Solved malwhare found a threat

hanqba1 · 2011/11/01

i turned anti virus back on it showed EICAR-AV-Test quarantined thought i had better let you know

broni · 2011/11/01

Combofix log looks good.

Uninstall Ask Toolbar, typical foistware.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

hanqba1 · 2011/11/02

otl log 2

TL logfile created on: 02/11/2011 19:25:13 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\kevin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.42% Memory free
4.21 Gb Paging File | 2.70 Gb Available in Paging File | 64.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 17.86 Gb Free Space | 25.97% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 68.39 Gb Free Space | 99.75% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/02 19:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
PRC - [2011/11/02 08:13:43 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\kevin\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/09/12 19:30:44 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/12 19:30:21 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 17:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/08/24 17:28:48 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2011/07/21 15:01:26 | 001,477,304 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Security\Current\plugins\cleanup\WRCleanupEngine.exe
PRC - [2011/04/03 17:24:02 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe
PRC - [2011/03/25 12:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/02/08 17:21:52 | 001,114,040 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2010/04/16 12:55:26 | 000,180,224 | ---- | M] (FutureDial Inc.) -- C:\Program Files\HTC\HTC Sync for BrewMP\AutoDetect.exe
PRC - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 18:06:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/03/05 13:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 13:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/22 18:14:24 | 000,200,704 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2008/01/21 02:25:26 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
PRC - [2008/01/10 01:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/04 10:21:36 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/12/20 18:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/12/20 18:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/20 01:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/28 01:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/10 06:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/10/01 23:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 20:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/19 21:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/09/10 22:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/07 03:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/09/06 19:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/09/03 10:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/12 23:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/12 23:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/25 19:31:18 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/24 22:43:56 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/24 22:43:47 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/24 22:43:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/24 22:43:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/18 06:54:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/18 06:53:55 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/18 06:53:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/18 06:52:15 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/18 06:51:38 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/12 19:30:44 | 002,558,976 | ---- | M] () -- C:\Program Files\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/01/10 01:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008/01/10 01:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008/01/03 09:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/12/20 20:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007/12/20 18:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007/12/20 01:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/12/20 01:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/12/20 01:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/12/20 01:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/10/10 06:41:08 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
MOD - [2007/09/20 21:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007/09/11 16:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007/02/13 13:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2003/06/07 05:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/12 19:30:44 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/08/24 17:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/03/25 12:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2008/03/05 13:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/20 18:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/20 01:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/28 01:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/01 23:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 20:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/19 21:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/09/10 22:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/07/12 23:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011/07/21 14:33:32 | 000,117,104 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2011/05/18 16:31:32 | 000,181,008 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/05/18 16:31:30 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2011/05/18 16:31:28 | 000,045,584 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 11:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/08/28 22:32:12 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/08/28 22:32:11 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/01/24 01:37:20 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2008/01/21 02:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/21 02:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/05 00:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007/12/29 19:05:26 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/08/09 03:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 18:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 17:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/30 14:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/07/03 17:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/03/07 08:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/01/30 05:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {25A6EDBF-C0FD-4ff7-B6A7-C6EDEA3B0B55} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/

IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\kevin\Pictures
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/10/14 17:57:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}: C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc\ [2011/09/12 19:42:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/10/14 17:57:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\MFToolbar@skywebsearch.com: C:\Program Files\MusicFrost\Music Frost Toolbar\FF
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\search@helper: C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\\extensions\SearchHelper

[2010/03/30 19:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kevin\AppData\Roaming\mozilla\Extensions
[2009/10/01 18:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kevin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/03/30 19:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kevin\AppData\Roaming\mozilla\Firefox\extensions
[2010/03/30 19:45:57 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Users\kevin\AppData\Roaming\mozilla\Firefox\extensions\textlinks@playsushi.com

hanqba1 · 2011/11/02

otl log 3

color=#E56717]========== Custom Scans ==========[/color]

< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/03/18 13:23:52 | 000,699,280 | ---- | M] () -- C:\bknowsetup.log
[2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/03/17 17:47:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/01 19:14:42 | 000,021,489 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/07/08 21:49:32 | 000,005,550 | ---- | M] () -- C:\debug.txt
[2011/04/03 18:59:46 | 000,010,210 | ---- | M] () -- C:\dshow.log
[2011/11/02 19:13:19 | 2134,908,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/12 12:39:10 | 000,000,236 | ---- | M] () -- C:\INSTALL.LOG
[2011/01/23 18:09:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/16 15:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2007/09/13 09:56:16 | 000,000,512 | ---- | M] () -- C:\MDR.iss
[2011/01/23 18:09:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2011/11/02 19:13:18 | 2450,776,064 | -HS- | M] () -- C:\pagefile.sys
[2011/10/28 11:29:31 | 000,100,864 | ---- | M] (GMER) -- C:\pwdoqpod.sys
[2008/03/17 18:14:31 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2008/03/18 13:23:52 | 000,000,086 | ---- | M] () -- C:\setup.log
[2009/10/14 18:37:12 | 000,001,304 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/21 16:15:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/10/24 10:48:38 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp696.dll
[2008/01/21 02:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 02:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 03:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 03:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 03:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/16 20:16:53 | 000,000,286 | -HS- | M] () -- C:\Users\kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/01 18:38:47 | 004,280,887 | R--- | M] (Swearware) -- C:\Users\kevin\Desktop\ComboFix.exe
[2011/11/02 19:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
[2011/11/01 16:19:48 | 000,139,264 | ---- | M] () -- C:\Users\kevin\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >
[2011/09/12 19:33:31 | 006,278,328 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/09/21 16:29:09 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2009/09/21 16:28:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2008/08/17 01:57:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2008/08/17 01:57:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2009/09/21 16:28:39 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/03/25 21:42:04 | 000,000,402 | -HS- | M] () -- C:\Users\kevin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/01/10 13:59:45 | 000,011,204 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/10/30 18:53:31 | 000,000,626 | ---- | M] () -- C:\ProgramData\SharedProperties.xml

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2009/08/22 09:12:50 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/08/22 09:12:50 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA

hanqba1 · 2011/11/02

otl extra

color=#E56717]========== Custom Scans ==========[/color]

< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/03/18 13:23:52 | 000,699,280 | ---- | M] () -- C:\bknowsetup.log
[2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/03/17 17:47:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/01 19:14:42 | 000,021,489 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/07/08 21:49:32 | 000,005,550 | ---- | M] () -- C:\debug.txt
[2011/04/03 18:59:46 | 000,010,210 | ---- | M] () -- C:\dshow.log
[2011/11/02 19:13:19 | 2134,908,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/12 12:39:10 | 000,000,236 | ---- | M] () -- C:\INSTALL.LOG
[2011/01/23 18:09:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/16 15:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2007/09/13 09:56:16 | 000,000,512 | ---- | M] () -- C:\MDR.iss
[2011/01/23 18:09:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2011/11/02 19:13:18 | 2450,776,064 | -HS- | M] () -- C:\pagefile.sys
[2011/10/28 11:29:31 | 000,100,864 | ---- | M] (GMER) -- C:\pwdoqpod.sys
[2008/03/17 18:14:31 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2008/03/18 13:23:52 | 000,000,086 | ---- | M] () -- C:\setup.log
[2009/10/14 18:37:12 | 000,001,304 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/21 16:15:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/10/24 10:48:38 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp696.dll
[2008/01/21 02:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 02:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 03:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 03:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 03:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/16 20:16:53 | 000,000,286 | -HS- | M] () -- C:\Users\kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/01 18:38:47 | 004,280,887 | R--- | M] (Swearware) -- C:\Users\kevin\Desktop\ComboFix.exe
[2011/11/02 19:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
[2011/11/01 16:19:48 | 000,139,264 | ---- | M] () -- C:\Users\kevin\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >
[2011/09/12 19:33:31 | 006,278,328 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/09/21 16:29:09 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2009/09/21 16:28:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2008/08/17 01:57:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2008/08/17 01:57:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2009/09/21 16:28:39 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/03/25 21:42:04 | 000,000,402 | -HS- | M] () -- C:\Users\kevin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/01/10 13:59:45 | 000,011,204 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/10/30 18:53:31 | 000,000,626 | ---- | M] () -- C:\ProgramData\SharedProperties.xml

