Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown virus/Unable to launch Firefox browser

Started by mizpac76 , Jul 04 2009 01:15 PM

  • Please log in to reply

#1
mizpac76
Posted 04 July 2009 - 01:15 PM

mizpac76

    Member

  • Member
  • PipPip
  • 26 posts
I've been getting windows pop up boxes on my desktop: "MICROSOFT WINDOWS SEARCH INDEXER HAS STOPPED WORKING" " "COM SURROGATE HAS STOPPED WORKING" "COM SURROGATE WAS CLOSED". Also I am no longer able to open up my Firefox browser.

Here are my logs:

Malwarebytes' Anti-Malware 1.24
Database version: 1031
Windows 6.0.6000

8:10:14 PM 8/7/2008
mbam-log-8-7-2008 (20-10-14).txt

Scan type: Quick Scan
Objects scanned: 42339
Time elapsed: 13 minute(s), 11 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 3
Registry Keys Infected: 18
Registry Values Infected: 13
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 29

Memory Processes Infected:
C:\Windows\mrofinu1381.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\mjc\mjc.exe (Adware.MJC) -> Unloaded process successfully.
C:\Program Files\Sakora\Sakora.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Program Files\WinPop\winpop.exe (Adware.WinPop) -> Unloaded process successfully.

Memory Modules Infected:
C:\Users\Kay\AppData\Local\Temp\pmnnOIxx.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Kay\AppData\Local\Temp\cacqhyom.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Kay\AppData\Local\Temp\mceojvms.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winpop (Adware.WinPop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wintouch (Adware.WinPop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2f8c6d1f-1995-40ef-9caa-3ecc40f19a87} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinPop (Adware.WinPop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmc318a94c (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c02b9ad0 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mjc (Adware.MJC) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sakora (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winpop (Adware.WinPop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Sound (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Windows Sound (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2f8c6d1f-1995-40ef-9caa-3ecc40f19a87} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\WinPop (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Sakora (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\mjc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kay\AppData\Roaming\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Kay\AppData\Local\Temp\pmnnOIxx.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Kay\AppData\Local\Temp\cacqhyom.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Kay\AppData\Local\Temp\mceojvms.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\mrofinu1381.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\mjc\mjc.exe (Adware.MJC) -> Quarantined and deleted successfully.
C:\Program Files\Sakora\Sakora.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\webtools.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\b103.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\b116.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\b138.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\b148.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\b152.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\b155.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\b156.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\mrofinu1381.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Kay\AppData\Local\Temp\sipbbwjp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kay\AppData\Local\Temp\slmdyvoi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kay\AppData\Local\Temp\wbynwafg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kay\AppData\Local\Temp\idyolbxp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\WinPop\UnInstall.exe (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Program Files\WinPop\winpop.exe (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Users\Kay\AppData\Roaming\WinTouch\wintouch.cfg (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Users\Kay\AppData\Roaming\WinTouch\WTUninstaller.exe (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Windows\System32\svuhost.exe (Backdoor.Bot) -> Delete on reboot.
C:\Windows\System32\khfFuurR.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Kay\AppData\Local\Temp\ljJyyWND.dll (Malware.Trace) -> Delete on reboot.
C:\Windows\System32\fCrrPiJC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\b122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


