Jump to content

Redirect issue 2


yoitspat

Recommended Posts

Maurice Naggar just helped me on my previous pc with same problems as this one - Redirected searches (esp. when i search for antivirus websites like malwarebytes' website). I would like to thank Maurice again for helping me on my last PC. But could someone help me on this one? same problem.

here's a HJT log, DDS log, attach.txt, and gmer log.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:29:19 AM, on 9/13/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Users\PATRIC~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\RocketDock\RocketDock.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Patrick Herrin\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe

O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [XeroxRegistation] "C:\Users\PATRIC~1\AppData\Local\Temp\Xerox\EReg\opbreg.exe" /Startup

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [uVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [RocketDock] "C:\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.5)_Gecko/20091102_Firefox/3.5.5_(.NET_CLR_3.5.30729)" -"http://college.cengage.com/history/us/kennedy/am_pageant/12e/students/flashcards/dswmedia/ch16.html"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)

O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 13878 bytes

DDS (Ver_09-09-29.01) - NTFSx86

Run by Patrick Herrin at 0:34:23.04 on Mon 09/13/2010

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20

Microsoft

Link to post
Share on other sites

Hello ,

And ;) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

k well the problem is that i get redirected searches randomly but it happens more frequently when i search for anti-malware websites like the malwarebytes website. i believe my source of infection was either my flashdrive (which maurice naggar helped me clean;however im unsure if it really is i haven't used it since.) another reason i could of possibly been infected was through our wifi router. my sister got a virus on her laptop for my mom's incompetent noobie use on the internet. (she downloaded some invitational cards that ended up being viruses which included redirection virus & some fake security scan suite i can't recall its name :[ ) i was able to clean most of it off by booting my sister laptop in safe mode and running malwarebytes (resulted in over 20 infections; used my flash drive to install mbam). now for some odd reason i have a redirection virus on both my laptops. the source could of been my flashdrive (which i use for all my laptops) or my router that i share with my family. not really sure...

maurice naggar helped me clean my first laptop, now i just have to clean this one.

thanks, elise. i appreciate the help you and this forum contribute.

i know this is against the rules ( to ask about other PC's) but since my sister was the first one to get infected should i use the steps you provide to me for her PC as well.

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #1

==============================================

>Drivers

==============================================

0x8AC06000 C:\Windows\system32\DRIVERS\atikmdag.sys 4726784 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)

0x81E1F000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x81E1F000 PnpManager 3903488 bytes

0x81E1F000 RAW 3903488 bytes

0x81E1F000 WMIxWDM 3903488 bytes

0x8B804000 C:\Windows\system32\drivers\RTKVHDA.sys 2150400 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x94640000 Win32k 2109440 bytes

0x94640000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x872B4000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1196032 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)

0x8700F000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)

0x86E7C000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8BAE9000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)

0x80465000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0x9F27C000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x98A0A000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)

0x8B088000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8B406000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x80545000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x86E0B000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x98ACF000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x9F20E000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x806B8000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8B6F8000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x8060F000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x80424000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x87201000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8B187000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8B777000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x86FB2000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)

0x8B68C000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0x8C578000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x8711F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x8B60E000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x8C409000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0x821D8000 ACPI_HAL 208896 bytes

0x821D8000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x8B7BD000 C:\Windows\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)

0x80755000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8B6C6000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x8B4FB000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x8B4BB000 C:\Windows\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)

0x807A6000 C:\Windows\system32\DRIVERS\ahcix86s.sys 188416 bytes (AMD Technologies Inc., AMD Technology AHCI Compatible Controller Driver for Windows family)

0x8C4AD000 C:\Windows\System32\Drivers\dump_ahcix86s.sys 188416 bytes

0x8BA11000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x86F87000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8B5C4000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0x8C531000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x98B3C000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)

0x8716F000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x80666000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x8C5C9000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x9F393000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0x8BA3E000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x8B557000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x8B135000 C:\Windows\system32\DRIVERS\Rtlh86.sys 139264 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )

0x9F372000 C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl 135168 bytes (Cyberlink Corp., FCL Driver)

0x871A7000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0x98BAF000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x8C45E000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)

0x8BA96000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x98BD0000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x80737000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)

0x98B64000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x8BBD3000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x8C4F4000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x98B81000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8B157000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x8C5B1000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x9F25C000 C:\Users\PATRIC~1\AppData\Local\Temp\axldapob.sys 94208 bytes

0x8B1E1000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x8B535000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x9F3D8000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0x9F3B9000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8B740000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8B662000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0x98B9A000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8B59D000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x8B589000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8B678000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8B493000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0x8C565000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8B764000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x8C50F000 C:\Windows\system32\DRIVERS\ipfltdrv.sys 73728 bytes (Microsoft Corporation, IP FILTER DRIVER)

0x87196000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x8B651000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x8040B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x8729B000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)

0x80787000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x8C446000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)

0x8C521000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x80717000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8B5B2000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x80797000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)

0x8C4E5000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x87160000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x8068D000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8B57A000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8B1C5000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x806A9000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x94880000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8B643000 C:\Windows\system32\drivers\libusb0.sys 57344 bytes

0x8B756000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8BAD2000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x80709000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x8C496000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8B1D4000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x805C1000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0x871D1000 C:\Windows\System32\Drivers\avgrkx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)

0x9F366000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8BA8A000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8B129000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)

0x98ABA000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys 45056 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)

0x8B4B0000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8B4EC000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8BAC7000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8B54C000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8B52A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x87287000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8BBEE000 C:\Windows\system32\DRIVERS\avgfwd6x.sys 40960 bytes (AVG Technologies CZ, s.r.o., AVG Filter Driver)

0x98AC5000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)

0x8069F000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)

0x8B4A6000 C:\Windows\system32\DRIVERS\DKbFltr.sys 40960 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)

0x8C4A3000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes

0x8C4DB000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8B5EE000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x8C55B000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8B7B3000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x9F35C000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x8B17D000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0x9F3CF000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)

0x871DD000 C:\Windows\System32\Drivers\AVGIDSvx.sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)

