511EC}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{796A26CE-C653-4404-BABE-3A22678FB097}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7DD75DA9-1BF4-414D-BBD9-C9C22A365733}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{7F73D261-E505-4696-93A5-BBB71A5EDA6E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{81589C67-E3B3-45C4-BE23-0D5D3FCA2ABC}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{84F8375D-9C37-4FEF-A0E5-568B2DD9C11A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{8B28F383-141C-40BA-90D2-0BBE8EE5A7D1}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{8D513A4A-60CA-44D3-A6F7-9E0807579A62}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{979CD0A6-A6D8-42CE-8FF8-1CCBC918A36E}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{999C6A1C-19F1-4F43-BFED-13E3981A5CBC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9BFA7148-E0B8-4ABE-A329-F9111C6C6FB3}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{A8F9602B-8BE7-4C84-B536-97E85F07D18E}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{A95B326A-DD98-4550-8653-CE41D482B8FA}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{AC210C36-7A43-4B27-AB54-EB0D517E4503}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B650DC15-5CCD-40B9-8B52-A18FF77A8DF9}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{B7AF9AED-6EBF-4D68-93FF-447C1591C579}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CB88EB86-D0AB-463F-9175-327611172011}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D320FC71-C31F-4C25-AAAC-467E146DCC13}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{D3FE736C-0F3E-44D3-B7C6-ADBBAE715C8B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DFAA364D-B8EE-4EDC-98D3-C56E15FF2818}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E827AC18-23E7-4942-817C-E33DBE262CAB}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{ED1F0E55-7F00-4811-9E73-5FA02FFDB810}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{ED24B2F3-03E3-4E2E-8836-D037BB64B704}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{ED257B0B-0A25-4016-B960-564C2167579E}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{EDA12B98-2A9A-4621-8FC2-067D4DC5C70C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F05A7F1F-18AE-4B57-AF4F-05DB4BD70452}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDD172E2-EB98-4103-83EF-1F052120AE84}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"TCP Query User{1AE8A37F-5780-4714-9C8B-7CFB06E46858}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{1ECF1AF3-3398-48EA-926F-17E44D39BB74}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{25CE27B8-A9FF-4603-B21D-FD9E96EB3C2F}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
"TCP Query User{43BFF5DD-436D-4C13-9E8F-C0701C8130CD}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A6E7E012-ED5A-429E-9B25-067A02A5FC95}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{AD8F7D13-D589-42AC-8B67-0E4476247844}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B8612562-64C9-4DB9-8323-32C38F8A20F9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{C74E9F05-5B7D-4CA0-A77C-BEC282BA06AF}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
"TCP Query User{EACCEE98-05D8-4442-94C0-57AD684F88BB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F081AC8D-C5E4-4C84-B832-7DDEB6C0C1FF}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{F74BE315-222F-4305-8CDF-8DF81C25C341}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{0C74AB34-7647-4B41-BCE6-CF36CC4D98FE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{31A4E9A3-8695-4FCA-B6F0-6B7ACB05F8B8}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{322A27CD-2589-46DD-A0FA-3AEDE7042CBC}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{40810DA2-826B-4C51-B19B-AACC3673E590}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
"UDP Query User{4A4A2261-3B8B-418A-A082-E26A3D79D602}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{5A5E2390-4799-4399-9211-6072FA992FAF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{7F1B89CC-DA5D-4D9B-8080-A8B79739B719}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{9E8C70F1-F504-40F8-9AF8-B777D0ED9A6A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{BCFB4BC1-8ADA-4098-8870-5D5215FB320D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E9815E1B-D053-4C12-ABAC-D9AFFFEFDC50}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{F8E122CF-4EAD-434D-BE20-B571643C2BB2}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB2.0 UVC Camera
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C262BEDC-DD6A-4A3F-BE62-0FA743552F4A}" = TRUST 910Z POWERC@M OPT.ZOOM
"{CAAD3C25-8664-11D5-BEAF-0010B5557565}" = Ulead DVD PictureShow SE Basic
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38E1721-7FE7-11D4-A898-0000E83DCDA6}" = Ulead Photo Explorer 7.0 SE
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Atari800Win PLus" = Atari800Win PLus 4.0
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Banner Maker Pro for Flash 3_is1" = Banner Maker Pro for Flash Version 3
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Buttonz & Tilez" = Buttonz & Tilez
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Family Tree Maker 2009" = Family Tree Maker 2009
"Flock (2.5.6)" = Flock (2.5.6)
"Huawei Modems" = Huawei modem
"ICQToolbar" = ICQ Toolbar
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LimeWire" = LimeWire 5.5.8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"SpywareBlaster_is1" = SpywareBlaster 4.4
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"Ulead COOL 360 1.0" = Ulead COOL 360 1.0
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/08/2009 13:55:31 | Computer Name = alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/08/2009 14:12:28 | Computer Name = alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/08/2009 15:06:08 | Computer Name = alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/08/2009 16:06:15 | Computer Name = alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/08/2009 16:29:41 | Computer Name = alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/08/2009 16:45:28 | Computer Name = alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/08/2009 19:17:32 | Computer Name = alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/08/2009 19:33:57 | Computer Name = alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/08/2009 05:09:30 | Computer Name = alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/08/2009 05:29:42 | Computer Name = alan-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 03/09/2010 13:31:36 | Computer Name = alan-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 04/09/2010 00:16:38 | Computer Name = alan-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 04/09/2010 10:41:36 | Computer Name = alan-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:36:52 on 04/09/2010 was unexpected.