OTL logfile created on: 7/4/2009 11:40:20 AM - Run 1
OTL by OldTimer - Version 3.0.6.4 Folder = C:\Users\Kay\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 280.74 Mb Available Physical Memory | 27.70% Memory free
2.24 Gb Paging File | 1.19 Gb Available in Paging File | 53.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71.28 Gb Total Space | 6.41 Gb Free Space | 8.99% Space Free | Partition Type: NTFS
Drive D: | 70.94 Gb Total Space | 70.82 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAYS-LAB
Current User Name: Kay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Users\Kay\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\System32\wermgr.exe (Microsoft Corporation)
PRC - C:\Users\Kay\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (ATTRcAppSvc [On_Demand | Stopped]) -- File not found
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CAATT [On_Demand | Stopped]) -- File not found
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (eLockService [Auto | Running]) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (eNet Service [Auto | Running]) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eRecoveryService [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService [Auto | Running]) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Irmon [Auto | Running]) -- C:\Windows\System32\irmon.dll (Microsoft Corporation)
SRV - (ISPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MobilityService [Auto | Running]) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (SymAppCore [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMIService [Auto | Running]) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (b57nd60x [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DKbFltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO [System | Running]) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (EMSCR [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\EMS7SK.sys (ENE Technology Inc.)
DRV - (ESDCR [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\ESM7SK.sys (ENE Technology Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (IDSvix86 [System | Running]) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070628.003\IDSvix86.sys (Symantec Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (int15 [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (lv321av [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\lv321av.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NAVENG [On_Demand | Stopped]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070705.017\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070705.017\NAVEX15.SYS (Symantec Corporation)
DRV - (NETw3v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel® Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (NTIDrvr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PSDFilter [Boot | Running]) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (PSDNServ [Boot | Running]) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk [Boot | Running]) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RimSerPort [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (RimVSerPort [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SMSCIRDA [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\SMSCirda.sys (SMSC)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SRTSP [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SWNC8U20 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\swnc8u20.sys (Sierra Wireless Inc.)
DRV - (SWUMX20 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\swumx20.sys (Sierra Wireless Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDISV [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (UBHelper [Boot | Running]) -- C:\Windows\System32\drivers\UBHelper.sys ()
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = AF FD 62 1F 04 63 0F 44 BF 48 E7 D0 19 01 4B F0 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://login.devry....FDB64F591719DD8
A8277A3416E9FD5E38461F684EC225A384661D5BA025ED3148A6F4F07422CAAF495A196EA78B28E83BF7F407979188C441CF
D
DD582B22B86F7F1F5017B58B7330907B589FB1DC691DADE3BB58D45DD0E43B6AE71CDCF4A7A50400D5508002A66933066F1B
4
AFA3C9383E94CDE05D0E930B2345EB41D9D0037E31A21D2CA2D0AFFE204A5CF07976C421F5BBE7A0DD5C062389C60222F6BE
5
6D87691EE09C&p_error_code=&p_submit_url=https%3A%2F%2Flogin.devry.edu%2Fsso%2Fauth&p_cancel_url=https%3A%2F%2Fmy.devry.edu%2Fpls%2Fportal%2FPORTAL.home&ssousername="
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.0b3
FF - prefs.js..extensions.enabledItems: [email protected]:0.5d
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.0.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5


FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/02 09:42:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/01 23:38:30 | 00,000,000 | ---D | M]