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2009/08/22 09:12:50 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/08/22 09:12:50 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA

hanqba1 · 2011/11/02

otl extra 2

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0187730A-6F82-42BE-A335-B6E6BA0C49D6}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{0436252C-8F7D-42D3-80EB-165CC2DFC866}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{05C5CD62-605B-4EC1-A812-CC9B371B125E}" = protocol=6 | dir=in | app=c:\program files\virgin media\hub\servicepointservice.exe |
"{08CB2968-2A2A-4403-86C7-91B84B06F110}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{11B39122-6710-45CB-BB98-9EF26233470D}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{11BE2E8F-49C3-4775-BF6F-328DEEA92A89}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{12A32E8D-B30F-47F1-8D6F-6DE07DAFB463}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18A40E86-D3DC-498E-A335-A34F5F45D44B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F65BC4A-4A18-462E-9B96-1722265F637F}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{29A62497-74E1-4C1B-82D3-782555088813}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AFB40B7-C264-4A3D-AAB3-15F839C18EC2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2EFDBEF9-BE77-4268-B83C-A906F58CAD74}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{370C1869-216D-44B1-819E-8F0C3EEA9F81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3BA34E18-99D3-493E-9086-E3692E7E65FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3D70CD11-27D2-41BF-BAB4-651077BDAF56}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{41CC5CDC-50BB-4DD7-AA25-8701ECFF9C01}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{466BD138-8269-455F-A291-EE69EA371C34}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4A0D4209-5B7D-4D63-8E76-9D1C79F077B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C3A1B25-FB43-48A7-A5C3-FCFAA8520382}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{4D22B983-0AA4-4A8F-8009-0E32A0CAD97D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5935FD86-3853-44C4-98B5-EEE2B05F9E36}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{5CEEA868-E9D5-4534-B0BB-F69391DB0F77}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{5D327365-24B4-46B9-B79C-43C9C109A872}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{5D504405-AABE-41BC-AA44-69A4805AA160}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{60F16F4A-A7F9-4D8D-8974-CFFE311C491A}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{67C3A6C7-B1CE-4EFD-896C-67B443016A48}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{695747C0-1C27-4095-BC7A-896B17A35737}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A1A4B2A-5F52-48F3-982D-9E53C231378D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7212908F-2E2A-4A16-94E8-29C594F1E86E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7456CAD2-96AD-4AC7-B520-45E28A9A639B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{782A80BE-EB55-4FB6-A1E5-C78EF0688123}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B74A487-247D-4F51-ADBC-2D919CFC2F0A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{7E4F351F-602B-4FBB-A74B-615149256992}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{80DC196F-C7DF-46D2-868C-C5E70D2D77B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{8137D5FA-B2A3-4CDC-B247-34BD29E4DC67}" = protocol=17 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{90A386EF-B363-4269-AFB3-7D947AFD0114}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{95A5E193-B48D-46ED-93A7-52A4DC2DBBD9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{971F175E-0AA6-40CE-8558-3F2864A64DE4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{99581E9A-50C6-4345-B6B4-0D8B7D2027AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{9B141A0A-9A60-4FE2-A1D5-1AABAC84F9C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9E16C791-D611-41BD-85C6-B50293D91B86}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{A238014B-BF30-41D3-AE4D-0F500B557941}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{A3300A96-89A6-4222-AECD-89C10C90A1E0}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{A4AF82A8-78E6-4F92-ABE2-D9BA2C2B454D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A9BAE143-0C3F-4E44-864F-EAF82447CF4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA997A0B-082E-4DF8-88A1-F6EA56F1D6D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB390BC8-A305-4488-B107-C985F658D56D}" = protocol=6 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{ACD38252-AEA3-487A-A017-27E71CB2A829}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{AD71A891-5119-46B7-BD64-171F6AE330B2}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{B2248EEF-17F1-40AB-ACE7-F95A41745D5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4B04117-3D12-44A3-A3D2-4AD2F13687F2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C32806A4-B9AE-44D1-A8C2-D8515B78A1C0}" = dir=in | app=e:\setup\hpznui01.exe |
"{C3A77A2F-F1D2-4DB7-B41F-740F39F840B4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5B1CD09-35CC-4D9D-910F-30A2B4256F5B}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C8425196-FFDA-4804-BBFC-6F1247A3357D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CBF22605-2243-464B-B728-EA3D77628157}" = protocol=17 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{DB5EBF03-AB0B-4551-8A7E-C55F95BCA4F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{E37303A8-76E3-4EF7-8462-87BAD8446F25}" = protocol=6 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{E5E604C5-C0A2-4F78-92CB-45EC5E98E80C}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{ED426E40-DEF1-421C-B77C-A5E161032763}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F145C7FC-863A-4CE1-8E99-14D696D5DB5E}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{F54A0DB7-2B09-4BAB-99D5-0F8C9ABFB932}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{FD468600-515B-4A3D-ADD9-1871FEE35AC9}" = protocol=17 | dir=in | app=c:\program files\virgin media\hub\servicepointservice.exe |
"{FE759D68-6187-464C-9673-68439B29E64D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FEAADBB0-1723-406B-89BA-DF866E139C8E}" = protocol=6 | dir=out | app=system |
"{FECC68EF-74B3-4064-AF67-4C9F967B13F2}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{02BC2468-767F-4DDC-97B0-136F274EAC08}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{14A4028E-CA6D-4DCC-9B2B-34279A106730}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{1BF82FDD-F535-4E01-AD85-A29DA4AC689A}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{1DE49A38-943A-4312-A143-67B67B87FC98}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{20A29661-FAED-45DB-88C4-A0BC70B70A85}C:\users\kevin\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\kevin\program files\dna\btdna.exe |
"TCP Query User{47D88BF7-8F2A-4CC9-82C7-F19A45BFC260}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{710B29E3-AE66-426F-9DA7-D64154915F8C}C:\users\kevin\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\kevin\program files\dna\btdna.exe |
"TCP Query User{7B5228BF-53BB-4E7F-B267-212FB1F38BC6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{AC78C2FA-DA77-414B-859C-05364CA0A2D6}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{AFBDBDA7-45B1-4D0C-826D-724C93F21A7A}C:\program files\muvizu\binaries\muvizu.exe" = protocol=6 | dir=in | app=c:\program files\muvizu\binaries\muvizu.exe |
"TCP Query User{B246E174-51D9-4E32-A754-DEFE7D1F5D50}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{BE4E3BE0-E4ED-4E09-9D42-7CEC27B2CEDE}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{D0139C93-68E2-4488-B9F6-409BAD77A4B2}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{E8E5611A-70F1-41BB-B401-DB59E1DBAC80}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F7C8668B-084D-464D-A075-BEF65A6E8B29}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{18648DEE-FD6C-4BD5-B783-671248948077}C:\users\kevin\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\kevin\program files\dna\btdna.exe |
"UDP Query User{20A3D235-97AE-4C6A-8B80-40F511E68CCF}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{2926D76B-4A21-4D70-BAD6-298046E3CE88}C:\users\kevin\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\kevin\program files\dna\btdna.exe |
"UDP Query User{3F0B4642-79A4-421F-AFAF-1B5F83D911D0}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{52F66DCE-C88B-41EA-BE8D-405EEB487853}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{5D633C81-65D3-4A09-9AF6-92973329C5A5}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{5E7ED298-0682-4B70-A3B0-A619C0A5F25A}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{6155C12A-2E5A-4B89-8C1B-F33628E1BC26}C:\program files\muvizu\binaries\muvizu.exe" = protocol=17 | dir=in | app=c:\program files\muvizu\binaries\muvizu.exe |
"UDP Query User{694B11EC-7AB9-44FB-8BF1-5162B86F8782}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{884C296C-1904-43DF-A2DD-EDC10C4C6899}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{956AF309-E990-4EB5-95C7-33695A7BC086}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{A200C629-B15B-4F16-9115-9BF7DD60E77A}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{B3CADEB1-D32D-47C1-AE84-00C684190FD9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{EDBC076C-D9E2-4909-A4C0-6CFE814A48B4}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{F7AF2264-FCAA-424E-861D-B816D7AF9810}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{070BC58F-C9D9-4EC6-8ACA-FF433378BFC2}" = HTC Rome USB Driver
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25EEBF98-0807-4DA9-8998-992C8FA388DC}" = HTC Sync for BrewMP
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 27
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7CEA10-4694-4FC3-B761-9DBFD50B8F2A}" = Client Settings Tool
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT
"{A6982C3D-17A7-41A7-B226-C214F49C3120}" = BTOffer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BearShare 2 MediaBar" = MediaBar
"BFG-Burger Shop 2" = Burger Shop 2
"BFGC" = Big Fish Games: Game Manager
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst â„¢
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ezPower POS Demo 13_is1" = ezPower POS Demo 13
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mysteryville 2" = Mysteryville 2 (remove only)
"Picasa 3" = Picasa 3
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Webroot Software" = Webroot Software
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/09/2010 07:30:47 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/09/2010 06:15:41 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/09/2010 07:37:27 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/09/2010 09:07:02 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/09/2010 08:25:25 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/09/2010 10:53:13 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/09/2010 13:05:43 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/09/2010 13:07:25 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/09/2010 13:09:26 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 13/09/2010 10:54:31 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 01/10/2011 12:50:27 | Computer Name = kevin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/10/2011 12:50:45 | Computer Name = kevin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 01/11/2011 15:04:08 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 01/11/2011 15:07:09 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 01/11/2011 15:27:23 | Computer Name = kevin-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.2 on
the Network Card with network address 0022693174B7.