Error - 04/09/2010 10:42:26 | Computer Name = alan-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 04/09/2010 10:42:26 | Computer Name = alan-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 04/09/2010 10:44:16 | Computer Name = alan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/09/2010 10:44:16 | Computer Name = alan-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 06/09/2010 04:57:49 | Computer Name = alan-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 06/09/2010 04:57:49 | Computer Name = alan-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 06/09/2010 05:21:58 | Computer Name = alan-PC | Source = Service Control Manager | ID = 7032
Description =


< End of report >


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:00 AM

Posted 06 September 2010 - 12:43 PM

Nothing malicious. Most of what you explain seems to be a system problem but let's check it out.


Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
O2 - BHO: (no name) - {022FCF80-5FEB-4466-AD0C-2DFB0B088C59} - C:\Windows\System32\dmband32.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Now please run MBAM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then, Superantispyware

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#8 balsaplayer

balsaplayer
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 06 September 2010 - 02:40 PM

hi thanks for the help here is the log you requested

Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe File not found> in the current context!
Error: Unable to interpret <DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found> in the current context!
Error: Unable to interpret <DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found> in the current context!
Error: Unable to interpret <DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {022FCF80-5FEB-4466-AD0C-2DFB0B088C59} - C:\Windows\System32\dmband32.dll File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found> in the current context!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.11.0 log created on 09062010_203713


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:00 AM

Posted 06 September 2010 - 04:09 PM

Please don't do the MBAM and SAS steps yet.

The OTL script failed so please try again. Copy and paste everything from :OTL (not the word CODE)
Posted Image
m0le is a proud member of UNITE

#10 balsaplayer

balsaplayer
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 06 September 2010 - 06:26 PM

Hi have done the scam here is the MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4557

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

07/09/2010 00:24:00
mbam-log-2010-09-07 (00-24-00).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|O:\|P:\|Q:\|)
Objects scanned: 531427
Time elapsed: 3 hour(s), 33 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{022fcf80-5feb-4466-ad0c-2dfb0b088c59} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{022fcf80-5feb-4466-ad0c-2dfb0b088c59} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\1791232077 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\adiosxxxxx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallKB950762-v3$ (Worm.P2P) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\alan\AppData\Roaming\A84B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\alan\Desktop\acad2010\x86\acad\Application Data\Autodesk\Textures\Finishes.Flooring.Tile.Square.Circular Mosaic.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Users\alan\Desktop\keygen\x64\xf-a2010.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\alan\Desktop\keygen\x86\xf-a2010.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\acad2010\x86\acad\Application Data\Autodesk\Textures\Finishes.Flooring.Tile.Square.Circular Mosaic.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
D:\keygen\x64\xf-a2010.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\keygen\x86\xf-a2010.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\adiosxxxxx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\Windows\System32\api.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\kdiue732.txt (Malware.Trace) -> Quarantined and deleted successfully.


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:00 AM

Posted 06 September 2010 - 06:31 PM

Stop running tools please smile.gif

Please reply to say that you are seeing this post.
Posted Image
m0le is a proud member of UNITE

#12 balsaplayer

balsaplayer
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 06 September 2010 - 06:35 PM

Hi Just seen your post about the scan failed have not yet rebooted pc so what do i do now

yes have seen post will wait for further instructions

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:00 AM

Posted 06 September 2010 - 06:39 PM

Reboot the PC and run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#14 balsaplayer

balsaplayer
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 07 September 2010 - 04:56 AM

Hi right this is what is happening !! i rebooted pc as you requested it shut down and restarted fine then after windows loaded it blue screened it restarted itself normally then displayed box saying windows has stopped some startup programmes from running and i found out it was the malaware prog that it had stopped so i ok it to run that programme then everything seemed normal so i disabled all antivirus software and firewalls and ran the combofix prog after i had saved it to desktop with name comfix.exe as requested i did not get any of the alerts you mentioned but it opened a dos promt saying Administrator autoscan and it said there "typically scan will take 10 minutes on badly infected machines time may easily double" then it just sat ther i left it running for over 2 hours and nothing from it i could do nothing with pc during this time not even open taskmanager the whole system had frozen managed to exit the scan and restart pc help please

#15 balsaplayer

balsaplayer
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 07 September 2010 - 04:59 AM

Hmmmmmmmm just as i finished posting last reply got a windows warning box appear saying host process had stopped working with two options check online for solution or close so that is what is happening




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users