[2008/09/02 11:27:37 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Extensions
[2008/09/02 11:27:37 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/04 09:20:42 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions
[2009/07/01 23:45:27 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2008/09/02 12:11:00 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions\{1a45a8a0-3278-11dd-bd11-0800200c9a66}
[2009/02/14 12:06:28 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/23 20:39:48 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/07/02 07:26:49 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions\{ddb7e7f0-96e4-11dd-ad8b-0800200c9a66}-trash
[2009/07/01 23:45:14 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions\[email protected]
[2009/03/09 20:39:24 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions\CrystalFox_Qute@BigRedBrent
[2009/07/01 23:45:36 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions\[email protected]
[2008/12/27 07:16:03 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions\[email protected]
[2009/07/01 23:45:44 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions\[email protected]
[2009/04/22 19:06:22 | 00,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\cskkw4kx.default\extensions\[email protected]
[2009/06/30 20:16:09 | 00,000,682 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\FireFox\Profiles\cskkw4kx.default\searchplugins\ask.xml
[2009/07/04 09:20:43 | 00,001,963 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\FireFox\Profiles\cskkw4kx.default\searchplugins\thomasnet-industrial-search.xml
[2009/07/01 23:38:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/01 23:38:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/23 07:45:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/07 07:10:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/06/24 08:26:10 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 08:26:11 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/03/07 07:09:56 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/24 08:26:12 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/17 20:32:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/17 20:32:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/17 20:32:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/17 20:32:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/17 20:32:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/17 20:32:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/17 20:32:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/13 11:49:00 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/06/24 06:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 06:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 06:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 06:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 06:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 06:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 06:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [ofmw] C:\Program Files\Common Files\ofmw\ofmwm.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKCU..\Run: [捁牥吠畯r] File not found
O4 - Startup: C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flstu.exe ()
O4 - Startup: C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flstudi.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pogo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinn...rabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} http://www.worldwinn...mines/mines.cab (Mines Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} http://www.worldwinn...gsaw/jigsaw.cab (Jigsaw Genius Control)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinn...jattack/bja.cab (BJA Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinn...x/blockwerx.cab (Blockwerx Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinn...jo/wordmojo.cab (WordMojo Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinn...v46/sol/sol.cab (Sol Control)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinn...luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinn...apit/swapit.cab (SwapIt Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinn...ty/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinn...royal/royal.cab (Royal Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinn...sol/golfsol.cab (GolfSol Control)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinn...es/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/02 01:15:27 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bbc910dc-65b4-11de-b33f-0016d468a437}\Shell\AutoRun\command - "" = H:\WINAVI.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Users\Kay\Desktop\*.tmp files]
[2009/07/04 11:37:12 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Kay\Desktop\OTL.exe
[2009/07/04 11:31:44 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/04 11:13:51 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\Kay\Desktop\Rooter.exe
[2009/07/04 10:44:00 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/04 10:31:47 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/04 10:31:47 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/07/04 10:31:47 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/07/04 10:31:47 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/07/04 10:31:47 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/07/04 10:31:46 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/07/04 10:31:46 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/07/04 10:31:46 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/07/04 10:31:46 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/04 10:31:46 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/07/04 10:31:46 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/04 10:31:46 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/07/04 10:31:45 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/04 10:31:45 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/07/04 10:31:45 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/07/04 10:31:45 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/04 10:31:45 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/07/04 10:31:45 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/04 10:31:45 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/07/04 10:31:44 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/07/04 10:31:44 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/04 10:31:44 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/07/04 10:31:44 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/07/04 10:31:44 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/07/04 10:31:44 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/04 10:31:44 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/04 10:31:44 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/07/04 10:31:43 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/04 10:31:43 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/04 10:31:43 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/04 10:31:42 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/07/04 10:31:42 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/07/04 10:31:42 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/07/04 10:31:42 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/07/04 10:31:41 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/07/04 10:31:41 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/07/04 10:31:41 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/04 10:31:41 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/07/04 10:31:40 