0x871C8000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8BA63000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x8C43D000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0x9F3EF000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x8BAE0000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x94860000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x87292000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x872AB000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0x80655000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8072F000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x871E6000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)

0x8041C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x9F274000 C:\Windows\system32\drivers\int15.sys 32768 bytes (Acer, Inc., int15)

0x8C456000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x8065E000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8B16F000 C:\Windows\system32\DRIVERS\NTIDrvr.sys 32768 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)

0x8BAB7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8BABF000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x87158000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x80727000 C:\Windows\System32\Drivers\UBHelper.sys 32768 bytes (NewTech Infosystems Corporation, NTI CDROM Filter Driver)

0x8BA73000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8BA83000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x80404000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x8BA6C000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x80702000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x8BA7A000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0x8B177000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x8B4F7000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0x8BBF8000 C:\PROGRA~1\LAUNCH~1\DPortIO.sys 16384 bytes (Dritek System Inc., General Port I/O)

0x8069C000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x9F35A000 C:\Windows\system32\drivers\regi.sys 8192 bytes (InterVideo, regi driver)

0x8B5C2000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8B4EA000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

==============================================

>Stealth

==============================================

0x00220000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x841B5340 ] PID: 5500, 118784 bytes

0x03DD0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0xD2EE9020 ] PID: 6744, 118784 bytes

0x64120000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0xD0A507C0 ] PID: 7856, 1196032 bytes

0x72E50000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0xD0A507C0 ] PID: 7856, 143360 bytes

0x64250000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0xD0A507C0 ] PID: 7856, 2375680 bytes

0x00AD0000 Hidden Image-->Framework.Model.ControllerInterface.dll [ EPROCESS 0x86A6D3D0 ] PID: 2376, 28672 bytes

0x00B80000 Hidden Image-->Framework.PluginInterface.dll [ EPROCESS 0x86A6D3D0 ] PID: 2376, 28672 bytes

0x00B40000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x841B5340 ] PID: 5500, 28672 bytes

0x00BF0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x841B5340 ] PID: 5500, 28672 bytes

0x00EC0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0xD2EE9020 ] PID: 6744, 28672 bytes

0x00FF0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0xD2EE9020 ] PID: 6744, 28672 bytes

0x00B00000 Hidden Image-->Framework.Host.dll [ EPROCESS 0x86A6D3D0 ] PID: 2376, 36864 bytes

0x01C20000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x841B5340 ] PID: 5500, 36864 bytes

0x01C10000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x841B5340 ] PID: 5500, 36864 bytes

0x00A20000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0xD2EE9020 ] PID: 6744, 36864 bytes

0x03E40000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0xD2EE9020 ] PID: 6744, 36864 bytes

0x03F10000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0xD2EE9020 ] PID: 6744, 36864 bytes

0x71E50000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0xD0A507C0 ] PID: 7856, 380928 bytes

0x5FE20000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0xD0A507C0 ] PID: 7856, 4476928 bytes

0x00AB0000 Hidden Image-->Framework.Model.Controller.dll [ EPROCESS 0x86A6D3D0 ] PID: 2376, 45056 bytes

0x00B70000 Hidden Image-->Framework.Utility.CommonFunctions.dll [ EPROCESS 0x86A6D3D0 ] PID: 2376, 45056 bytes

0x017C0000 Hidden Image-->MobilityInterface.dll [ EPROCESS 0x86B2B2E0 ] PID: 2584, 45056 bytes

0x00300000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x841B5340 ] PID: 5500, 45056 bytes

0x00B30000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x841B5340 ] PID: 5500, 45056 bytes

0x00EB0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0xD2EE9020 ] PID: 6744, 45056 bytes

0x01030000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0xD2EE9020 ] PID: 6744, 45056 bytes

0x03DA0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x86B2B2E0 ] PID: 2584, 507904 bytes

0x60270000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0xD0A507C0 ] PID: 7856, 6197248 bytes

0x04DD0000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0xD0A507C0 ] PID: 7856, 659456 bytes

0x6A150000 Hidden Image-->System.ni.dll [ EPROCESS 0xD0A507C0 ] PID: 7856, 671744 bytes

0x00AE0000 Hidden Image-->Framework.Library.dll [ EPROCESS 0x86A6D3D0 ] PID: 2376, 69632 bytes

0x00BB0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x841B5340 ] PID: 5500, 69632 bytes

0x01000000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0xD2EE9020 ] PID: 6744, 69632 bytes

0x03E10000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0xD2EE9020 ] PID: 6744, 69632 bytes

0x67290000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0xD0A507C0 ] PID: 7856, 847872 bytes

0x00ED0000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0xD2EE9020 ] PID: 6744, 86016 bytes

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Link to post
Share on other sites

elise, i noticed something as i was looking at my hjt log for this PC and i noticed one specific root/file that maurice had me remove on my previous laptop.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577

i was just wanted to notify you and provide input on what may be going on with my computer.

just a side note: here's the link to the previous thread i had with him regarding my other laptop. (no longer needs help. all clean)

http://forums.malwarebytes.org/index.php?s...t=0&start=0

Link to post
Share on other sites

Hello, that entry is indeed bad, but most likely there is more associated to it. Could you please also post the OTL logs?

You can create a separate thread for your sisters laptop; it gets too confusing to clean two computers in one topic. Just make a clear mention its about two different computers. If you include the link here, I will reply to it.

Link to post
Share on other sites

Sorry, my bad, you had already posted the correct DDS logs. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi, that took out a firefox redirector. Please let me know how things are running now.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

MALWAREBYTES ANTIMALWARE

-------------------------------------------

Please launch MBAM and update the program before performing a scan.