Error - 01/11/2011 17:24:24 | Computer Name = kevin-PC | Source = DCOM | ID = 10010
Description =

Error - 02/11/2011 04:13:10 | Computer Name = kevin-PC | Source = DCOM | ID = 10016
Description =

Error - 02/11/2011 14:42:48 | Computer Name = kevin-PC | Source = DCOM | ID = 10016
Description =

Error - 02/11/2011 15:11:28 | Computer Name = kevin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:01:11 on 02/11/2011 was unexpected.

Error - 02/11/2011 15:11:52 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 02/11/2011 15:13:22 | Computer Name = kevin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:12:28 on 02/11/2011 was unexpected.

Error - 02/11/2011 15:14:57 | Computer Name = kevin-PC | Source = DCOM | ID = 10016
Description =

< End of report >

broni · 2011/11/02

Both logs are incomplete.
Please repost.

hanqba1 · 2011/11/03

sorry will try again

OTL logfile created on: 02/11/2011 19:25:13 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\kevin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.42% Memory free
4.21 Gb Paging File | 2.70 Gb Available in Paging File | 64.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 17.86 Gb Free Space | 25.97% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 68.39 Gb Free Space | 99.75% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/02 19:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
PRC - [2011/11/02 08:13:43 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\kevin\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/09/12 19:30:44 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/12 19:30:21 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 17:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/08/24 17:28:48 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2011/07/21 15:01:26 | 001,477,304 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Security\Current\plugins\cleanup\WRCleanupEngine.exe
PRC - [2011/04/03 17:24:02 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe
PRC - [2011/03/25 12:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/02/08 17:21:52 | 001,114,040 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2010/04/16 12:55:26 | 000,180,224 | ---- | M] (FutureDial Inc.) -- C:\Program Files\HTC\HTC Sync for BrewMP\AutoDetect.exe
PRC - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 18:06:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/03/05 13:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 13:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/22 18:14:24 | 000,200,704 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2008/01/21 02:25:26 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
PRC - [2008/01/10 01:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/04 10:21:36 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/12/20 18:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/12/20 18:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/20 01:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/28 01:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/10 06:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/10/01 23:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 20:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/19 21:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/09/10 22:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/07 03:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/09/06 19:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/09/03 10:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/12 23:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/12 23:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/25 19:31:18 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/24 22:43:56 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/24 22:43:47 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/24 22:43:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/24 22:43:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/18 06:54:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/18 06:53:55 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/18 06:53:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/18 06:52:15 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/18 06:51:38 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/12 19:30:44 | 002,558,976 | ---- | M] () -- C:\Program Files\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/01/10 01:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008/01/10 01:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008/01/03 09:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/12/20 20:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007/12/20 18:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007/12/20 01:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/12/20 01:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/12/20 01:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/12/20 01:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/10/10 06:41:08 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
MOD - [2007/09/20 21:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007/09/11 16:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007/02/13 13:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2003/06/07 05:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/12 19:30:44 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/08/24 17:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/03/25 12:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2008/03/05 13:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/20 18:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/20 01:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/28 01:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/01 23:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 20:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/19 21:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/09/10 22:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/07/12 23:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011/07/21 14:33:32 | 000,117,104 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2011/05/18 16:31:32 | 000,181,008 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/05/18 16:31:30 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2011/05/18 16:31:28 | 000,045,584 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 11:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/08/28 22:32:12 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/08/28 22:32:11 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/01/24 01:37:20 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2008/01/21 02:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/21 02:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/05 00:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007/12/29 19:05:26 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/08/09 03:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 18:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 17:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/30 14:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/07/03 17:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/03/07 08:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/01/30 05:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {25A6EDBF-C0FD-4ff7-B6A7-C6EDEA3B0B55} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/

IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\kevin\Pictures
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/10/14 17:57:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}: C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc\ [2011/09/12 19:42:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/10/14 17:57:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\MFToolbar@skywebsearch.com: C:\Program Files\MusicFrost\Music Frost Toolbar\FF
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\search@helper: C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\\extensions\SearchHelper