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/07/04 10:31:40 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/04 10:31:40 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/07/04 10:31:40 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/04 10:31:40 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/07/04 10:31:40 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/07/04 10:31:39 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/04 10:31:39 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/04 10:31:39 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/04 10:31:39 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/07/04 10:31:39 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/07/04 10:31:39 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/07/04 10:31:38 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/04 10:31:37 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/04 10:31:36 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/04 10:31:35 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/04 10:31:35 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/02 11:01:33 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/07/02 11:01:33 | 00,001,853 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/07/02 11:01:32 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/07/02 11:01:31 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/07/02 11:01:30 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/07/02 11:01:30 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/07/02 11:01:07 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/07/02 11:01:07 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/07/02 09:32:55 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/02 09:32:54 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/02 09:32:54 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/02 09:30:48 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/02 08:14:17 | 00,000,000 | ---D | C] -- C:\Users\Kay\Documents\!malware
[2009/07/01 23:38:31 | 00,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/30 19:39:37 | 00,000,123 | ---- | C] () -- C:\Windows\System32\test.aok
[2009/06/30 19:30:03 | 00,000,000 | ---D | C] -- C:\Users\Kay\Desktop\ripped
[2009/06/30 19:28:32 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/06/30 19:28:32 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/06/26 19:27:49 | 00,000,000 | ---D | C] -- C:\Users\Kay\AppData\Local\SecondLife
[2009/06/20 10:54:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/06/20 10:06:14 | 00,001,970 | ---- | C] () -- C:\Users\Kay\Desktop\Scrabble Blast Deluxe.lnk
[2009/06/20 10:06:14 | 00,001,420 | ---- | C] () -- C:\Users\Kay\Desktop\Pogo Games.lnk
[2009/06/20 10:06:12 | 00,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2009/06/18 14:59:57 | 00,000,000 | ---D | C] -- C:\Users\Kay\Desktop\CONL BAND
[2009/06/16 20:26:25 | 00,620,933 | ---- | C] () -- C:\Users\Kay\Desktop\SHED-FLYER.pdf
[2009/06/16 16:37:53 | 00,747,888 | ---- | C] () -- C:\Users\Kay\Desktop\SHED-FLYER.psd
[2009/06/16 00:05:58 | 00,292,705 | ---- | C] () -- C:\Users\Kay\Desktop\shed.psd
[2009/06/15 23:05:10 | 00,205,482 | ---- | C] () -- C:\Users\Kay\Desktop\musicMinistryBooklet.pdf
[2009/06/14 15:33:29 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/06/14 15:33:29 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/06/14 15:33:28 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/06/14 15:33:27 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/06/14 15:33:27 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/06/12 19:37:30 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/06/10 17:00:43 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/10 17:00:39 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/10 17:00:36 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2008/06/18 13:51:06 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/02/13 17:51:19 | 00,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/02/04 13:36:55 | 00,276,608 | ---- | C] () -- C:\Windows\VBRUN100.DLL
[2008/02/04 13:36:55 | 00,007,008 | ---- | C] () -- C:\Windows\SETUPKIT.DLL
[2007/07/06 09:08:03 | 00,000,146 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2007/07/05 14:43:26 | 00,000,154 | ---- | C] () -- C:\Windows\QBWCD.INI
[2007/06/13 15:16:43 | 00,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/06/12 19:36:02 | 00,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/06/12 19:36:02 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/06/12 19:23:38 | 00,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2006/12/16 07:59:24 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2006/12/02 01:15:46 | 00,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006/12/02 01:09:05 | 00,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2006/12/01 23:35:28 | 00,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006/12/01 23:35:20 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/16 13:19:10 | 00,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2006/11/16 13:19:04 | 00,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2006/11/16 13:18:50 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/11/16 13:18:06 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\Users\Kay\Desktop\*.tmp files]
[2009/07/04 11:37:35 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Kay\Desktop\OTL.exe
[2009/07/04 11:13:52 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\Kay\Desktop\Rooter.exe
[2009/07/04 11:11:14 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D0C54B59-741D-423F-9D0D-969917C5BF88}.job
[2009/07/04 11:07:00 | 00,363,886 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/04 11:07:00 | 00,330,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/04 11:07:00 | 00,043,718 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/04 11:01:27 | 00,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/07/04 11:00:40 | 01,770,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/04 11:00:39 | 00,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/04 11:00:37 | 00,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/04 11:00:34 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/04 11:00:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/04 10:56:06 | 02,850,824 | -H-- | M] () -- C:\Users\Kay\AppData\Local\IconCache.db
[2009/07/04 10:54:11 | 00,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2009/07/04 10:43:45 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/07/02 11:01:33 | 00,001,853 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/07/02 11:01:29 | 00,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/07/01 23:38:31 | 00,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/30 20:15:35 | 00,000,123 | ---- | M] () -- C:\Windows\System32\test.aok
[2009/06/30 19:22:20 | 00,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/06/26 20:00:39 | 00,000,484 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kay.job
[2009/06/26 19:27:27 | 00,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Second Life.lnk
[2009/06/20 10:06:14 | 00,001,970 | ---- | M] () -- C:\Users\Kay\Desktop\Scrabble Blast Deluxe.lnk
[2009/06/20 10:06:14 | 00,001,420 | ---- | M] () -- C:\Users\Kay\Desktop\Pogo Games.lnk
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/16 20:26:29 | 00,620,933 | ---- | M] () -- C:\Users\Kay\Desktop\SHED-FLYER.pdf
[2009/06/16 20:25:01 | 00,747,888 | ---- | M] () -- C:\Users\Kay\Desktop\SHED-FLYER.psd
[2009/06/16 00:06:03 | 00,292,705 | ---- | M] () -- C:\Users\Kay\Desktop\shed.psd
[2009/06/15 23:05:10 | 00,205,482 | ---- | M] () -- C:\Users\Kay\Desktop\musicMinistryBooklet.pdf