  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Link to post
Share on other sites

i rebooted after mbam full scan and windows blocked it running from startup and i just clicked on the balloon telling me and i allowed the program. the computer is running okay so far. i searched for the malwarebytes website and adaware website (lavasoft) and i didn't experience a redirect however i am still worried about my pc. i still have those bad entries in my hjt scan and the infection mbam found was a backdoor.bot :)

here's the mbam log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4626

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

9/16/2010 2:25:06 PM

mbam-log-2010-09-16 (14-25-06).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 307855

Time elapsed: 1 hour(s), 45 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\WinRAR\Zip.SFX (Backdoor.Bot) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi, things are looking quite good! So far, you don't need to worry about backdoors or the like; the redirector was a firefox add on, but nothing serious.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=bd14e53856f0684a99930213879fecdb

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-09-17 01:52:37

# local_time=2010-09-17 06:52:37 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1031 16777213 100 93 0 25806849 0 0

# compatibility_mode=5892 16776574 100 100 0 121330640 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=175427

# found=14

# cleaned=14

# scan_time=8489

C:\Qoobox\Quarantine\C\Users\Patrick Herrin\AppData\Local\{2AE78C5E-F4DC-49DA-BBF6-E872496508EE}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-5c727463 Java/TrojanDownloader.Agent.NBK trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-60b2354a Java/TrojanDownloader.Agent.NBL trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\29d9bb55-1d713559 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\27c3f96-33f5ec66 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-6ade34c2 Java/TrojanDownloader.Agent.NBK trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6aed6d62-632e2fa3 a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\6bc2dde4-5df740e9 probably a variant of Win32/Agent.FQRCZBA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\561d6c2a-6fa217e2 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-6eab3ebd Java/TrojanDownloader.Agent.NBL trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6b800f31-544ca951 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-3035de9b Java/TrojanDownloader.Agent.NBM trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\1f62c23a-7f90b245 Java/TrojanDownloader.Agent.NBM trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick Herrin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\5a4f6089-612f1c16 Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Well done! :) Those were only some leftovers.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and Rootkit Unhooker

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

what other entries need to be fixed in HJT?

i know this one must go

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577

could you please review my hjt log above in my first post and recommend the entries that need to be fixed?

also what is a good personal firefall that is free? i looked at the preffered lists but i want your opinion on which is the best?

thanks elise.

Link to post
Share on other sites

Hi, we will fix that proxy with OTL, so I can also have a look at what might be causing that error on startup. Sorry, I had noticed the proxy, but see now that I forgot to give you a script to get rid of it.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

OTL logfile created on: 9/18/2010 2:32:10 AM - Run 1

OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Patrick Herrin\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.52 Gb Total Space | 26.26 Gb Free Space | 37.77% Space Free | Partition Type: NTFS

Drive D: | 69.52 Gb Total Space | 6.25 Gb Free Space | 8.99% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PATRICK

Current User Name: Patrick Herrin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/18 02:29:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe

PRC - [2010/09/17 14:43:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/09/16 00:14:12 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Patrick Herrin\AppData\Local\Temp\RtkBtMnt.exe

PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/08/31 23:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/05/21 20:50:34 | 001,036,464 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/04/25 16:44:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe

PRC - [2010/03/24 16:26:02 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009/07/02 02:56:26 | 000,206,120 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

PRC - [2009/07/02 02:56:18 | 000,152,872 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

PRC - [2009/05/21 15:42:28 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

PRC - [2009/04/16 17:56:36 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PRC - [2008/11/28 11:56:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/07/22 20:05:18 | 000,846,344 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2008/07/02 20:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008/04/25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

PRC - [2008/04/25 22:36:20 | 000,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

PRC - [2008/04/25 22:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

PRC - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

PRC - [2008/01/20 19:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2008/01/20 19:33:00 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe

PRC - [2007/12/06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe

PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\RocketDock\RocketDock.exe

PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe

========== Modules (SafeList) ==========

MOD - [2010/09/18 02:29:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe

MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2008/01/20 19:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)

SRV - File not found [unknown | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)

SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/16 01:58:21 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009/08/07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2009/04/16 17:56:36 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2008/11/28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/04/25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)

SRV - [2008/04/25 22:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)

SRV - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)

SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PATRIC~1\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/07/23 12:07:40 | 000,006,528 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jumi.sys -- (jumi)

DRV - [2009/07/09 12:16:04 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2009/05/24 07:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)

DRV - [2009/04/27 23:16:23 | 004,387,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008/10/01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2008/08/06 19:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)

DRV - [2008/07/03 02:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/06/10 03:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/05/09 13:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})

DRV - [2008/04/28 06:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

DRV - [2008/02/21 20:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/01/30 02:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV - [2008/01/30 02:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)

DRV - [2008/01/23 04:18:28 | 001,187,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)

DRV - [2008/01/20 19:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/20 19:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/20 19:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/20 19:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/20 19:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/20 19:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/20 19:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/20 19:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/20 19:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/20 19:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/20 19:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/20 19:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/20 19:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/20 19:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/20 19:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/20 19:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/20 19:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/20 19:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/20 19:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/20 19:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/20 19:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/20 19:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/20 19:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

DRV - [2006/11/02 06:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)

DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515

IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "AOL Search"

FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=23-05-2010&tb_mrud=17-06-2010"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.search.selectedengine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.search.usedbfororder: true

FF - prefs.js..browser.startup.homepage: "http://aol.com/"

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 41

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:5.0

FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4

FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0

FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.0

FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=TRL&o=101840&locale=en_US&q="

FF - prefs.js..network.proxy.no_proxies_on: ""

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/25 16:46:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/07/26 23:32:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/27 12:19:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 14:43:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 14:43:11 | 000,000,000 | ---D | M]

[2009/08/16 22:49:04 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Extensions

[2010/09/18 02:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions

[2010/06/21 00:46:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/02/12 12:39:42 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}

[2010/06/21 00:45:44 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}

[2009/08/30 02:42:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/09/12 14:09:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\djziggy@gmail.com

[2010/06/27 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\nasanightlaunch@example.com

[2010/09/12 14:09:57 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\extensions\personas@christopher.beard

[2010/06/17 15:20:01 | 000,002,343 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\aol-search.xml

[2009/08/27 22:40:06 | 000,002,235 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\askcom.xml

[2010/08/10 16:50:54 | 000,001,820 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\bing.xml

[2010/08/10 16:51:10 | 000,004,140 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Roaming\Mozilla\Firefox\Profiles\r5jvohbq.default\searchplugins\youtube.xml

[2010/09/16 00:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/16 00:30:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/09/16 00:29:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/09/15 13:49:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)

O4 - HKLM..\Run: [bkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [uVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001..\Run: [RocketDock] C:\RocketDock\RocketDock.exe ()

O4 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\5.0_( File not found

O4 - Startup: C:\Users\Patrick Herrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Patrick Herrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Patrick Herrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/18 02:29:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe

[2010/09/18 02:04:14 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Users\Patrick Herrin\Desktop\spywareblastersetup44.exe

[2010/09/18 01:12:07 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2010/09/18 01:12:06 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2010/09/18 01:12:04 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2010/09/18 01:12:02 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2010/09/18 01:11:58 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2010/09/18 01:11:28 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2010/09/18 01:11:26 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2010/09/18 01:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2010/09/18 01:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/09/18 00:14:15 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/09/16 00:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/09/15 13:55:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/09/15 13:55:26 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2010/09/15 13:30:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/09/13 00:04:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Patrick Herrin\Desktop\HiJackThis.exe

[2010/09/06 10:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/09/06 10:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/09/06 10:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/09/02 16:01:23 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Local\Sunbelt Software

[2010/07/26 23:46:50 | 000,000,000 | ---D | C] -- D:\Patrick Herrin\PJH\Documents\Documents\Vuze Downloads

[2010/07/26 23:46:25 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Roaming\Azureus

[2010/07/26 23:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/07/26 23:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar

[2010/07/26 23:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze

[2010/07/26 23:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer

[2010/06/30 02:57:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Local\Nero_AG

[2010/06/26 19:45:27 | 000,000,000 | ---D | C] -- D:\Patrick Herrin\PJH\Documents\Documents\InterVideo

[2010/06/26 00:45:59 | 000,000,000 | ---D | C] -- C:\Users\Patrick Herrin\AppData\Local\jipnaowlk

[2010/06/23 09:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/06/21 21:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2008/12/04 04:08:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 90 Days ==========

[2010/09/18 02:37:55 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{46A271C2-53C3-4C33-B354-020D415A3E42}.job

[2010/09/18 02:32:10 | 004,456,448 | -HS- | M] () -- C:\Users\Patrick Herrin\NTUSER.DAT

[2010/09/18 02:29:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick Herrin\Desktop\OTL.exe

[2010/09/18 02:04:57 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Users\Patrick Herrin\Desktop\spywareblastersetup44.exe

[2010/09/18 01:50:12 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2010/09/18 01:47:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/18 01:47:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/18 01:47:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/18 01:47:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/18 01:47:36 | 1876,934,656 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/18 01:46:16 | 000,524,288 | -HS- | M] () -- C:\Users\Patrick Herrin\NTUSER.DAT{5c8bb18e-1413-11df-86e8-001eecdc1f81}.TMContainer00000000000000000001.regtrans-ms

[2010/09/18 01:46:16 | 000,065,536 | -HS- | M] () -- C:\Users\Patrick Herrin\NTUSER.DAT{5c8bb18e-1413-11df-86e8-001eecdc1f81}.TM.blf

[2010/09/18 01:46:13 | 002,752,105 | -H-- | M] () -- C:\Users\Patrick Herrin\AppData\Local\IconCache.db

[2010/09/18 01:12:08 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2010/09/18 01:11:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2010/09/18 00:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\prvlcl.dat

[2010/09/17 04:25:03 | 002,672,312 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\esetsmartinstaller_enu.exe

[2010/09/15 13:49:50 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/09/15 13:49:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/09/13 00:00:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Patrick Herrin\Desktop\HiJackThis.exe

[2010/09/12 23:59:27 | 000,001,356 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\d3d9caps.dat

[2010/09/12 11:23:32 | 000,001,730 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\DivX Movies.lnk

[2010/09/12 11:22:59 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2010/09/07 08:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2010/09/06 10:26:56 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2010/09/06 10:26:56 | 000,001,854 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/09/06 10:24:01 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/09/06 10:18:10 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/09/04 19:28:40 | 000,077,824 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/01 01:29:39 | 000,721,582 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/09/01 01:29:39 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/09/01 01:29:39 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/08/23 19:18:08 | 000,197,740 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat

[2010/08/22 09:22:46 | 1099,608,729 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\sooml - Wisevid.wmv

[2010/08/16 21:07:10 | 010,711,337 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\redsn0w_win_0.9.5b5-5(2).zip

[2010/08/16 18:11:55 | 000,001,637 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk

[2010/08/16 18:11:55 | 000,001,637 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk

[2010/08/11 03:44:48 | 000,409,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/07/26 23:18:37 | 000,001,034 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\FrostWire 4.18.6.lnk

[2010/07/01 03:14:06 | 283,519,753 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\dl1 Loombo - Easy way to share your files.m4v

[2010/06/29 10:03:30 | 348,632,765 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\The-A-T3am-20.10-T.S-V.2-RDNFO-XViD-IM.G.m4v

[2010/06/26 00:47:22 | 000,000,000 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\Bheqaho.bin

[2010/06/26 00:47:21 | 000,000,120 | ---- | M] () -- C:\Users\Patrick Herrin\AppData\Local\Kpisi.dat

[2010/06/24 16:25:13 | 528,052,694 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\fastpasstv.com kk2 - Wisevid.m4v

[2010/06/24 13:25:35 | 000,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini

[2010/06/21 21:44:39 | 000,001,854 | ---- | M] () -- C:\Users\Patrick Herrin\Desktop\Apple Safari.lnk

[2010/06/21 15:40:50 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/06/21 01:53:18 | 000,000,822 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/06/21 01:52:48 | 000,000,104 | ---- | M] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk

[2010/06/21 01:19:00 | 000,001,906 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk

========== Files Created - No Company Name ==========

[2010/09/18 01:12:08 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2010/09/17 04:24:58 | 002,672,312 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\esetsmartinstaller_enu.exe