[2010/03/30 19:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kevin\AppData\Roaming\mozilla\Extensions
[2009/10/01 18:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kevin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/03/30 19:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kevin\AppData\Roaming\mozilla\Firefox\extensions
[2010/03/30 19:45:57 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Users\kevin\AppData\Roaming\mozilla\Firefox\extensions\textlinks@playsushi.com

========== Chrome ==========

CHR - default_search_provider: MF Custom Search ()
CHR - default_search_provider: search_url = http://search.musicfrost.com/results.php?q={searchTerms}
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/11/01 19:07:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (WebrootBHO Class) - {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files\Webroot\Security\Current\plugins\browserextension\WebrootBHO.dll (Webroot Software, Inc.)
O2 - BHO: (Webroot Browser Helper Object) - {e08861fe-8847-4b2a-8ec2-08edb20e4020} - C:\Program Files\Webroot\Security\Current\products\WISE\toolbar\LPBar.dll (Webroot Software, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files\Webroot\Security\Current\products\WISE\toolbar\LPBar.dll (Webroot Software, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [HTC Sync] C:\Program Files\HTC\HTC Sync for BrewMP\AutoDetect.exe (FutureDial Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O4 - Startup: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2902736051-1603590949-3363684024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/vistainstaller.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3454A740-5DC8-4F59-847A-F783FBD7F88C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1FD72C5-D312-4E5B-9A98-1BDDAF43889A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - AppInit_DLLs: (c:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) -c:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (c:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) -c:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\kevin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\kevin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/02 19:21:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
[2011/11/01 19:14:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/01 18:40:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/01 18:40:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/01 18:40:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/01 18:39:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/01 18:39:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/01 18:39:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/01 18:38:04 | 004,280,887 | R--- | C] (Swearware) -- C:\Users\kevin\Desktop\ComboFix.exe
[2011/10/31 11:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/30 18:53:31 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\SoftwareDetectionScripts
[2011/10/30 18:34:49 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Local\Webroot
[2011/10/28 11:38:54 | 000,000,000 | ---D | C] -- C:\found.008
[2011/10/28 11:29:31 | 000,100,864 | ---- | C] (GMER) -- C:\pwdoqpod.sys
[2011/10/28 11:25:02 | 000,000,000 | ---D | C] -- C:\Users\kevin\AppData\Roaming\Malwarebytes
[2011/10/28 11:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/28 11:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/28 11:24:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/28 11:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/10 20:08:22 | 000,000,000 | ---D | C] -- C:\found.007
[2011/10/10 18:49:54 | 000,000,000 | ---D | C] -- C:\found.006
[2011/10/10 15:28:28 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/05 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\kevin\Documents\GT NEWS
[2011/09/12 19:33:20 | 006,278,328 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe
[2009/06/07 20:19:02 | 000,106,496 | ---- | C] ( ) -- C:\Windows\System32\VM_1.dll
[2008/08/17 02:10:16 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

========== Files - Modified Within 30 Days ==========

[2011/11/02 19:27:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/11/02 19:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
[2011/11/02 19:19:06 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/02 19:19:06 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/02 19:13:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/02 19:13:28 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/02 19:13:28 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/02 19:13:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/02 19:13:19 | 2134,908,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/02 18:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/01 19:07:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/01 18:38:47 | 004,280,887 | R--- | M] (Swearware) -- C:\Users\kevin\Desktop\ComboFix.exe
[2011/11/01 16:37:01 | 000,038,088 | ---- | M] () -- C:\Users\kevin\Desktop\roots 2
[2011/11/01 16:19:48 | 000,139,264 | ---- | M] () -- C:\Users\kevin\Desktop\RKUnhookerLE.EXE
[2011/11/01 08:43:06 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/31 15:12:10 | 000,000,512 | ---- | M] () -- C:\Users\kevin\Desktop\MBR.dat
[2011/10/31 14:37:23 | 000,006,648 | ---- | M] () -- C:\Users\kevin\AppData\Local\d3d9caps.dat
[2011/10/30 19:02:21 | 000,000,430 | ---- | M] () -- C:\Users\kevin\AppData\Roaming\FulfillmentStateMachineStore.xml
[2011/10/30 19:02:20 | 000,000,738 | ---- | M] () -- C:\Users\kevin\AppData\Roaming\SubscriptionStore.xml
[2011/10/30 19:02:20 | 000,000,683 | ---- | M] () -- C:\Users\kevin\AppData\Roaming\EventStore.xml
[2011/10/30 19:02:20 | 000,000,583 | ---- | M] () -- C:\Users\kevin\AppData\Roaming\UpgradeStore.xml
[2011/10/30 19:02:20 | 000,000,545 | ---- | M] () -- C:\Users\kevin\AppData\Roaming\CampaignStore.xml
[2011/10/30 19:02:20 | 000,000,541 | ---- | M] () -- C:\Users\kevin\AppData\Roaming\UpdateStore.xml
[2011/10/30 19:02:20 | 000,000,412 | ---- | M] () -- C:\Users\kevin\AppData\Roaming\ConfigurationStore.xml
[2011/10/30 18:53:31 | 000,000,626 | ---- | M] () -- C:\ProgramData\SharedProperties.xml
[2011/10/28 12:05:47 | 000,000,512 | ---- | M] () -- C:\Users\kevin\Documents\MBR.dat
[2011/10/28 11:41:16 | 214,214,656 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/28 11:29:31 | 000,100,864 | ---- | M] (GMER) -- C:\pwdoqpod.sys
[2011/10/28 11:24:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/26 20:25:59 | 000,002,555 | ---- | M] () -- C:\Users\kevin\Desktop\Microsoft Office Publisher 2007.lnk
[2011/10/26 18:59:50 | 000,000,736 | ---- | M] () -- C:\Windows\SamsungMaster.INI
[2011/10/25 20:08:53 | 000,002,585 | ---- | M] () -- C:\Users\kevin\Desktop\Microsoft Office Excel 2007.lnk
[2011/10/18 06:48:09 | 000,410,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/10 20:34:58 | 000,002,627 | ---- | M] () -- C:\Users\kevin\Desktop\Microsoft Office Word 2007.lnk
[2011/10/05 20:53:58 | 000,113,126 | ---- | M] () -- C:\Users\kevin\CommunicatingBadNews.potx
[2011/10/05 20:49:39 | 001,830,111 | ---- | M] () -- C:\Users\kevin\Documents\IntroPPT2007.potx

========== Files Created - No Company Name ==========

[2011/11/01 18:40:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/01 18:40:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/01 18:40:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/01 18:40:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/01 18:40:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/01 16:37:01 | 000,038,088 | ---- | C] () -- C:\Users\kevin\Desktop\roots 2
[2011/11/01 16:19:42 | 000,139,264 | ---- | C] () -- C:\Users\kevin\Desktop\RKUnhookerLE.EXE
[2011/10/31 18:32:49 | 2134,908,928 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 15:12:10 | 000,000,512 | ---- | C] () -- C:\Users\kevin\Desktop\MBR.dat
[2011/10/30 19:02:20 | 000,000,683 | ---- | C] () -- C:\Users\kevin\AppData\Roaming\EventStore.xml
[2011/10/30 19:02:20 | 000,000,545 | ---- | C] () -- C:\Users\kevin\AppData\Roaming\CampaignStore.xml
[2011/10/30 19:02:20 | 000,000,541 | ---- | C] () -- C:\Users\kevin\AppData\Roaming\UpdateStore.xml
[2011/10/30 18:53:33 | 000,000,738 | ---- | C] () -- C:\Users\kevin\AppData\Roaming\SubscriptionStore.xml
[2011/10/30 18:53:33 | 000,000,583 | ---- | C] () -- C:\Users\kevin\AppData\Roaming\UpgradeStore.xml
[2011/10/30 18:53:33 | 000,000,430 | ---- | C] () -- C:\Users\kevin\AppData\Roaming\FulfillmentStateMachineStore.xml
[2011/10/30 18:53:33 | 000,000,412 | ---- | C] () -- C:\Users\kevin\AppData\Roaming\ConfigurationStore.xml
[2011/10/30 18:53:31 | 000,000,626 | ---- | C] () -- C:\ProgramData\SharedProperties.xml
[2011/10/28 12:05:46 | 000,000,512 | ---- | C] () -- C:\Users\kevin\Documents\MBR.dat
[2011/10/28 11:24:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/26 18:59:50 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2011/10/05 20:54:18 | 000,113,126 | ---- | C] () -- C:\Users\kevin\CommunicatingBadNews.potx
[2011/10/05 20:49:56 | 001,830,111 | ---- | C] () -- C:\Users\kevin\Documents\IntroPPT2007.potx
[2011/09/05 10:17:03 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2011/09/05 10:17:03 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2011/05/30 17:29:48 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011/02/12 12:53:06 | 000,000,032 | ---- | C] () -- C:\Windows\Vipistub.INI
[2011/01/12 15:06:48 | 000,017,908 | ---- | C] () -- C:\Users\kevin\AppData\Roaming\UserTile.png
[2010/12/30 20:16:46 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2010/07/04 14:52:32 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/07/04 14:52:32 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/07/04 14:52:32 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2010/06/19 18:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010/01/19 11:49:54 | 000,466,944 | ---- | C] () -- C:\Windows\System32\RemoveDevice.dll
[2009/10/14 18:40:41 | 000,150,679 | ---- | C] () -- C:\Windows\hpoins30.dat.temp
[2009/10/14 18:40:40 | 000,000,547 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2009/10/14 17:43:10 | 000,150,157 | ---- | C] () -- C:\Windows\hpoins30.dat
[2009/09/18 10:20:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 10:20:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/22 09:29:03 | 040,696,352 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/05/15 07:04:24 | 000,000,108 | ---- | C] () -- C:\Users\kevin\AppData\Roaming\wklnhst.dat
[2009/04/18 14:43:27 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/03/02 17:50:25 | 000,006,648 | ---- | C] () -- C:\Users\kevin\AppData\Local\d3d9caps.dat
[2009/02/28 13:32:28 | 000,160,342 | ---- | C] () -- C:\Windows\hphins26.dat
[2009/01/31 09:48:52 | 000,014,848 | ---- | C] () -- C:\Users\kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/28 14:41:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/05 10:52:59 | 000,000,547 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2008/08/17 02:46:19 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/08/17 02:46:14 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/08/17 02:10:16 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/03/18 14:50:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/17 18:42:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/03/17 18:36:06 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/17 18:13:52 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/17 17:44:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/03/17 17:44:13 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/03/17 17:44:12 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/03/17 17:44:12 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/03/17 17:40:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/18 09:49:21 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,410,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/07/01 18:38:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\lttls13n.dll
[2004/07/01 18:38:38 | 000,708,608 | ---- | C] () -- C:\Windows\System32\ltcry13n.dll
[2004/07/01 18:38:28 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2004/07/01 18:38:28 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/03/17 19:07:57 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Acer GameZone Console
[2011/01/08 23:21:34 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\MusicFrost
[2011/01/08 22:20:57 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Radialpoint
[2011/04/20 13:07:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Teleca
[2011/10/16 19:23:59 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Virgin Media
[2008/03/17 19:07:57 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Acer GameZone Console
[2011/07/08 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Birdstep Technology
[2010/07/04 15:57:43 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/13 23:01:00 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\DriverCure
[2011/09/01 13:55:10 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\FrostWire
[2010/12/29 23:36:18 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\HTC
[2010/06/26 11:06:00 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\licenses
[2010/12/30 17:10:17 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Mysteryville2
[2011/01/14 23:52:10 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\NCH Swift Sound
[2011/02/11 13:42:49 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\OpenOffice.org
[2011/03/17 21:18:34 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Participatory Culture Foundation
[2010/05/11 19:39:39 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\PCMM2009
[2010/05/11 19:37:57 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\PCMM2010
[2011/01/12 15:06:48 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\PeerNetworking
[2010/09/04 16:59:30 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Radialpoint
[2011/05/30 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\SeaApple
[2011/10/30 18:53:31 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\SoftwareDetectionScripts
[2009/02/08 19:56:29 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Sony
[2011/04/20 13:07:17 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Teleca
[2009/05/15 07:04:29 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Template
[2010/12/30 20:06:32 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Uniblue
[2009/04/18 10:49:14 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\uTorrent
[2011/04/07 17:59:23 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Virgin Media
[2011/08/17 17:31:07 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\WhiteSmoke
[2011/11/02 08:22:00 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/03/18 13:23:52 | 000,699,280 | ---- | M] () -- C:\bknowsetup.log
[2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/03/17 17:47:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/01 19:14:42 | 000,021,489 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/07/08 21:49:32 | 000,005,550 | ---- | M] () -- C:\debug.txt
[2011/04/03 18:59:46 | 000,010,210 | ---- | M] () -- C:\dshow.log
[2011/11/02 19:13:19 | 2134,908,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/12 12:39:10 | 000,000,236 | ---- | M] () -- C:\INSTALL.LOG
[2011/01/23 18:09:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/16 15:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2007/09/13 09:56:16 | 000,000,512 | ---- | M] () -- C:\MDR.iss
[2011/01/23 18:09:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2011/11/02 19:13:18 | 2450,776,064 | -HS- | M] () -- C:\pagefile.sys
[2011/10/28 11:29:31 | 000,100,864 | ---- | M] (GMER) -- C:\pwdoqpod.sys
[2008/03/17 18:14:31 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2008/03/18 13:23:52 | 000,000,086 | ---- | M] () -- C:\setup.log
[2009/10/14 18:37:12 | 000,001,304 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/21 16:15:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/10/24 10:48:38 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp696.dll
[2008/01/21 02:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 02:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 03:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 03:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 03:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

broni · 2011/11/03

Go on.....

hanqba1 · 2011/11/03

sorry didn't think you would be on yet otl 1

have had some problems with power cuts here are the rest of the logs

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/03/18 13:23:52 | 000,699,280 | ---- | M] () -- C:\bknowsetup.log
[2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/03/17 17:47:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/01 19:14:42 | 000,021,489 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/07/08 21:49:32 | 000,005,550 | ---- | M] () -- C:\debug.txt
[2011/04/03 18:59:46 | 000,010,210 | ---- | M] () -- C:\dshow.log
[2011/11/02 19:13:19 | 2134,908,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/12 12:39:10 | 000,000,236 | ---- | M] () -- C:\INSTALL.LOG
[2011/01/23 18:09:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/16 15:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2007/09/13 09:56:16 | 000,000,512 | ---- | M] () -- C:\MDR.iss
[2011/01/23 18:09:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2011/11/02 19:13:18 | 2450,776,064 | -HS- | M] () -- C:\pagefile.sys
[2011/10/28 11:29:31 | 000,100,864 | ---- | M] (GMER) -- C:\pwdoqpod.sys
[2008/03/17 18:14:31 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2008/03/18 13:23:52 | 000,000,086 | ---- | M] () -- C:\setup.log
[2009/10/14 18:37:12 | 000,001,304 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/21 16:15:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/10/24 10:48:38 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp696.dll
[2008/01/21 02:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 02:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 03:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 03:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 03:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/16 20:16:53 | 000,000,286 | -HS- | M] () -- C:\Users\kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/01 18:38:47 | 004,280,887 | R--- | M] (Swearware) -- C:\Users\kevin\Desktop\ComboFix.exe
[2011/11/02 19:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
[2011/11/01 16:19:48 | 000,139,264 | ---- | M] () -- C:\Users\kevin\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >
[2011/09/12 19:33:31 | 006,278,328 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/09/21 16:29:09 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2009/09/21 16:28:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2008/08/17 01:57:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2008/08/17 01:57:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2009/09/21 16:28:39 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/03/25 21:42:04 | 000,000,402 | -HS- | M] () -- C:\Users\kevin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/01/10 13:59:45 | 000,011,204 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/10/30 18:53:31 | 000,000,626 | ---- | M] () -- C:\ProgramData\SharedProperties.xml

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2009/08/22 09:12:50 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/08/22 09:12:50 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMPBA1A307
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A518B662
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:191930F5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C8EAE2CC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:80E965A3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E

< End of report >

hanqba1 · 2011/11/03

otl extra

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/03/18 13:23:52 | 000,699,280 | ---- | M] () -- C:\bknowsetup.log
[2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/03/17 17:47:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/01 19:14:42 | 000,021,489 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/07/08 21:49:32 | 000,005,550 | ---- | M] () -- C:\debug.txt
[2011/04/03 18:59:46 | 000,010,210 | ---- | M] () -- C:\dshow.log
[2011/11/02 19:13:19 | 2134,908,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/12 12:39:10 | 000,000,236 | ---- | M] () -- C:\INSTALL.LOG
[2011/01/23 18:09:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/16 15:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2007/09/13 09:56:16 | 000,000,512 | ---- | M] () -- C:\MDR.iss
[2011/01/23 18:09:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2011/11/02 19:13:18 | 2450,776,064 | -HS- | M] () -- C:\pagefile.sys
[2011/10/28 11:29:31 | 000,100,864 | ---- | M] (GMER) -- C:\pwdoqpod.sys
[2008/03/17 18:14:31 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2008/03/18 13:23:52 | 000,000,086 | ---- | M] () -- C:\setup.log
[2009/10/14 18:37:12 | 000,001,304 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/21 16:15:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/10/24 10:48:38 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp696.dll
[2008/01/21 02:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 02:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 03:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 03:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 03:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/16 20:16:53 | 000,000,286 | -HS- | M] () -- C:\Users\kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/01 18:38:47 | 004,280,887 | R--- | M] (Swearware) -- C:\Users\kevin\Desktop\ComboFix.exe
[2011/11/02 19:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\kevin\Desktop\OTL.exe
[2011/11/01 16:19:48 | 000,139,264 | ---- | M] () -- C:\Users\kevin\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >
[2011/09/12 19:33:31 | 006,278,328 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/09/21 16:29:09 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2009/09/21 16:28:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2008/08/17 01:57:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2008/08/17 01:57:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2009/09/21 16:28:39 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/03/25 21:42:04 | 000,000,402 | -HS- | M] () -- C:\Users\kevin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/01/10 13:59:45 | 000,011,204 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/10/30 18:53:31 | 000,000,626 | ---- | M] () -- C:\ProgramData\SharedProperties.xml

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2009/08/22 09:12:50 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/08/22 09:12:50 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMPBA1A307
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A518B662
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:191930F5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C8EAE2CC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:80E965A3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E

< End of report >

hanqba1 · 2011/11/03

otl extra

OTL Extras logfile created on: 02/11/2011 19:25:13 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\kevin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.42% Memory free
4.21 Gb Paging File | 2.70 Gb Available in Paging File | 64.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 17.86 Gb Free Space | 25.97% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 68.39 Gb Free Space | 99.75% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01009749-B83D-4375-9E2B-5074CCBDA1C6}" = lport=139 | protocol=6 | dir=in | app=system |
"{033F3EFC-206F-4CF0-B854-9A6152391A3A}" = lport=445 | protocol=6 | dir=in | app=system |
"{093B23A5-C3DD-4C17-A418-BA5A8B21CE8A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E003C8A-94F7-4FFE-9C59-5BF5B2D2D80A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1188E937-8FD4-440F-8FFB-395D001FA614}" = rport=137 | protocol=17 | dir=out | app=system |
"{160EF82A-C0FF-4441-BB0F-B112BEDBE9D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1641DBA5-9252-425A-8C01-4FF08EB1547B}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C543E1E-2E49-4152-90DE-3C879198CB17}" = rport=139 | protocol=6 | dir=out | app=system |
"{20AB5A07-59C0-45F3-ADDC-4374E496F839}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{20E45DFE-25B9-4C18-AEA0-793011D2B2F2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{243C09C2-B003-4F18-9BAD-A280F59FF9E1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2A4B8FCF-E195-4802-B187-96EA948B503B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E96DFB7-76BB-47A1-83A2-9AC1BFCBF8B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E409675-EB37-4A0A-ABBC-77317164F982}" = lport=137 | protocol=17 | dir=in | app=system |
"{72A07471-D924-4F56-9E83-51F36B8A249B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{79D7EC98-F539-491A-B843-7715184C5499}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F165E42-E358-4CBA-91AA-C9E4BC05B512}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9538E647-A1F5-401D-8C87-0A3BE71100BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C268043-F9C0-4499-8E12-450049169FB9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9E9BF074-9E37-4104-8F6C-472F6664C64A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E9D6E27-4F4E-4F91-BDDA-9AA262653B1C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A26C9D95-D832-4627-A942-F67D7EA1FE74}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A7F7F8F5-693D-4694-AA38-69B9D60BEE8B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B363FF25-8766-4424-9D76-3901800FC97B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C2D0C95A-6A62-4BBD-9B5E-C7087C7D259D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CC744D9C-B110-42A4-AD25-BEED3B73A810}" = rport=445 | protocol=6 | dir=out | app=system |
"{EA41F743-D94E-4EF9-A6A2-E6EBE5A92CD4}" = lport=138 | protocol=17 | dir=in | app=system |
"{F044BC62-CF2C-4F79-AC86-53BE3FCAF3B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0D11CCD-6C64-43ED-AA04-966457C2D68E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0187730A-6F82-42BE-A335-B6E6BA0C49D6}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{0436252C-8F7D-42D3-80EB-165CC2DFC866}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{05C5CD62-605B-4EC1-A812-CC9B371B125E}" = protocol=6 | dir=in | app=c:\program files\virgin media\hub\servicepointservice.exe |
"{08CB2968-2A2A-4403-86C7-91B84B06F110}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{11B39122-6710-45CB-BB98-9EF26233470D}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{11BE2E8F-49C3-4775-BF6F-328DEEA92A89}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{12A32E8D-B30F-47F1-8D6F-6DE07DAFB463}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18A40E86-D3DC-498E-A335-A34F5F45D44B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F65BC4A-4A18-462E-9B96-1722265F637F}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{29A62497-74E1-4C1B-82D3-782555088813}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AFB40B7-C264-4A3D-AAB3-15F839C18EC2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2EFDBEF9-BE77-4268-B83C-A906F58CAD74}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{370C1869-216D-44B1-819E-8F0C3EEA9F81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3BA34E18-99D3-493E-9086-E3692E7E65FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3D70CD11-27D2-41BF-BAB4-651077BDAF56}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{41CC5CDC-50BB-4DD7-AA25-8701ECFF9C01}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{466BD138-8269-455F-A291-EE69EA371C34}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4A0D4209-5B7D-4D63-8E76-9D1C79F077B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C3A1B25-FB43-48A7-A5C3-FCFAA8520382}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{4D22B983-0AA4-4A8F-8009-0E32A0CAD97D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5935FD86-3853-44C4-98B5-EEE2B05F9E36}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{5CEEA868-E9D5-4534-B0BB-F69391DB0F77}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{5D327365-24B4-46B9-B79C-43C9C109A872}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{5D504405-AABE-41BC-AA44-69A4805AA160}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{60F16F4A-A7F9-4D8D-8974-CFFE311C491A}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{67C3A6C7-B1CE-4EFD-896C-67B443016A48}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{695747C0-1C27-4095-BC7A-896B17A35737}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A1A4B2A-5F52-48F3-982D-9E53C231378D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7212908F-2E2A-4A16-94E8-29C594F1E86E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7456CAD2-96AD-4AC7-B520-45E28A9A639B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{782A80BE-EB55-4FB6-A1E5-C78EF0688123}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B74A487-247D-4F51-ADBC-2D919CFC2F0A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{7E4F351F-602B-4FBB-A74B-615149256992}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{80DC196F-C7DF-46D2-868C-C5E70D2D77B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{8137D5FA-B2A3-4CDC-B247-34BD29E4DC67}" = protocol=17 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{90A386EF-B363-4269-AFB3-7D947AFD0114}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{95A5E193-B48D-46ED-93A7-52A4DC2DBBD9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{971F175E-0AA6-40CE-8558-3F2864A64DE4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{99581E9A-50C6-4345-B6B4-0D8B7D2027AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{9B141A0A-9A60-4FE2-A1D5-1AABAC84F9C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9E16C791-D611-41BD-85C6-B50293D91B86}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{A238014B-BF30-41D3-AE4D-0F500B557941}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{A3300A96-89A6-4222-AECD-89C10C90A1E0}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{A4AF82A8-78E6-4F92-ABE2-D9BA2C2B454D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A9BAE143-0C3F-4E44-864F-EAF82447CF4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA997A0B-082E-4DF8-88A1-F6EA56F1D6D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB390BC8-A305-4488-B107-C985F658D56D}" = protocol=6 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{ACD38252-AEA3-487A-A017-27E71CB2A829}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{AD71A891-5119-46B7-BD64-171F6AE330B2}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{B2248EEF-17F1-40AB-ACE7-F95A41745D5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4B04117-3D12-44A3-A3D2-4AD2F13687F2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C32806A4-B9AE-44D1-A8C2-D8515B78A1C0}" = dir=in | app=e:\setup\hpznui01.exe |
"{C3A77A2F-F1D2-4DB7-B41F-740F39F840B4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5B1CD09-35CC-4D9D-910F-30A2B4256F5B}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C8425196-FFDA-4804-BBFC-6F1247A3357D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CBF22605-2243-464B-B728-EA3D77628157}" = protocol=17 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{DB5EBF03-AB0B-4551-8A7E-C55F95BCA4F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{E37303A8-76E3-4EF7-8462-87BAD8446F25}" = protocol=6 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{E5E604C5-C0A2-4F78-92CB-45EC5E98E80C}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{ED426E40-DEF1-421C-B77C-A5E161032763}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F145C7FC-863A-4CE1-8E99-14D696D5DB5E}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{F54A0DB7-2B09-4BAB-99D5-0F8C9ABFB932}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{FD468600-515B-4A3D-ADD9-1871FEE35AC9}" = protocol=17 | dir=in | app=c:\program files\virgin media\hub\servicepointservice.exe |
"{FE759D68-6187-464C-9673-68439B29E64D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FEAADBB0-1723-406B-89BA-DF866E139C8E}" = protocol=6 | dir=out | app=system |
"{FECC68EF-74B3-4064-AF67-4C9F967B13F2}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{02BC2468-767F-4DDC-97B0-136F274EAC08}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{14A4028E-CA6D-4DCC-9B2B-34279A106730}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{1BF82FDD-F535-4E01-AD85-A29DA4AC689A}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{1DE49A38-943A-4312-A143-67B67B87FC98}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{20A29661-FAED-45DB-88C4-A0BC70B70A85}C:\users\kevin\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\kevin\program files\dna\btdna.exe |
"TCP Query User{47D88BF7-8F2A-4CC9-82C7-F19A45BFC260}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{710B29E3-AE66-426F-9DA7-D64154915F8C}C:\users\kevin\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\kevin\program files\dna\btdna.exe |
"TCP Query User{7B5228BF-53BB-4E7F-B267-212FB1F38BC6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{AC78C2FA-DA77-414B-859C-05364CA0A2D6}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{AFBDBDA7-45B1-4D0C-826D-724C93F21A7A}C:\program files\muvizu\binaries\muvizu.exe" = protocol=6 | dir=in | app=c:\program files\muvizu\binaries\muvizu.exe |
"TCP Query User{B246E174-51D9-4E32-A754-DEFE7D1F5D50}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{BE4E3BE0-E4ED-4E09-9D42-7CEC27B2CEDE}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{D0139C93-68E2-4488-B9F6-409BAD77A4B2}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{E8E5611A-70F1-41BB-B401-DB59E1DBAC80}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F7C8668B-084D-464D-A075-BEF65A6E8B29}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{18648DEE-FD6C-4BD5-B783-671248948077}C:\users\kevin\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\kevin\program files\dna\btdna.exe |
"UDP Query User{20A3D235-97AE-4C6A-8B80-40F511E68CCF}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{2926D76B-4A21-4D70-BAD6-298046E3CE88}C:\users\kevin\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\kevin\program files\dna\btdna.exe |
"UDP Query User{3F0B4642-79A4-421F-AFAF-1B5F83D911D0}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{52F66DCE-C88B-41EA-BE8D-405EEB487853}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{5D633C81-65D3-4A09-9AF6-92973329C5A5}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{5E7ED298-0682-4B70-A3B0-A619C0A5F25A}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{6155C12A-2E5A-4B89-8C1B-F33628E1BC26}C:\program files\muvizu\binaries\muvizu.exe" = protocol=17 | dir=in | app=c:\program files\muvizu\binaries\muvizu.exe |
"UDP Query User{694B11EC-7AB9-44FB-8BF1-5162B86F8782}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{884C296C-1904-43DF-A2DD-EDC10C4C6899}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{956AF309-E990-4EB5-95C7-33695A7BC086}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{A200C629-B15B-4F16-9115-9BF7DD60E77A}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{B3CADEB1-D32D-47C1-AE84-00C684190FD9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{EDBC076C-D9E2-4909-A4C0-6CFE814A48B4}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{F7AF2264-FCAA-424E-861D-B816D7AF9810}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{070BC58F-C9D9-4EC6-8ACA-FF433378BFC2}" = HTC Rome USB Driver
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25EEBF98-0807-4DA9-8998-992C8FA388DC}" = HTC Sync for BrewMP
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 27
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7CEA10-4694-4FC3-B761-9DBFD50B8F2A}" = Client Settings Tool
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT
"{A6982C3D-17A7-41A7-B226-C214F49C3120}" = BTOffer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BearShare 2 MediaBar" = MediaBar
"BFG-Burger Shop 2" = Burger Shop 2
"BFGC" = Big Fish Games: Game Manager
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst â„¢
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ezPower POS Demo 13_is1" = ezPower POS Demo 13
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mysteryville 2" = Mysteryville 2 (remove only)
"Picasa 3" = Picasa 3
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Webroot Software" = Webroot Software
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/09/2010 07:30:47 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/09/2010 06:15:41 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/09/2010 07:37:27 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/09/2010 09:07:02 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/09/2010 08:25:25 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/09/2010 10:53:13 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/09/2010 13:05:43 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/09/2010 13:07:25 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/09/2010 13:09:26 | Computer Name = kevin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 13/09/2010 10:54:31 | Computer Name = kevin-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 01/10/2011 12:50:27 | Computer Name = kevin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/10/2011 12:50:45 | Computer Name = kevin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 01/11/2011 15:04:08 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 01/11/2011 15:07:09 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 01/11/2011 15:27:23 | Computer Name = kevin-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.2 on
the Network Card with network address 0022693174B7.

Error - 01/11/2011 17:24:24 | Computer Name = kevin-PC | Source = DCOM | ID = 10010
Description =

Error - 02/11/2011 04:13:10 | Computer Name = kevin-PC | Source = DCOM | ID = 10016
Description =

Error - 02/11/2011 14:42:48 | Computer Name = kevin-PC | Source = DCOM | ID = 10016
Description =

Error - 02/11/2011 15:11:28 | Computer Name = kevin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:01:11 on 02/11/2011 was unexpected.

Error - 02/11/2011 15:11:52 | Computer Name = kevin-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 02/11/2011 15:13:22 | Computer Name = kevin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:12:28 on 02/11/2011 was unexpected.

Error - 02/11/2011 15:14:57 | Computer Name = kevin-PC | Source = DCOM | ID = 10016
Description =

< End of report >

broni · 2011/11/03

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKLM\..\URLSearchHook: {25A6EDBF-C0FD-4ff7-B6A7-C6EDEA3B0B55} - No CLSID value found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\.DEFAULT..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O4 - Startup: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST...ainstaller.cab (Reg Error: Key error.)
[2010/12/30 20:06:32 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\Uniblue
[2011/08/17 17:31:07 | 000,000,000 | ---D | M] -- C:\Users\kevin\AppData\Roaming\WhiteSmoke
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMPB:DA1A307
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A518B662
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:191930F5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C8EAE2CC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:80E965A3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

hanqba1 · 2011/11/03

otl stopped working

a windows box came up saying otl stopped working due to problem windows was shutting it down and would contact me when a solution was found. rebooted and a log had appeared. here is log
Files\Folders moved on Reboot...
C:\Users\kevin\AppData\Local\Temp\HPV8E27.tmp.vdf moved successfully.
C:\Users\kevin\AppData\Local\Temp\HPV8E57.tmp.vdf moved successfully.
C:\Users\kevin\AppData\Local\Temp\HPV92CA.tmp.vdf moved successfully.
C:\Users\kevin\AppData\Local\Temp\HPV9EF1.tmp.vdf moved successfully.
File\Folder C:\Users\kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YRFCUGK0\10129436[1].jpg not found!

Registry entries deleted on Reboot...

hanqba1 · 2011/11/03

security check

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Adobe Flash Player ( 10.1.102.64) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Empowering Technology eSettings Service capuserv.exe
Webroot Security current plugins\antimalware\AEI.exe
Webroot Security current plugins\antimalware\SSU.EXE
``````````End of Log````````````

broni · 2011/11/03

Please re-run OTL fix and we'll see if it'll produce more complete log.

hanqba1 · 2011/11/03

should i use the fix again

broni · 2011/11/03

Yes..

hanqba1 · 2011/11/03

it worked here is log

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{25A6EDBF-C0FD-4ff7-B6A7-C6EDEA3B0B55} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25A6EDBF-C0FD-4ff7-B6A7-C6EDEA3B0B55}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{22E03916-85C5-44B0-8DC9-1830C11238D9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22E03916-85C5-44B0-8DC9-1830C11238D9}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{22E03916-85C5-44B0-8DC9-1830C11238D9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22E03916-85C5-44B0-8DC9-1830C11238D9}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteEngineAfterUpdate not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteEngineAfterUpdate not found.
File move failed. C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk scheduled to be moved on reboot.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {FD0EBBED-0C42-4D0F-82DA-44399B5C420A}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Folder C:\Users\kevin\AppData\Roaming\Uniblue\ not found.
Folder C:\Users\kevin\AppData\Roaming\WhiteSmoke\ not found.
Unable to delete ADS C:\ProgramData\TEMP:C95B63DA .
Unable to delete ADS C:\ProgramData\TEMPBA1A307 .
Unable to delete ADS C:\ProgramData\TEMP:A518B662 .
Unable to delete ADS C:\ProgramData\TEMP:191930F5 .
Unable to delete ADS C:\ProgramData\TEMP:C8EAE2CC .
Unable to delete ADS C:\ProgramData\TEMP:260575F1 .
Unable to delete ADS C:\ProgramData\TEMP:FEBEC560 .
Unable to delete ADS C:\ProgramData\TEMP:9F683177 .
Unable to delete ADS C:\ProgramData\TEMP:80E965A3 .
Unable to delete ADS C:\ProgramData\TEMP:CDFF58FE .
Unable to delete ADS C:\ProgramData\TEMP:8173A019 .
Unable to delete ADS C:\ProgramData\TEMP:793F316E .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kevin
->Temp folder emptied: 1927766 bytes
->Temporary Internet Files folder emptied: 4013045 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11331 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb

Error: Unable to interpret <[emptyflash> in the current context!
Error: Unable to interpret <[Reboot> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 11032011_204807

Files\Folders moved on Reboot...
File\Folder C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk not found!
C:\Users\kevin\AppData\Local\Temp\HPV6E08.tmp.vdf moved successfully.
C:\Users\kevin\AppData\Local\Temp\HPVE9A5.tmp.vdf moved successfully.
C:\Users\kevin\AppData\Local\Temp\HPVEC92.tmp.vdf moved successfully.
C:\Users\kevin\AppData\Local\Temp\HPVF099.tmp.vdf moved successfully.

Registry entries deleted on Reboot...

broni · 2011/11/03

Cool
Go ahead with Eset.

Log in or Sign up

Solved malwhare found a threat

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved malwhare found a threat

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches