[code] OTS logfile created on: 6/5/2012 2:35:39 PM - Run (Non-Administrative account!) OTS by OldTimer - Version 3.1.47.2 Folder = C:\Documents and Settings\Guest\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.20 Gb Total Space | 0.61 Gb Free Space | 0.43% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-E817FAE0D8 Current User Name: Guest NOT logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Documents and Settings\Guest\My Documents\Downloads\OTS.exe -> [2012/06/05 14:32:10 | 000,646,656 | ---- | M] (OldTimer Tools) rtkbtmnt.exe -> C:\Documents and Settings\Guest\Local Settings\Temp\RtkBtMnt.exe -> [2012/06/05 13:48:21 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) msseces.exe -> C:\Program Files\Microsoft Security Client\msseces.exe -> [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2012/02/13 16:49:27 | 000,924,632 | ---- | M] (Mozilla Corporation) aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2011/08/15 09:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) aa antimalware.exe -> C:\Program Files\Adware Away\AA Antimalware.exe -> [2011/01/12 17:52:26 | 000,709,632 | ---- | M] (AdwareAway.com) eragent.exe -> C:\Acer\Empowering Technology\eRecovery\eRAgent.exe -> [2008/09/04 02:46:04 | 000,425,984 | ---- | M] (Acer Inc.) qtzgacer.exe -> C:\Program Files\Launch Manager\QtZgAcer.EXE -> [2008/05/13 23:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) launchu3.exe -> C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe -> [2006/11/16 14:26:52 | 001,095,224 | ---- | M] () [Modules - No Company Name] npswf32_11_2_202_235.dll -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll -> [2012/05/26 13:02:22 | 008,797,856 | ---- | M] () mozjs.dll -> C:\Program Files\Mozilla Firefox\mozjs.dll -> [2012/02/13 16:49:25 | 001,911,768 | ---- | M] () it41.dll -> C:\Acer\Empowering Technology\eRecovery\it41.dll -> [2007/04/06 05:56:30 | 000,356,352 | ---- | M] () launchu3.exe -> C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe -> [2006/11/16 14:26:52 | 001,095,224 | ---- | M] () imagefile.dll -> C:\Acer\Empowering Technology\eRecovery\imagefile.dll -> [2006/01/12 13:33:34 | 000,212,992 | ---- | M] () [Win32 Services - Safe List] [Driver Services - Safe List] [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\] > -> -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1209&m=aoa150 -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: Main\\"Search Page" -> http://www.google.com -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: Main\\"SearchDefaultBranded" -> 1 -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: Main\\"Start Page" -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: SearchURL\\"" -> http://www.google.com/search/?q=%s -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Guest\Application Data\Mozilla\FireFox\Profiles\qlz62hgg.default\prefs.js -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 -> extensions.enabledItems -> {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.0.0.8 -> extensions.enabledItems -> jqs@sun.com:1.0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d} -> C:\Program Files\FVD Suite\addons\Firefox [C:\PROGRAM FILES\FVD SUITE\ADDONS\FIREFOX] -> [2011/12/19 19:47:04 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 10.0.1\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2012/02/13 16:49:30 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2012/04/24 10:50:40 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions -> [2010/10/11 00:08:00 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qlz62hgg.default\extensions -> [2012/06/05 13:15:24 | 000,000,000 | ---D | M] Bitdefender QuickScan -> C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qlz62hgg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} -> [2012/06/05 13:15:24 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2012/02/13 16:49:44 | 000,000,000 | ---D | M] < HOSTS File > ([2011/06/06 07:39:19 | 000,000,848 | R--- | M] - 21 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {000123B4-9B42-4900-B3F7-F4B073EFC214} [HKLM] -> C:\Program Files\Orbitdownloader\orbitcth.dll [Octh Class] -> [2010/01/12 16:03:52 | 000,240,912 | ---- | M] (Orbitdownloader.com) {043C5167-00BB-4324-AF7E-62013FAEDACF} [HKLM] -> C:\Program Files\vShare\vshare_toolbar.dll [vShare Plugin] -> [2010/10/05 15:40:08 | 000,478,800 | ---- | M] () {2B171655-A69C-5c18-B693-6CB5DC269D44} [HKLM] -> C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll [Open FVD Suite Toolbar] -> [2011/12/07 10:55:18 | 000,410,112 | ---- | M] (www.flashvideodownloader.org/fvd-suite/) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2011/11/10 09:01:32 | 000,325,408 | ---- | M] (Sun Microsystems, Inc.) {88c7f2aa-f93f-432c-8f0e-b7d85967a527} [HKLM] -> [BitTorrentBar Toolbar] -> File not found {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [Google Toolbar Notifier BHO] -> [2012/01/10 23:29:27 | 001,003,576 | ---- | M] (Google Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{043C5167-00BB-4324-AF7E-62013FAEDACF}" [HKLM] -> C:\Program Files\vShare\vshare_toolbar.dll [vShare Plugin] -> [2010/10/05 15:40:08 | 000,478,800 | ---- | M] () "{2B171655-A69C-5c18-B693-6CB5DC269D41}" [HKLM] -> C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll [FVD Suite Toolbar] -> [2011/12/07 10:55:18 | 000,410,112 | ---- | M] (www.flashvideodownloader.org/fvd-suite/) "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}" [HKLM] -> [BitTorrentBar Toolbar] -> File not found "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> C:\Program Files\Orbitdownloader\GrabPro.dll [Grab Pro] -> [2010/01/12 16:03:52 | 000,662,720 | ---- | M] () "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{043C5167-00BB-4324-AF7E-62013FAEDACF}" [HKLM] -> C:\Program Files\vShare\vshare_toolbar.dll [vShare Plugin] -> [2010/10/05 15:40:08 | 000,478,800 | ---- | M] () WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found WebBrowser\\"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}" [HKLM] -> [BitTorrentBar Toolbar] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Alcmtr" -> C:\WINDOWS\ALCMTR.EXE [ALCMTR.EXE] -> [2008/06/19 19:20:52 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) "AzMixerSel" -> C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe] -> [2006/07/18 01:40:30 | 000,053,248 | ---- | M] (Realtek Semiconductor Corp.) "eRecoveryService" -> C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [C:\Acer\Empowering Technology\eRecovery\eRAgent.exe] -> [2008/09/04 02:46:04 | 000,425,984 | ---- | M] (Acer Inc.) "IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2008/04/14 16:00:00 | 000,208,952 | ---- | M] (Microsoft Corporation) "LaunchApp" -> C:\WINDOWS\Alaunch.exe [Alaunch] -> [2006/03/16 16:56:22 | 000,524,288 | ---- | M] (Acer Inc.) "LManager" -> C:\Program Files\Launch Manager\QtZgAcer.EXE [C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE] -> [2008/05/13 23:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) "MSC" -> c:\Program Files\Microsoft Security Client\msseces.exe ["c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) "PLFSetL" -> C:\WINDOWS\PLFSetL.exe [C:\WINDOWS\PLFSetL.exe] -> [2007/07/05 16:35:54 | 000,094,208 | ---- | M] (sonix) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk -> C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe -> [2011/02/23 13:00:25 | 000,022,486 | R--- | M] () -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\newadmin.txt -> [2012/06/05 13:34:47 | 000,000,123 | ---- | M] () < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HonorAutoRunSetting" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\Software\Microsoft\Internet Explorer\MenuExt\ -> Google Sidewiki... -> [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 73 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 72 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 72 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 73 domain(s) found. -> localhost .[http] -> Local intranet -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\] > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> GD [:Range = 127.0.0.1] -> http = Local intranet | -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264586680562 [MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab [Java Plug-in 1.6.0_30] -> {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab [Java Plug-in 1.6.0_30] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab [PopCapLoader Object] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab [Windows Live Hotmail Photo Upload Tool] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 64.71.255.198 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {B56DB731-4C2D-43C8-870F-66DB01BC51AA}\\DhcpNameServer -> 64.71.255.198 (Atheros AR5007EG Wireless Network Adapter) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2011/01/15 04:08:08 | 000,123,392 | ---- | M] (Google) *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/14 16:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> TPSvc -> -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 23:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Program Files\Veetle\Player\VeetleNet.exe" -> C:\Program Files\Veetle\Player\VeetleNet.exe [C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet] -> [2011/04/27 19:25:44 | 000,626,392 | ---- | M] () < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Documents and Settings\user\Application Data\U3\0000187112A32E8C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" -> [C:\Documents and Settings\user\Application Data\U3\0000187112A32E8C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype] -> File not found "C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2012/02/22 09:11:58 | 000,650,104 | ---- | M] (BitTorrent, Inc.) "C:\Program Files\Java\jre6\bin\javaw.exe" -> C:\Program Files\Java\jre6\bin\javaw.exe [C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary] -> [2011/11/10 06:54:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) "C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2012/02/13 16:49:27 | 000,924,632 | ---- | M] (Mozilla Corporation) "C:\Program Files\Orbitdownloader\orbitdm.exe" -> C:\Program Files\Orbitdownloader\orbitdm.exe [C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit] -> [2010/01/12 16:03:54 | 001,785,104 | ---- | M] (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" -> C:\Program Files\Orbitdownloader\orbitnet.exe [C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit] -> [2009/12/03 10:54:40 | 000,557,056 | ---- | M] (Orbitdownloader.com) "C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2010/10/16 13:18:32 | 000,328,056 | ---- | M] (BitTorrent, Inc.) "C:\Program Files\Veetle\Player\VeetleNet.exe" -> C:\Program Files\Veetle\Player\VeetleNet.exe [C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet] -> [2011/04/27 19:25:44 | 000,626,392 | ---- | M] () < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/01/20 14:11:40 | 000,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \D HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell \D\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun \D\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command \D\Shell\AutoRun\command\\"" -> [D:\LaunchU3.exe -a] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-193509770-581010425-1804888550-501\SOFTWARE\Classes\\ -> .exe [@ = exefile] -> Reg Error: Key error. -> File not found [Registry - Additional Scans - Safe List] < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Error: Unable to start EventLog service! [Files/Folders - Created Within 30 Days] tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> [2012/06/05 14:06:44 | 000,200,976 | ---- | C] (Trend Micro Inc.) QuickScan -> C:\Documents and Settings\Guest\Application Data\QuickScan -> [2012/06/05 13:15:56 | 000,000,000 | ---D | C] Downloads -> C:\Documents and Settings\Guest\My Documents\Downloads -> [2012/06/05 12:47:49 | 000,000,000 | ---D | C] YTD YouTube Downloader & Converter -> C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter -> [2012/05/16 16:33:12 | 000,000,000 | ---D | C] YTD YouTube Downloader & Converter -> C:\Documents and Settings\All Users\Start Menu\Programs\YTD YouTube Downloader & Converter -> [2012/05/16 16:32:57 | 000,000,000 | ---D | C] 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 3 C:\*.tmp files -> C:\*.tmp -> [Files/Folders - Modified Within 30 Days] GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2012/06/05 14:37:02 | 000,000,886 | ---- | M] () census.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\census.cache -> [2012/06/05 14:15:33 | 000,172,167 | ---- | M] () ars.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\ars.cache -> [2012/06/05 14:15:05 | 000,166,169 | ---- | M] () housecall.guid.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\housecall.guid.cache -> [2012/06/05 14:05:36 | 000,000,036 | ---- | M] () Microsoft Antimalware Scheduled Scan.job -> C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job -> [2012/06/05 13:57:52 | 000,000,384 | -H-- | M] () GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2012/06/05 13:47:46 | 000,000,882 | ---- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2012/06/05 13:47:32 | 000,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2012/06/05 13:47:30 | 1597,976,576 | -HS- | M] () rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2012/06/04 17:24:44 | 000,000,064 | ---- | M] () rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2012/06/04 17:24:44 | 000,000,044 | ---- | M] () Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2012/06/04 17:24:39 | 000,000,472 | ---- | M] () LaunchU3.exe.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk -> [2012/06/04 10:41:41 | 000,002,539 | ---- | M] () FlashPlayerApp.exe -> C:\WINDOWS\System32\FlashPlayerApp.exe -> [2012/05/26 13:02:22 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2012/05/26 13:02:22 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) YTD YouTube Downloader & Converter.lnk -> C:\Documents and Settings\All Users\Desktop\YTD YouTube Downloader & Converter.lnk -> [2012/05/16 16:32:50 | 000,000,725 | ---- | M] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2012/05/12 00:51:44 | 000,507,594 | ---- | M] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2012/05/12 00:51:44 | 000,088,782 | ---- | M] () FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2012/05/11 23:32:22 | 000,343,424 | ---- | M] () imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2012/05/11 19:55:06 | 000,001,374 | ---- | M] () epplauncher.mif -> C:\WINDOWS\epplauncher.mif -> [2012/05/11 19:51:54 | 000,001,945 | ---- | M] () 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 4 C:\Documents and Settings\Guest\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Guest\Local Settings\Temp\*.tmp -> 34 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 3 C:\*.tmp files -> C:\*.tmp -> 1 C:\Documents and Settings\Guest\Local Settings\Temp\HouseCall\*.tmp files -> C:\Documents and Settings\Guest\Local Settings\Temp\HouseCall\*.tmp -> 1 C:\Documents and Settings\Guest\Local Settings\Temp\HouseCall\*.tmp files -> C:\Documents and Settings\Guest\Local Settings\Temp\HouseCall\*.tmp -> 1 C:\Documents and Settings\Guest\Local Settings\Temp\HCBackup\*.tmp files -> C:\Documents and Settings\Guest\Local Settings\Temp\HCBackup\*.tmp -> [Files - No Company Name] census.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\census.cache -> [2012/06/05 14:15:32 | 000,172,167 | ---- | C] () ars.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\ars.cache -> [2012/06/05 14:15:05 | 000,166,169 | ---- | C] () housecall.guid.cache -> C:\Documents and Settings\Guest\Local Settings\Application Data\housecall.guid.cache -> [2012/06/05 14:05:36 | 000,000,036 | ---- | C] () YTD YouTube Downloader & Converter.lnk -> C:\Documents and Settings\All Users\Desktop\YTD YouTube Downloader & Converter.lnk -> [2012/05/16 16:32:50 | 000,000,725 | ---- | C] () Microsoft Antimalware Scheduled Scan.job -> C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job -> [2012/05/11 20:01:46 | 000,000,384 | -H-- | C] () Microsoft Security Essentials.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk -> [2012/05/11 19:51:50 | 000,001,702 | ---- | C] () iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/16 17:34:57 | 000,003,072 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/10/31 09:11:04 | 000,016,896 | ---- | C] () rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2011/04/28 11:14:39 | 000,000,064 | ---- | C] () rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2011/04/28 11:14:39 | 000,000,044 | ---- | C] () zlib.dll -> C:\WINDOWS\System32\zlib.dll -> [2010/10/04 16:35:23 | 000,053,248 | ---- | C] () d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/09/18 03:44:13 | 000,000,664 | ---- | C] () [File - Lop Check] Common Files -> C:\Documents and Settings\All Users\Application Data\Common Files -> [2011/03/14 15:00:21 | 000,000,000 | -H-D | M] eSobi -> C:\Documents and Settings\All Users\Application Data\eSobi -> [2010/04/18 14:26:49 | 000,000,000 | ---D | M] FirmTools -> C:\Documents and Settings\All Users\Application Data\FirmTools -> [2011/10/25 02:49:02 | 000,000,000 | ---D | M] MFAData -> C:\Documents and Settings\All Users\Application Data\MFAData -> [2010/11/30 00:28:34 | 000,000,000 | ---D | M] PopCap -> C:\Documents and Settings\All Users\Application Data\PopCap -> [2010/03/13 01:24:07 | 000,000,000 | ---D | M] STOPzilla! -> C:\Documents and Settings\All Users\Application Data\STOPzilla! -> [2012/04/20 15:13:38 | 000,000,000 | ---D | M] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2012/03/26 11:40:30 | 000,000,000 | ---D | M] YouTube Downloader -> C:\Documents and Settings\All Users\Application Data\YouTube Downloader -> [2012/05/16 16:32:57 | 000,000,000 | ---D | M] YTD YouTube Downloader & Converter -> C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter -> [2012/05/16 16:33:15 | 000,000,000 | ---D | M] {2162CCC0-3A5F-4887-B51F-CE5F195B3620} -> C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} -> [2011/02/16 12:04:58 | 000,000,000 | -H-D | M] {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/06/08 00:56:16 | 000,000,000 | ---D | M] {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2010/03/18 14:43:38 | 000,000,000 | ---D | M] PriceGong -> C:\Documents and Settings\Guest\Application Data\PriceGong -> [2011/08/19 05:35:31 | 000,000,000 | ---D | M] QuickScan -> C:\Documents and Settings\Guest\Application Data\QuickScan -> [2012/06/05 14:16:55 | 000,000,000 | ---D | M] vShare -> C:\Documents and Settings\Guest\Application Data\vShare -> [2011/10/31 09:00:08 | 000,000,000 | ---D | M] Windows Desktop Search -> C:\Documents and Settings\Guest\Application Data\Windows Desktop Search -> [2010/05/17 09:45:03 | 000,000,000 | ---D | M] Windows Search -> C:\Documents and Settings\Guest\Application Data\Windows Search -> [2010/07/12 12:08:59 | 000,000,000 | ---D | M] SACore -> C:\Documents and Settings\LocalService\Application Data\SACore -> [2009/12/20 11:09:13 | 000,000,000 | ---D | M] Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2012/06/04 17:24:39 | 000,000,472 | ---- | M] () Low Battery Alarm Program.job -> C:\WINDOWS\Tasks\Low Battery Alarm Program.job -> [2011/08/14 20:34:11 | 000,000,104 | ---- | M] () [File - Purity Scan] < End of report > [/code]