[2010/09/12 11:22:59 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2010/09/06 10:26:56 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk

[2010/09/06 10:26:56 | 000,001,854 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/09/06 10:24:01 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/09/06 10:18:10 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/09/05 00:19:56 | 1876,934,656 | -HS- | C] () -- C:\hiberfil.sys

[2010/08/22 01:11:21 | 1099,608,729 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\sooml - Wisevid.wmv

[2010/08/16 21:07:32 | 010,711,337 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\redsn0w_win_0.9.5b5-5(2).zip

[2010/07/26 23:31:28 | 000,001,637 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk

[2010/07/26 23:31:28 | 000,001,637 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk

[2010/07/26 23:18:37 | 000,001,034 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\FrostWire 4.18.6.lnk

[2010/07/10 14:39:54 | 000,001,730 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\DivX Movies.lnk

[2010/06/30 23:45:54 | 283,519,753 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\dl1 Loombo - Easy way to share your files.m4v

[2010/06/29 08:12:03 | 348,632,765 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\The-A-T3am-20.10-T.S-V.2-RDNFO-XViD-IM.G.m4v

[2010/06/26 00:47:22 | 000,000,000 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\Bheqaho.bin

[2010/06/26 00:47:21 | 000,000,120 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\Kpisi.dat

[2010/06/24 14:31:03 | 528,052,694 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\fastpasstv.com kk2 - Wisevid.m4v

[2010/06/24 13:25:35 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini

[2010/06/21 21:44:39 | 000,001,854 | ---- | C] () -- C:\Users\Patrick Herrin\Desktop\Apple Safari.lnk

[2010/06/21 01:53:18 | 000,000,822 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/06/21 01:52:48 | 000,000,104 | ---- | C] () -- C:\Users\Patrick Herrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk

[2010/05/24 23:46:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2010/05/24 20:06:21 | 000,000,000 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Roaming\.NANotifyHere

[2010/03/10 18:16:44 | 000,033,812 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log

[2010/03/02 01:01:14 | 000,000,448 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Roaming\wklnhst.dat

[2010/02/17 00:53:35 | 000,000,036 | ---- | C] () -- C:\Windows\intbook.ini

[2010/02/10 23:35:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\viscomtran.dll

[2010/02/10 23:35:46 | 006,963,712 | ---- | C] () -- C:\Windows\System32\videotrans.dll

[2010/02/10 23:35:46 | 000,172,032 | ---- | C] () -- C:\Windows\System32\viscomgifenc.dll

[2010/02/10 23:35:45 | 000,452,608 | ---- | C] () -- C:\Windows\System32\videoformat.dll

[2010/02/10 23:35:45 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2010/02/10 23:35:45 | 000,154,624 | ---- | C] () -- C:\Windows\System32\imgscaler.dll

[2010/02/10 23:35:45 | 000,028,160 | ---- | C] () -- C:\Windows\System32\img_utils.dll

[2010/02/10 23:35:45 | 000,019,456 | ---- | C] () -- C:\Windows\System32\videocore.dll

[2009/12/09 02:15:33 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2009/12/09 02:15:33 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2009/12/09 02:15:33 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2009/12/09 02:15:33 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2009/12/09 02:15:33 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2009/12/09 02:15:33 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2009/11/12 21:57:46 | 000,000,000 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\prvlcl.dat

[2009/09/21 16:05:23 | 000,000,413 | ---- | C] () -- C:\Windows\wininit.ini

[2009/09/18 00:57:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/13 16:44:14 | 000,323,584 | ---- | C] () -- C:\Windows\System32\FoxImager.dll

[2009/08/23 00:20:45 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2009/08/23 00:20:40 | 000,139,152 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Roaming\PnkBstrK.sys

[2009/08/18 02:06:14 | 000,000,000 | ---- | C] () -- C:\Windows\WB.ini

[2009/08/18 01:56:46 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll

[2009/08/17 06:12:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/08/17 00:31:02 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys

[2009/08/17 00:01:32 | 000,077,824 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/16 23:52:33 | 000,001,356 | ---- | C] () -- C:\Users\Patrick Herrin\AppData\Local\d3d9caps.dat

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2008/12/24 06:26:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2008/12/04 06:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

[2008/12/04 06:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

[2008/12/04 05:31:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/12/04 04:05:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/12/04 04:05:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/12/04 05:57:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console

[2008/12/04 05:57:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console

[2009/08/29 22:22:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\acccore

[2009/08/16 22:33:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Acer

[2008/12/04 05:57:50 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Acer GameZone Console

[2010/02/28 19:14:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\AnvSoft

[2010/09/02 22:26:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Azureus

[2010/03/08 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\com.princess.iq.PrincessWidget.95CF48669C469715948E799FD5617DB57BF9FCEB.1

[2010/06/03 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\DVDFab

[2010/09/13 00:10:05 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\FrostWire

[2009/08/19 22:06:31 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\GrabPro

[2009/10/25 23:29:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\gtk-2.0

[2009/09/19 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\ImgBurn

[2009/08/18 00:38:56 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\InterVideo

[2009/08/16 22:33:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Leadertech

[2010/03/31 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\MoveFab

[2010/06/29 21:39:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Orbit

[2010/04/18 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\PowerCinema

[2009/11/11 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Red Kawa

[2010/04/18 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\SoftDMA

[2009/09/12 14:26:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Sony

[2009/09/12 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Sony Setup

[2010/03/02 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Template

[2009/08/27 21:48:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Trillian

[2009/12/09 07:28:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Ulead Systems

[2009/08/18 21:10:29 | 000,000,000 | ---D | M] -- C:\Users\Patrick Herrin\AppData\Roaming\Windows SideBar

[2010/09/18 01:46:36 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/09/18 02:37:55 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{46A271C2-53C3-4C33-B354-020D415A3E42}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Patrick Herrin\Desktop\WDzlwQ6Qd_s.mp4:TOC.WMV

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:73933431

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F3176E45

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57

< End of report >

OTL Extras logfile created on: 9/18/2010 2:32:10 AM - Run 1

OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Patrick Herrin\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.52 Gb Total Space | 26.26 Gb Free Space | 37.77% Space Free | Partition Type: NTFS

Drive D: | 69.52 Gb Total Space | 6.25 Gb Free Space | 8.99% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PATRICK

Current User Name: Patrick Herrin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found

"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1043F0E3-1AAA-42DA-B2DA-D6585AB3AC9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1620F684-5A25-4F98-B38D-E84F153FC519}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1DCE397A-F897-4FAA-BB47-231986459F3F}" = rport=137 | protocol=17 | dir=out | app=system |

"{218E6B50-7F51-4106-91FF-3E9F1337FDC9}" = lport=138 | protocol=17 | dir=in | app=system |

"{26EB0733-8B6D-4C1F-B5C4-62C757ECA50F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{3274D37E-68AA-4661-99DE-1B0CCC548CB6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{332CF584-49F5-42BE-9E58-13D74D76D556}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4D2E9334-1940-4D5A-BC94-F8C57E0E6FDD}" = rport=138 | protocol=17 | dir=out | app=system |

"{543D6B79-ABCA-41E2-A280-5ED63007FA79}" = lport=10243 | protocol=6 | dir=in | app=system |

"{5E8359C2-E0FD-49F3-AD0E-4B6902DBBE2A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5F851439-9D1B-40A1-BAD4-24073468E601}" = rport=2869 | protocol=6 | dir=out | app=system |

"{5FFC43F9-5D3B-43C8-B75F-702F6125B8FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6F56DD82-5371-43E0-A346-27C10F464144}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{71B9108C-4F01-4AC5-BD9D-17684176185A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{74EE15F4-312C-49A0-83DB-409A4F021E1E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{78C61C19-5096-4656-A623-D4B15A934B27}" = rport=10243 | protocol=6 | dir=out | app=system |

"{798930AE-7E91-4063-90D4-031367EC2019}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{80C47E3D-44C9-43A0-85C7-B87EA1DB9683}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9655C8C4-31FC-4112-9F16-4756E2259541}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{96977E37-3F28-41B7-9103-873087784C89}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp |

"{A1DF2D04-C38F-4DA8-B683-70C1616528AA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{B116786B-6C6C-4EFD-AB4E-2E4A5E7EF9C7}" = rport=445 | protocol=6 | dir=out | app=system |

"{B8DA82B6-EEBA-4173-BE46-D0AC2008787C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{BEEA31A5-B649-4298-845E-F5AE33A9DA81}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{BF2A3145-C311-4344-AEEC-3BAC69BD51C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{C0DF4D31-E6BF-4F3F-9F99-B4FB290C5A39}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CAD06C80-CA7A-4A35-A7FB-D27AB7656496}" = lport=1900 | protocol=17 | dir=in | name=upnp udp |

"{D3BA1DF8-C92B-48D4-832D-2BD9C3E41B2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D4376A4E-8756-4220-B2E2-378659F19B18}" = lport=137 | protocol=17 | dir=in | app=system |

"{E2C28B74-5155-4A0C-B29E-01EA8B1EA1B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E67DEBEF-7C12-4662-AFF5-173002C44773}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EB1F8B5A-66EE-4C1A-9145-C8FE9B5A409C}" = lport=139 | protocol=6 | dir=in | app=system |

"{EEB37157-A5C9-40CD-89DA-92880AFF5AC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F5D85885-CCD0-4D43-B1DF-446C5E380AD3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F944BBC0-82A0-452C-98C3-F54315F167E7}" = rport=139 | protocol=6 | dir=out | app=system |

"{F9CDB39D-A2C2-4629-99F0-B3BF86B623A2}" = lport=445 | protocol=6 | dir=in | app=system |

"{FA8009B1-B9DE-4936-A5FB-D1DA3B55F212}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{FEBCFA8E-A403-4399-8A68-5D5AFC325430}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FFF1B8E1-2EE6-4F3F-952D-9888334A0323}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00C87EB4-C531-4F7C-915C-8A0ECCE0C7AC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{00DC681A-E704-4F48-93F2-FDCE845BF719}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{052BD8F1-F177-4AD2-9959-0593ABCA1DC5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{088E0001-94D6-4FD7-9604-4208FC14A663}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{0DDE240D-FD2A-4050-AB17-AF76C247A3BE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

"{0EE6677A-C09E-4D87-A8DF-5B39A5559547}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{11459447-F894-4202-91DF-26BB42ACAF80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{15448FD1-4112-440F-BD33-CBAE27D44CD4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{1D081517-7753-4926-911A-9EDEC1876A96}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{1F5347ED-0B6B-40B8-9BD1-CEC738F79CF5}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{259F1611-C159-42C3-AFAF-5539853B7035}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{26F61970-1CCA-4197-9211-E504DB4A0AB8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{270AC6A2-19A3-42DA-98DF-8EDB03ECA208}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |

"{2C5D5D06-2AB5-4895-A08E-C608C68B37AD}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"{35E6E897-A87F-4BB9-B26B-49E0B013EFFA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{37F68C72-8FCD-44A5-A98A-4FEF1A67C80E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{3AA33A1D-968E-4846-B0B8-3CF7923BEDE1}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{3B460496-22A0-4AD8-9798-16CD1F3A1CA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3C8A0D93-E900-4D38-8132-E4E6FD4A26B7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{3FF653B0-7F15-4799-82C8-62DE106E46A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{4464DF46-EC96-4B63-BA34-B5BCDCC80F6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{463446BC-760A-4F21-AF9D-106A8224C499}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{4B3B2BCB-7BFF-43C7-A890-1C8203BD91E7}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{4D319BCE-60DB-40DE-85B7-24DF6AC31545}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{54CB8C16-876F-4A38-86BD-0E6441BCF7D1}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"{5533EFBD-587E-4F6D-8CB1-9F6108E273C2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

"{555DF32B-7DF6-4542-B3B0-1F33C08293EC}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{58E4146A-2CEA-480C-A424-9F495178F5D8}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

"{5A6A4999-D213-474E-9218-2C40DB4A4009}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{5F0373D1-0B58-4143-8FC0-F1FB89833CEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5F5E6067-EC42-4CF3-8A31-2D153A4B80E5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{643348C5-4BE4-439B-800A-8E9C4BEE8919}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{6B2AEAE6-D7AB-4381-B8CE-AD29C9B4794B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |

"{710D6FC9-F1BB-40AB-9C09-402E83BB9CDE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{85365ACB-7FD4-4544-A6D6-AC1A08B13411}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{88995018-655D-4F12-9A3C-A4D3CEC138A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{8CD3C7EF-7997-48A6-B7CB-3A05F1BF523E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"{8E039347-8505-40B1-BF76-4459F12D5CB0}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{8FDA9A2C-2248-4307-897A-BA3945AA5A51}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{93986BAE-5214-46DC-B318-141D2814B512}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{9611B2E7-4FCC-4D86-9A4F-7CBEBE63251D}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{966FC503-2E9B-4BF2-B96D-B5FB9764537F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{96DCE441-48DA-46F8-A50D-F3E8526A6451}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"{9B999CAB-9B69-480A-88C7-A32AEC02450D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A5E4B390-B254-4B6C-BEF3-B6C805B538B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{A623743B-C199-46BB-8BAB-819F77AB6FA2}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"{A8E76D32-584D-446C-89E1-D4AFB9BD085F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{AC063BA3-6E23-47C7-AF22-6201BCE615DF}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |

"{ACA0A148-E6CE-4211-896A-0476E8E1A8AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{ACCCB9E1-DF74-4EE2-BAE6-DFFBD1B167D9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{ADA05955-320F-4011-A2B4-CEDAA59F7CD6}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |

"{AE03AEFD-B5DC-418B-BB03-A9FBA641910B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{AF8040E2-6E1D-4296-9A48-5D1FE609F06A}" = protocol=6 | dir=out | app=system |

"{B55F5FD5-B75E-4E96-9998-73BA3341777A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{B9653C15-6577-483B-B984-5B2C56C676E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B9DB83E8-BE85-49DA-8AC9-04EE0D03CBA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |

"{BCD0E400-F7B2-4256-8286-8CC72416597F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |

"{BFD300EF-5968-4676-90D1-96C4F23717A1}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{C16EDDE8-2E8A-4EB3-97C8-280F27891993}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C5841561-FAC2-4A78-9199-79923BC7CB1A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{CFE4FE28-3EC5-4FA2-A6E5-C916CD1B584C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{D2C739B6-32EB-4EEC-AAA9-C4B1674F10ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D64DAAC3-3615-46D7-9676-E10679B9500C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{E0F7EF6D-E0CD-4C5B-895B-4FFA2C43A6E3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E81B51CE-7255-4F43-BE8C-508550BCE5E7}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"{EB4E1068-DDFD-448C-97A2-E4C7B3193F2B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{ED5EB088-E2F1-4D36-B1E3-EDA64435286F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F382DC56-CB12-40D5-85C1-7E5BB898A58F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{F3EAA1B4-2C61-44F4-8553-B3DAAD0612B0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{F628CBBA-28B4-4B1E-BDC1-D9C827CE737D}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

"{F984F0E4-CDF0-4853-A15B-CBCA460DDE27}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{FD9E1166-A7C1-4F71-839C-C22D2094F9CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{3B492FDC-0BB5-4849-93B8-2FFC073CC7A9}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |

"TCP Query User{AD594DCA-98CB-408C-848C-6836560EEFF0}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"UDP Query User{2B8495D7-51FE-4E6F-8332-AD5A1041C8C4}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"UDP Query User{DAAAF596-A305-4074-8C04-FD00EF501DDC}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0201E035-0F3A-A52B-75C2-C7A817727230}" = CCC Help Italian

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04FDAB5C-986B-7620-3F4F-E5D37F6781E8}" = Catalyst Control Center Localization All

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{1253FE37-2CFA-DDE1-720C-6B9A66605488}" = CCC Help Chinese Traditional

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1C51A88E-25D6-AABF-8650-2BAF8336D252}" = CCC Help French

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"{2147935B-08C4-BAA2-2FF3-6B8D76FF33C2}" = ATI Catalyst Install Manager

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari

"{2F2762EA-D746-5BE3-D612-D2654C943092}" = CCC Help Spanish

"{32594C87-E709-7059-2781-2DC3E6AC16BE}" = ccc-utility

"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{374369F3-A806-6A98-0D60-B22919C15224}" = Catalyst Control Center Graphics Full Existing

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{47A65A53-398C-6FBF-D83A-5BA08C17E553}" = CCC Help Hungarian

"{4886820B-C9A2-5F6A-D61E-D697F45D2013}" = CCC Help German

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AE19B82-39C9-7601-F6E7-B87D0B6833EC}" = Skins

"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor

"{4E915575-2CCA-51C0-33CA-FC8E26C1ABD2}" = CCC Help Russian

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{5E209153-9900-C0A1-D477-5DE3A334377D}" = ccc-core-static

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)

"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel

"{630F1852-FDBC-B67A-ED81-F830A0495747}" = CCC Help Japanese

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{63AF7D26-CC24-0E6D-5C0A-2962EAA54497}" = Catalyst Control Center Graphics Full New

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76393D91-5999-A401-F721-6DDA1389EA0B}" = CCC Help Dutch

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77A7A4C5-31DC-B1FB-02EA-927E3D044186}" = CCC Help Finnish

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{823BFDA3-EE5B-C016-0242-23FC567D66DF}" = Catalyst Control Center Graphics Previews Common

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}" = Putt Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}" = Mythic Mahjong

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8650B9AB-1E2E-4DA4-BD0C-DBE8720D7C2E}" = CCC Help Swedish

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C8A0B95-8350-D8A1-3354-4BDC00B27EC6}" = Catalyst Control Center Core Implementation

"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10

"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology

"{8F8D951A-AD96-B410-8330-F988806E68EA}" = CCC Help Danish

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10

"{9B35344F-7FA4-B6BA-E64B-930A5BDB9585}" = Catalyst Control Center InstallProxy

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{A2A3AA46-9625-354A-82A2-1E6DF7D52D86}" = CCC Help Turkish

"{AC37FE78-545F-E92C-3A9C-6E68DB42140B}" = CCC Help Czech

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AF15A0FC-F5F2-E46A-6837-2B8C5B883109}" = CCC Help Korean

"{AFB16B59-3872-3B48-EDD8-B16A8B3BDD0E}" = Catalyst Control Center Graphics Previews Vista

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6

"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader

"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager

"{BA4A3C12-3A9F-C85A-E544-C89428A271D5}" = CCC Help Portuguese

"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner

"{BFEE4C93-E490-26FC-D16B-C789F63D33C0}" = CCC Help English

"{C0EE4F3C-098F-940C-E5C1-736E7A943CE1}" = CCC Help Chinese Standard

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C31A92DA-E488-A3BC-A694-074A8803527F}" = CCC Help Norwegian

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D34F8493-F267-590E-18E6-E1A468642591}" = Catalyst Control Center InstallProxy

"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding

"{D439E799-2D99-52DC-F3CF-0501086348D5}" = Catalyst Control Center Graphics Light

"{D8F448FA-4AE0-EB3A-599F-C345A37799A0}" = CCC Help Polish

"{D9D5FE8B-7A8A-789A-8FF6-21288086F7A3}" = CCC Help Greek

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)

"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam

"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10

"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E91E8912-769D-42F0-8408-0E329443BABC}" = Hawking Technologies HWUG1 Wireless-G USB Adapter

"{E9DD7E57-6D95-F664-3B7C-CD013719F2E9}" = CCC Help Thai

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10

"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F435F919-9787-832A-FBFE-DBCEC6B8C62C}" = Catalyst Control Center HydraVision Full

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F87F2E18-4720-4F97-B3E5-E930D649D92B}" = Mobile Mouse Server

"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility

"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"8461-7759-5462-8226" = Vuze

"Acer Assist" = Acer Assist

"Acer Registration" = Acer Registration

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AIM_7" = AIM 7

"Any Video Converter_is1" = Any Video Converter 3.0.3

"Audacity_is1" = Audacity 1.2.6

"Audioro iPod Converter" = Audioro iPod Converter 2.03

"avast5" = avast! Free Antivirus

"AviSynth" = AviSynth 2.5

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Debut" = Debut Video Capture Software

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX Setup

"DVDFab 6 by CATER / AHCU_is1" = DVDFab 6.0.1.0 by CATER / AHCU

"ENTERPRISER" = Microsoft Office Enterprise 2007

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HyperCam 2" = HyperCam 2

"HyperCam Toolbar" = HyperCam Toolbar

"ImgBurn" = ImgBurn

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12

"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1

"LManager" = Launch Manager

"LogonStudio Vista" = LogonStudio Vista

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)

"PunkBusterSvc" = PunkBuster Services

"Rainlendar2" = Rainlendar2 (remove only)

"RealPlayer 12.0" = RealPlayer

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ViewpointMediaPlayer" = Viewpoint Media Player

"WinRAR archiver" = WinRAR archiver

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3996654907-2226748910-2045848586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 7/27/2010 3:33:49 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 7/27/2010 3:42:56 AM | Computer Name = officemax-PC | Source = Bonjour Service | ID = 100

Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 7/27/2010 3:42:56 AM | Computer Name = officemax-PC | Source = Bonjour Service | ID = 100

Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 7/27/2010 6:12:52 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 7/27/2010 6:14:18 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 7/27/2010 6:22:41 AM | Computer Name = officemax-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 7/27/2010 3:16:24 PM | Computer Name = officemax-PC | Source = Bonjour Service | ID = 100

Description = 380: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 7/27/2010 3:17:12 PM | Computer Name = officemax-PC | Source = EventSystem | ID = 4621

Description =

Error - 7/27/2010 3:41:52 PM | Computer Name = Patrick | Source = WinMgmt | ID = 10

Description =

Error - 7/27/2010 3:48:36 PM | Computer Name = Patrick | Source = BackItUp5 | ID = 5225

Description =

[ System Events ]

Error - 12/28/2009 8:52:08 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 12/28/2009 8:59:15 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 12/28/2009 9:06:22 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 12/28/2009 9:23:29 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 12/28/2009 9:30:36 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 12/28/2009 9:42:43 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 12/28/2009 9:49:50 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 12/28/2009 10:03:19 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 12/28/2009 10:10:26 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 12/28/2009 10:22:26 PM | Computer Name = officemax-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

< End of report >

Link to post
Share on other sites

Please let me know if you still have the security error on startup and if so, try to give me as much details as possible. If you hover your mouse over the tray icon, what description it gives and so on....

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

elise i still got it once it rebooted im going to take a screenshot of what the dialog box looks like.

All processes killed

========== OTL ==========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-21-3996654907-2226748910-2045848586-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56504 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Patrick Herrin

->Temp folder emptied: 17415885 bytes

->Temporary Internet Files folder emptied: 17062451 bytes

->Java cache emptied: 74358818 bytes

->FireFox cache emptied: 64590296 bytes

->Apple Safari cache emptied: 1392640 bytes

->Flash cache emptied: 228364 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 9250 bytes

RecycleBin emptied: 57913661 bytes

Total Files Cleaned = 222.00 mb

OTL by OldTimer - Version 3.2.12.1 log created on 09182010_133422

Files\Folders moved on Reboot...

C:\Users\Patrick Herrin\AppData\Local\Temp\VGX7CCD.tmp moved successfully.

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hi, this is most likely caused by Ulead. You can try to reinstall the application. To get rid of the error message, try this:

Open OTL and copy/paste the following text into the "custom scan/fix" field. Click Run Fix.

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UVS12 Preload"=-

Let me know if that did the trick.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.