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:288A91F8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EA029835
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:466F9D5D

========== Files - Unicode (All) ==========
[2008/07/05 18:31:29 | 00,000,000 | ---D | C](C:\Program Files\Common Files\S?mantec) -- C:\Program Files\Common Files\Sуmantec
[2008/07/05 20:12:33 | 00,000,000 | ---D | M](C:\Program Files\Common Files\S?mantec) -- C:\Program Files\Common Files\Sуmantec
< End of report >


OTL Extras logfile created on: 7/4/2009 11:40:20 AM - Run 1
OTL by OldTimer - Version 3.0.6.4 Folder = C:\Users\Kay\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 280.74 Mb Available Physical Memory | 27.70% Memory free
2.24 Gb Paging File | 1.19 Gb Available in Paging File | 53.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71.28 Gb Total Space | 6.41 Gb Free Space | 8.99% Space Free | Partition Type: NTFS
Drive D: | 70.94 Gb Total Space | 70.82 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAYS-LAB
Current User Name: Kay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Program Files\PSPad editor\PSPad.exe (Prog-Soft s.r.o.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
Reg Error: Unknown registry data type File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2408361648-2145817810-1839869422-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu (Acer Inc.)
C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption (HiTRUST)
C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption (HiTRUST)
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{20585CDC-114E-4372-986A-0686B1A37A30}" = Business Plan Pro 2007
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80DE0E1C-D13D-4513-BA2C-AFE83197B8BD}" = Mahjong Garden To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11022143}" = Scrabble Blast Deluxe
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6D75AE8-DA88-4D71-BF06-0D2AA09A6328}" = Symantec Real Time Storage Protection Component
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"ASIO4ALL" = ASIO4ALL
"avast!" = avast! Antivirus
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FL Studio 8" = FL Studio 8
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"MyScribe" = MyScribe
"NVIDIA Drivers" = NVIDIA Drivers
"PRJPRO" = Microsoft Office Project Professional 2007
"PSPad editor_is1" = PSPad editor
"SCRABBLE Blast Deluxe" = SCRABBLE Blast Deluxe
"SecondLife" = SecondLife (remove only)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3)
"Toxic Biohazard" = Toxic Biohazard
"VISPRO" = Microsoft Office Visio Professional 2007
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/20/2007 11:17:17 AM | Computer Name = Kays-Lab | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\SyncCenter.dll failed, 00000005.

[ Application Events ]
Error - 7/4/2009 10:42:53 AM | Computer Name = Kays-Lab | Source = Application Error | ID = 1000
Description = Faulting application Acer.scr, version 0.0.0.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395, exception
code 0xc0000005, fault offset 0x000bf395, process id 0x160c, application start time
0x01c9fcb5b4069c1c.

Error - 7/4/2009 10:57:07 AM | Computer Name = Kays-Lab | Source = Application Error | ID = 1000
Description = Faulting application Acer.scr, version 0.0.0.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395, exception
code 0xc0000005, fault offset 0x000bf395, process id 0xbf8, application start time
0x01c9fcb7b332714c.

Error - 7/4/2009 11:13:28 AM | Computer Name = Kays-Lab | Source = Application Error | ID = 1000
Description = Faulting application Acer.scr, version 0.0.0.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395, exception
code 0xc0000005, fault offset 0x000bf395, process id 0xc0c, application start time
0x01c9fcb9fb989cfc.

Error - 7/4/2009 11:26:10 AM | Computer Name = Kays-Lab | Source = Application Error | ID = 1000
Description = Faulting application Acer.scr, version 0.0.0.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395, exception
code 0xc0000005, fault offset 0x000bf395, process id 0x1498, application start time
0x01c9fcbbc21cd07c.

Error - 7/4/2009 12:04:39 PM | Computer Name = Kays-Lab | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0012020d, process id 0x5fc, application start time
0x01c9fcc121cd3ea8.

Error - 7/4/2009 12:09:25 PM | Computer Name = Kays-Lab | Source = Application Error | ID = 1000
Description = Faulting application flstudi.exe, version 0.0.0.0, time stamp 0x4a03b4db,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc000007b, fault offset 0x00009cac, process id 0x1024, application start time
0x01c9fcc13d1c6508.

Error - 7/4/2009 12:09:25 PM | Computer Name = Kays-Lab | Source = Application Error | ID = 1000
Description = Faulting application flstu.exe, version 0.0.0.0, time stamp 0x49d4fb8c,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc000007b, fault offset 0x00009cac, process id 0xc2c, application start time
0x01c9fcc13aaa5b68.

Error - 7/4/2009 12:32:52 PM | Computer Name = Kays-Lab | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000a020d, process id 0x17d4, application start time
0x01c9fcc513845dc8.

Error - 7/4/2009 12:39:30 PM | Computer Name = Kays-Lab | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0012020d, process id 0x15f4, application start time
0x01c9fcc600daba68.

Error - 7/4/2009 12:39:44 PM | Computer Name = Kays-Lab | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0012020d, process id 0x1528, application start time
0x01c9fcc608f35458.

[ Media Center Events ]
Error - 12/6/2007 8:44:47 PM | Computer Name = Kays-Lab | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/13/2007 2:47:06 PM | Computer Name = Kays-Lab | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/14/2007 6:51:03 AM | Computer Name = Kays-Lab | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/1/2008 1:41:58 AM | Computer Name = Kays-Lab | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/2/2008 3:46:38 PM | Computer Name = Kays-Lab | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 9:13:12 AM | Computer Name = Kays-Lab | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/23/2009 6:36:38 PM | Computer Name = Kays-Lab | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/11/2009 7:02:33 PM | Computer Name = Kays-Lab | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/14/2009 6:12:27 AM | Computer Name = Kays-Lab | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/5/2009 7:33:40 PM | Computer Name = Kays-Lab | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 6/21/2009 8:30:23 PM | Computer Name = Kays-Lab | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/2/2009 8:53:06 AM | Computer Name = Kays-Lab | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/4/2009 12:00:35 PM | Computer Name = Kays-Lab | Source = HTTP | ID = 15016
Description =

Error - 7/4/2009 12:00:49 PM | Computer Name = Kays-Lab | Source = Print | ID = 19
Description = The print spooler failed to share printer Quicken PDF Printer with
shared resource name Quicken PDF Printer. Error 2114. The printer cannot be used
by others on the network.

Error - 7/4/2009 12:01:24 PM | Computer Name = Kays-Lab | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 7/4/2009 12:01:27 PM | Computer Name = Kays-Lab | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on the same network as the interface with IP address 192.168.0.101. The allocator
has disabled itself on the interface to avoid confusing DHCP clients.

Error - 7/4/2009 12:01:27 PM | Computer Name = Kays-Lab | Source = ipnathlp | ID = 30009
Description = The DHCP allocator encountered a network error while attempting to
reply on IP address 0.0.0.0 to a request from a client. The data is the error code.

Error - 7/4/2009 12:03:21 PM | Computer Name = Kays-Lab | Source = WMPNetworkSvc | ID = 866292
Description =

Error - 7/4/2009 12:04:44 PM | Computer Name = Kays-Lab | Source = DCOM | ID = 10010
Description =

Error - 7/4/2009 12:05:31 PM | Computer Name = Kays-Lab | Source = WMPNetworkSvc | ID = 866312
Description =

Error - 7/4/2009 12:05:31 PM | Computer Name = Kays-Lab | Source = WMPNetworkSvc | ID = 866312
Description =

Error - 7/4/2009 12:05:34 PM | Computer Name = Kays-Lab | Source = DCOM | ID = 10000
Description =


< End of report >

Edited by mizpac76, 05 July 2009 - 08:27 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP