Since My trojan, I got error messages when I try to start defender and security suit

Re: Since My trojan, I got error messages when I try to start defender and security s

SystemLook 04.09.10 by jpshortstuff
Log created at 04:52 on 25/06/2011 by Adebaibe
Administrator - Elevation successful

========== dir ==========

C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z...Z.ZZZ.ZZZ - Unable to find folder.

C:\Program Files\t5l9ErbRbGR13 - Unable to find folder.

C:\Users\Adebaibe\AppData\Local\4gv052822p - Unable to find folder.

C:\ProgramData\4gv052822p - Unable to find folder.

-= EOF =-

I have no idea what this means lol...how afre you today???
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 5315
    Memory
    2 gb
    Hard Drives
    C drive
    D Drive
    Case
    Standard Acer Aspire Case
    Cooling
    Cooling Pad and USB Desklamp/fan combo
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    DSL 20mb/s
    Other Info
    I run a 60watt speakers from my headphone jack, and I got 10port USB HUB USB Wireless adapter foer the internet
Re: Since My trojan, I got error messages when I try to start defender and security s

That's odd. Oh well, did you do the HijackThis fixes? And can I have the new logs for HijackThis and OTL please?

I'm very well thank you, yourself?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Re: Since My trojan, I got error messages when I try to start defender and security s

I just got another infection after the link i was sent, I am Rkill helped now I am sanning with malwarebytes...

It uis the same trojan as before...disquised as Microsoft program.
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 5315
    Memory
    2 gb
    Hard Drives
    C drive
    D Drive
    Case
    Standard Acer Aspire Case
    Cooling
    Cooling Pad and USB Desklamp/fan combo
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    DSL 20mb/s
    Other Info
    I run a 60watt speakers from my headphone jack, and I got 10port USB HUB USB Wireless adapter foer the internet
Last edited:

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 5315
    Memory
    2 gb
    Hard Drives
    C drive
    D Drive
    Case
    Standard Acer Aspire Case
    Cooling
    Cooling Pad and USB Desklamp/fan combo
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    DSL 20mb/s
    Other Info
    I run a 60watt speakers from my headphone jack, and I got 10port USB HUB USB Wireless adapter foer the internet
Re: Since My trojan, I got error messages when I try to start defender and security s

Try scanning your system with this:

Free ESET Online Antivirus Scanner

In the mean time, I'll take a look at your OTL logs. The other two are fine

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Re: Since My trojan, I got error messages when I try to start defender and security s

Upload these files to Virus Total

Code: 
C:\Users\Adebaibe\AppData\Local\t05kv0komxexml6l86yyf04
C:\ProgramData\t05kv0komxexml6l86yyf04
C:\Users\Adebaibe\AppData\Local\4gv052822p
C:\ProgramData\4gv052822p

They are hidden so you'll have to do this: http://www.vistax64.com/tutorials/86163-hidden-files-folders.html

Copy and paste the report for each file

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Re: Since My trojan, I got error messages when I try to start defender and security s

Here is my otl log

OTL logfile created on: 6/27/2011 11:30:43 AM - Run 8
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Adebaibe\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.59% Memory free
3.88 Gb Paging File | 2.53 Gb Available in Paging File | 65.26% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 10.43 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 18.95 Gb Free Space | 27.26% Space Free | Partition Type: NTFS
Drive E: | 152.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TOM-SAWYER | User Name: Adebaibe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Adebaibe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - D:\Downloads\Total.Video.Converter.New.Ultimate.2008.v3.11.Winall\Total.Video.Converter.New.Ultimate.2008.v3.11.Winall\Total.Video.Converter.New.Ultimate.2008.v3.11.Winall.exe (Thank You For Sharing)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Plus Converter\DivXConverterLauncher.exe (DivX, Inc.)
PRC - C:\Program Files\DivX\DivX Transcode Engine\DivXEngine.exe (DivX, Inc.)
PRC - C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Adebaibe\AppData\Local\temp\ir_ext_temp_0\autorun.exe (Thank You For Sharing)
PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Adebaibe\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SupportSoft RemoteAssist) -- File not found
SRV - (NNSvc) -- File not found
SRV - (MobilityService) -- File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (VMOpsInstanceMgr) -- C:\Program Files\VMOps, Inc\VMOps VM Instance Manager\vmopsservice.exe (VMOps Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AutoInstallEJCD) -- C:\Users\Adebaibe\AppData\Local\temp\RarSFX0\AutoInstallEJCDSvc.exe ()
SRV - (msav) -- C:\Program Files\Moon Secure Antivirus\msavcore.exe ()
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (MpKsl4169718e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{39069CE0-796C-405E-A134-D52799883452}\MpKsl4169718e.sys (Microsoft Corporation)
DRV - (ZDCNDIS5) -- C:\Windows\System32\ZDCndis5.sys (ZDC., Inc. (ZDC))
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (RDPDISPM) -- C:\Windows\System32\drivers\rdpdispm.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (MEMSWEEP2) -- C:\Windows\System32\88EF.tmp (Sophos Plc)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (QW720V32) Qwest 802.11n XN720 Driver(vista) -- C:\Windows\System32\drivers\WLANUHN.sys (Atheros Communications, Inc.)
DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/nchfilebulldog/{E7D951AA-74C0-4202-A211-E6D898BE244F}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Sign In
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 B0 F8 47 DB 2F CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.conduit.com?SearchSource=10&ctid=CT1060933
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = AcPro Search
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Bitlord 1.2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e039738&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/05/24 18:00:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/26 07:51:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 00:43:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 09:24:42 | 000,000,000 | ---D | M]

[2011/05/21 16:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adebaibe\AppData\Roaming\Mozilla\Extensions
[2011/05/17 22:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adebaibe\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/26 00:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adebaibe\AppData\Roaming\Mozilla\Firefox\Profiles\5to7owbs.default\extensions
[2011/06/25 04:12:20 | 000,000,000 | ---D | M] (Bitlord 1.2 Community Toolbar) -- C:\Users\Adebaibe\AppData\Roaming\Mozilla\Firefox\Profiles\5to7owbs.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}
[2011/06/18 21:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/24 20:46:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/06/19 23:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{B56F37F8-7023-4c2b-B27E-815594CA64E7}
[2011/05/21 00:32:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/24 18:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/24 20:46:23 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/22 11:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/06/15 12:11:02 | 000,003,189 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\acpro.xml
[2010/01/01 01:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/06/23 12:49:33 | 000,002,359 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/09/14 05:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old
[2010/01/01 01:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/05/19 22:04:25 | 000,002,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchvsl.xml
[2010/01/01 01:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 01:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 01:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/06/26 01:22:54 | 000,000,021 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.3.25 205.171.2.25
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/04/26 10:37:38 | 000,000,246 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 18:47:18 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/06/26 10:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/26 10:07:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/26 09:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/06/26 09:25:49 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/06/26 09:25:48 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/06/26 09:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011/06/26 09:24:42 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011/06/26 09:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011/06/26 09:23:57 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\OpenCandy
[2011/06/26 09:23:46 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Winamp
[2011/06/26 09:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/06/26 09:23:46 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\OpenCandy
[2011/06/26 07:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/06/26 07:49:13 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\DivX
[2011/06/26 07:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/06/26 07:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/06/26 07:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/06/26 07:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/06/26 07:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/06/25 21:59:15 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{4CDE4F71-9992-4496-ABF6-0CCCBF6992C8}
[2011/06/25 05:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller
[2011/06/25 05:16:57 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\GlarySoft
[2011/06/25 05:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Absolute Uninstaller
[2011/06/25 05:16:51 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\System32\tm20dec.ax
[2011/06/25 05:16:46 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/06/25 05:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
[2011/06/25 04:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Final Fantasy VII
[2011/06/25 04:12:46 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Python-Eggs
[2011/06/25 04:12:43 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\BitLord
[2011/06/25 04:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/06/25 04:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\BitLord 1.2
[2011/06/24 14:53:30 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\Avatars ETC
[2011/06/24 14:36:26 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\Desktop\MISC
[2011/06/24 07:27:14 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\gtk-2.0
[2011/06/24 07:27:07 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\.thumbnails
[2011/06/24 07:20:09 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\SpeedItUp
[2011/06/24 07:18:15 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\.gimp-2.6
[2011/06/24 07:18:03 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\.gegl-0.0
[2011/06/24 07:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
[2011/06/24 07:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gimp
[2011/06/24 07:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Gimp-2.0
[2011/06/24 07:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/06/24 07:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/06/24 07:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/06/24 07:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/06/24 06:49:28 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\Smart_PC_Utilities,_Ltd
[2011/06/24 05:56:13 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Malwarebytes
[2011/06/24 05:56:07 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/24 05:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/24 05:56:00 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/24 05:25:50 | 003,412,856 | ---- | C] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\Users\Adebaibe\Desktop\procexp.exe
[2011/06/24 04:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSConfig CleanUp
[2011/06/24 04:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSConfig CleanUp
[2011/06/24 01:15:39 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/23 18:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack
[2011/06/23 18:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mythicsoft
[2011/06/23 17:38:12 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{7B0E950E-DBFC-4EF4-AEAC-5CB6E524D8A5}
[2011/06/23 17:33:05 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qwest 11n Wireless WPS Tool
[2011/06/23 17:31:12 | 000,449,536 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\WLANUHN.sys
[2011/06/23 17:31:12 | 000,094,208 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\ZDCN50.dll
[2011/06/23 17:31:12 | 000,020,736 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\ZDCndis5.sys
[2011/06/23 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Qwest 11n Wireless WPS Tool
[2011/06/23 17:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\AutoInstall
[2011/06/23 12:45:09 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\AVG10
[2011/06/23 05:37:23 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{9F0BB30B-9191-4876-A6EF-51A7E9B73752}
[2011/06/23 02:53:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/23 02:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/23 02:06:40 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\Documents\Scan Logs
[2011/06/23 02:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/06/22 21:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/06/22 21:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/06/22 21:53:52 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/06/22 17:36:08 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{E63EDA16-9739-4006-9B46-424A77C12CF5}
[2011/06/22 11:14:04 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2011/06/22 10:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/06/22 10:46:42 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011/06/22 10:41:35 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2011/06/22 10:41:16 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/06/22 10:30:30 | 005,702,656 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2011/06/22 10:30:30 | 003,821,568 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2011/06/22 10:30:30 | 002,576,384 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igd10umd32.dll
[2011/06/22 10:30:30 | 000,536,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2011/06/22 10:30:30 | 000,200,192 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2011/06/22 10:30:30 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v1666.dll
[2011/06/22 10:30:30 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2011/06/22 10:30:30 | 000,059,392 | ---- | C] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll
[2011/06/22 10:30:30 | 000,051,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2011/06/22 10:30:30 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2011/06/22 10:30:29 | 004,112,384 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4icd32.dll
[2011/06/22 10:30:29 | 002,674,688 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4dev32.dll
[2011/06/22 10:30:29 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2011/06/22 10:30:28 | 008,198,680 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\TVWSetup.exe
[2011/06/22 10:30:28 | 000,668,696 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcfg.exe
[2011/06/22 10:30:25 | 000,310,784 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2011/06/22 10:30:25 | 000,304,640 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2011/06/22 10:30:25 | 000,303,616 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2011/06/22 10:30:25 | 000,303,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2011/06/22 10:30:25 | 000,303,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresp.lrc
[2011/06/22 10:30:25 | 000,299,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2011/06/22 10:30:25 | 000,294,912 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2011/06/22 10:30:25 | 000,291,328 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2011/06/22 10:30:25 | 000,289,280 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2011/06/22 10:30:25 | 000,288,256 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2011/06/22 10:30:25 | 000,287,744 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2011/06/22 10:30:25 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2011/06/22 10:30:25 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2011/06/22 10:30:25 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2011/06/22 10:30:25 | 000,281,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2011/06/22 10:30:25 | 000,280,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2011/06/22 10:30:25 | 000,279,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2011/06/22 10:30:25 | 000,279,040 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2011/06/22 10:30:25 | 000,277,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2011/06/22 10:30:25 | 000,262,656 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2011/06/22 10:30:25 | 000,252,416 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2011/06/22 10:30:25 | 000,249,856 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2011/06/22 10:30:25 | 000,206,848 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2011/06/22 10:30:25 | 000,205,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2011/06/22 10:30:25 | 000,179,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2011/06/22 10:30:25 | 000,178,176 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2011/06/22 10:30:25 | 000,119,296 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2011/06/22 10:26:55 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Adebaibe\Desktop\OTL.exe
[2011/06/22 09:52:47 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\SlimWare Utilities Inc
[2011/06/22 08:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2011/06/22 05:50:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/22 05:37:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/22 05:37:10 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\temp
[2011/06/21 22:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\VMOps, Inc
[2011/06/21 19:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/06/21 18:16:43 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\SugarSync
[2011/06/21 18:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync
[2011/06/21 09:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Moon Secure Antivirus
[2011/06/20 16:53:25 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{1B563A5A-2F92-4191-B42A-6200AC2350D8}
[2011/06/20 13:14:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\NtmsData
[2011/06/20 12:41:07 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/06/20 11:57:57 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{24714825-B05E-4EEC-8404-95A320C82AE7}
[2011/06/20 08:02:07 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/06/20 03:36:41 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWSnap
[2011/06/20 03:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWSnap
[2011/06/20 03:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\MWSnap
[2011/06/20 02:56:16 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\Symantec
[2011/06/20 01:33:38 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Tific
[2011/06/20 01:22:56 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{D0D0DAEA-8CC4-4D2B-A4F2-18E840BA11C5}
[2011/06/19 20:21:01 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2011/06/19 20:12:24 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\iExpert Software
[2011/06/19 14:52:58 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/06/19 04:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Utilities
[2011/06/17 08:21:37 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\MozillaControl
[2011/06/17 08:19:42 | 000,000,000 | ---D | C] -- C:\Windows\'Full Speed' Internet Booster + Performance Tests
[2011/06/16 22:57:20 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\Documents\Freecorder
[2011/06/16 22:57:19 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\FLVService
[2011/06/16 22:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
[2011/06/16 22:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2011/06/15 20:58:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 20:58:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/15 20:58:26 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/15 20:58:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/15 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/06/15 08:56:53 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{58718B25-B5C8-4684-9E8C-FD5964A09705}
[2011/06/14 15:03:17 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{EE5521DE-81B8-4E1A-9695-AF893B245BDA}
[2011/06/14 02:47:23 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{D5842E21-AF8B-4871-BD00-92639EB31E0F}
[2011/06/12 12:12:51 | 000,446,464 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\HHActiveX.dll
[2011/06/12 12:12:49 | 000,081,920 | ---- | C] (Net Nanny Software International, Inc.) -- C:\Windows\System32\NNComm.dll
[2011/06/12 12:12:49 | 000,024,576 | ---- | C] (Net Nanny Software International, Inc.) -- C:\Windows\System32\HookRes.dll
[2011/06/12 01:02:10 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Media Player Classic
[2011/06/10 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\Wondershare
[2011/06/10 12:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2011/06/10 12:03:49 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Wondershare
[2011/06/08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2011/06/07 20:39:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\msmq
[2011/06/07 13:04:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/07 12:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/06 11:21:32 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{467B2737-9022-491D-BC7C-4DF2B08EBF3D}
[2011/06/05 21:48:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/05 18:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/05 18:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/02 10:53:02 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2011/06/01 21:38:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/01 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\Documents\Wondershare Video Converter Platinum
[2011/06/01 21:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2011/06/01 21:38:02 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2011/06/01 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/06/01 20:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/06/01 20:18:46 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2011/06/01 19:02:10 | 000,000,000 | ---D | C] -- C:\Temp
[2011/06/01 18:11:26 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{9459B512-A83D-48DC-8F25-509AC7D5BED6}
[2011/06/01 18:11:26 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{92417B40-4066-4FE1-B4F9-642CDF67292A}
[2011/06/01 18:07:13 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrr7153.rra
[2011/05/31 14:33:41 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrr7b55.rra
[2011/05/31 14:33:32 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2011/05/30 02:07:14 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\DSMP
[2011/05/29 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Music Recognition
[2011/05/29 16:32:19 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\NCH Software
[2011/05/29 16:30:43 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\NCH Swift Sound
[2011/05/29 06:20:26 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\CrashDumps
[2011/05/28 18:57:12 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{F372734F-0A40-45F0-9C4E-A9A45128CB8E}
[2011/05/15 19:58:42 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/07/31 06:43:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/27 11:29:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/27 11:29:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/27 11:08:49 | 000,092,672 | ---- | M] () -- C:\Users\Adebaibe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 10:58:16 | 000,666,808 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/27 10:58:16 | 000,125,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/26 17:43:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/26 16:47:30 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2011/06/26 10:51:06 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/26 10:50:38 | 000,001,772 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Microsoft Security Essentials.lnk
[2011/06/26 10:08:22 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/26 09:25:50 | 000,000,764 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/06/26 09:25:50 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/06/26 07:51:29 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/06/26 07:51:29 | 000,001,401 | ---- | M] () -- C:\Users\Adebaibe\Desktop\DivX Movies.lnk
[2011/06/26 07:50:03 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/06/26 07:48:27 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/26 07:48:27 | 000,001,919 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/26 02:01:06 | 000,002,489 | ---- | M] () -- C:\Users\Adebaibe\Desktop\HiJack.lnk
[2011/06/26 01:41:32 | 000,001,132 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Wondershare.lnk
[2011/06/26 01:41:32 | 000,001,082 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare Video Converter Platinum.lnk
[2011/06/26 01:29:36 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/06/26 01:29:34 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/26 01:28:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/26 01:22:54 | 000,000,021 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/25 19:46:03 | 000,007,512 | -HS- | M] () -- C:\Users\Adebaibe\AppData\Local\t05kv0komxexml6l86yyf04
[2011/06/25 19:46:03 | 000,007,512 | -HS- | M] () -- C:\ProgramData\t05kv0komxexml6l86yyf04
[2011/06/25 05:17:15 | 000,000,815 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Absolute Uninstaller.lnk
[2011/06/25 05:17:15 | 000,000,791 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Absolute.lnk
[2011/06/25 05:16:35 | 000,000,800 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Final Fantasy VII.lnk
[2011/06/25 01:11:32 | 000,000,134 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Device Manager - Shortcut.lnk
[2011/06/24 21:39:19 | 001,007,120 | ---- | M] () -- C:\Users\Adebaibe\Desktop\iExplore.exe
[2011/06/24 14:21:50 | 000,453,632 | ---- | M] () -- C:\Users\Adebaibe\Desktop\CKScanner.exe
[2011/06/24 09:32:32 | 000,004,670 | ---- | M] () -- C:\Users\Adebaibe\.recently-used.xbel
[2011/06/24 07:13:37 | 000,000,862 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Gimp 2.lnk
[2011/06/24 05:56:07 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\MB.lnk
[2011/06/24 04:41:52 | 000,000,815 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\MSConfigCleanUp.lnk
[2011/06/24 03:21:33 | 000,000,134 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Backup and Restore.lnk
[2011/06/24 02:00:41 | 000,000,067 | ---- | M] () -- C:\Windows\WpsCenterV.INI
[2011/06/23 17:31:12 | 000,094,208 | ---- | M] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\ZDCN50.dll
[2011/06/23 17:31:12 | 000,020,736 | ---- | M] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\ZDCndis5.sys
[2011/06/23 13:43:12 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/23 13:20:00 | 000,000,248 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/06/23 13:17:01 | 000,010,124 | ---- | M] () -- C:\Windows\System32\.rsp
[2011/06/23 13:17:01 | 000,001,571 | ---- | M] () -- C:\Windows\System32\.lck
[2011/06/23 13:12:14 | 000,012,984 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/06/23 12:52:08 | 000,075,264 | ---- | M] () -- C:\Users\Adebaibe\Desktop\SystemLook.exe
[2011/06/22 21:58:05 | 000,020,225 | ---- | M] () -- C:\Users\Adebaibe\Documents\services.odt
[2011/06/22 18:52:02 | 000,152,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.zip
[2011/06/22 10:47:51 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2011/06/22 10:26:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Adebaibe\Desktop\OTL.exe
[2011/06/21 12:21:35 | 000,000,356 | ---- | M] () -- C:\Windows\System32\events.dat
[2011/06/21 04:41:30 | 000,001,356 | ---- | M] () -- C:\Users\Adebaibe\AppData\Local\d3d9caps.dat
[2011/06/21 02:07:54 | 000,010,792 | -HS- | M] () -- C:\Users\Adebaibe\AppData\Local\4gv052822p
[2011/06/21 00:51:36 | 000,010,090 | -HS- | M] () -- C:\ProgramData\4gv052822p
[2011/06/20 03:36:41 | 000,000,692 | ---- | M] () -- C:\Users\Adebaibe\Desktop\SMILE.lnk
[2011/06/19 06:00:12 | 000,000,959 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Reboottime.vbs
[2011/06/18 21:41:59 | 000,000,834 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/18 21:41:48 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\FOX.lnk
[2011/06/17 23:33:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/17 21:47:00 | 006,751,087 | ---- | M] () -- C:\Users\Adebaibe\Documents\SAMintensity2MANUAL.pdf
[2011/06/17 05:21:26 | 000,006,286 | ---- | M] () -- C:\Users\Adebaibe\Documents\My Favorite Theme.theme
[2011/06/17 04:55:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/17 03:04:04 | 000,000,600 | ---- | M] () -- C:\Users\Adebaibe\PUTTY.RND
[2011/06/16 17:43:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/16 17:43:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/16 17:37:58 | 000,000,222 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Internet Options.lnk
[2011/06/15 20:58:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 20:58:28 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/15 20:58:26 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/15 20:58:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/15 15:38:55 | 000,000,073 | ---- | M] () -- C:\Windows\cdplayer.ini
[2011/06/15 15:38:46 | 000,001,492 | ---- | M] () -- C:\ProgramData\ss.ini
[2011/06/15 13:18:07 | 000,034,308 | ---- | M] () -- C:\Windows\System32\BASSMOD.dll
[2011/06/13 23:43:19 | 000,012,976 | ---- | M] () -- C:\Users\Adebaibe\Documents\Mdicationreminder.odt
[2011/06/12 12:12:52 | 000,000,020 | ---- | M] () -- C:\Windows\NNS.INI
[2011/06/11 02:44:56 | 000,315,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/07 12:52:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/06/02 23:03:28 | 000,009,115 | ---- | M] () -- C:\Users\Adebaibe\Documents\PIllReminder.odt
[2011/06/02 11:49:07 | 854,935,474 | ---- | M] () -- C:\Users\Adebaibe\The Best Bits of Mr Bean.wmv
[2011/06/02 11:00:35 | 067,271,576 | ---- | M] () -- C:\Users\Adebaibe\Mr Bean The Bus Stop Sketch.wmv
[2011/06/02 10:56:40 | 110,368,884 | ---- | M] () -- C:\Users\Adebaibe\Mr Bean The Library Sketch.wmv
[2011/06/02 10:53:02 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2011/06/02 10:12:48 | 297,870,506 | ---- | M] () -- C:\Users\Adebaibe\12 Tee Off, MrBean.wmv
[2011/06/02 09:55:28 | 286,030,308 | ---- | M] () -- C:\Users\Adebaibe\11 Back To School, MrBean.wmv
[2011/06/02 09:22:31 | 309,439,010 | ---- | M] () -- C:\Users\Adebaibe\14 Hair by MrBean of London.wmv
[2011/06/02 09:02:00 | 292,454,506 | ---- | M] () -- C:\Users\Adebaibe\10 Do-It-Yourself, MrBean.wmv
[2011/06/02 07:08:31 | 285,766,188 | ---- | M] () -- C:\Users\Adebaibe\13 Good Night, MrBean.wmv
[2011/06/02 01:37:59 | 2227,141,488 | ---- | M] () -- C:\Users\Adebaibe\R30.wmv
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/29 07:31:13 | 004,951,132 | ---- | M] () -- C:\Users\Adebaibe\Documents\04Go for Soda192kbps.mp3
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/26 10:50:38 | 000,001,772 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Microsoft Security Essentials.lnk
[2011/06/26 09:25:50 | 000,000,764 | ---- | C] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/06/26 09:25:50 | 000,000,740 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/06/26 07:51:29 | 000,001,401 | ---- | C] () -- C:\Users\Adebaibe\Desktop\DivX Movies.lnk
[2011/06/26 07:50:03 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/06/26 07:48:41 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/06/26 07:48:27 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/26 07:48:27 | 000,001,919 | ---- | C] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/26 01:41:31 | 000,158,720 | ---- | C] () -- C:\Windows\System32\WS_VideoConverterContextMenu.dll
[2011/06/26 01:38:52 | 000,001,132 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Wondershare.lnk
[2011/06/26 01:38:50 | 000,158,720 | ---- | C] () -- C:\Windows\System32\__WS_VideoConverterContextMenu.dll
[2011/06/25 19:44:46 | 000,007,512 | -HS- | C] () -- C:\Users\Adebaibe\AppData\Local\t05kv0komxexml6l86yyf04
[2011/06/25 19:44:46 | 000,007,512 | -HS- | C] () -- C:\ProgramData\t05kv0komxexml6l86yyf04
[2011/06/25 05:17:15 | 000,000,815 | ---- | C] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Absolute Uninstaller.lnk
[2011/06/25 05:17:15 | 000,000,791 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Absolute.lnk
[2011/06/25 05:16:35 | 000,000,800 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Final Fantasy VII.lnk
[2011/06/25 01:11:32 | 000,000,134 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Device Manager - Shortcut.lnk
[2011/06/25 00:07:49 | 001,007,120 | ---- | C] () -- C:\Users\Adebaibe\Desktop\iExplore.exe
[2011/06/24 14:21:47 | 000,453,632 | ---- | C] () -- C:\Users\Adebaibe\Desktop\CKScanner.exe
[2011/06/24 09:32:32 | 000,004,670 | ---- | C] () -- C:\Users\Adebaibe\.recently-used.xbel
[2011/06/24 07:24:46 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/06/24 07:13:37 | 000,000,862 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Gimp 2.lnk
[2011/06/24 05:56:07 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\MB.lnk
[2011/06/24 04:41:52 | 000,000,815 | ---- | C] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\MSConfigCleanUp.lnk
[2011/06/24 03:21:33 | 000,000,134 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Backup and Restore.lnk
[2011/06/24 01:15:39 | 000,002,489 | ---- | C] () -- C:\Users\Adebaibe\Desktop\HiJack.lnk
[2011/06/23 17:34:49 | 000,000,067 | ---- | C] () -- C:\Windows\WpsCenterV.INI
[2011/06/23 13:20:00 | 000,000,248 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/06/23 12:52:03 | 000,075,264 | ---- | C] () -- C:\Users\Adebaibe\Desktop\SystemLook.exe
[2011/06/22 21:58:01 | 000,020,225 | ---- | C] () -- C:\Users\Adebaibe\Documents\services.odt
[2011/06/22 10:30:25 | 000,039,872 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2011/06/22 10:30:25 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2011/06/22 10:30:24 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2011/06/22 10:08:42 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/06/22 04:54:44 | 000,010,124 | ---- | C] () -- C:\Windows\System32\.rsp
[2011/06/22 04:54:44 | 000,001,571 | ---- | C] () -- C:\Windows\System32\.lck
[2011/06/21 22:17:26 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/21 19:38:38 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/21 19:38:36 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/21 18:16:13 | 000,001,711 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync Manager.lnk
[2011/06/21 11:18:39 | 000,000,356 | ---- | C] () -- C:\Windows\System32\events.dat
[2011/06/20 23:24:02 | 000,010,792 | -HS- | C] () -- C:\Users\Adebaibe\AppData\Local\4gv052822p
[2011/06/20 23:24:02 | 000,010,090 | -HS- | C] () -- C:\ProgramData\4gv052822p
[2011/06/20 18:50:43 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/20 03:36:41 | 000,000,692 | ---- | C] () -- C:\Users\Adebaibe\Desktop\SMILE.lnk
[2011/06/20 00:25:33 | 000,001,356 | ---- | C] () -- C:\Users\Adebaibe\AppData\Local\d3d9caps.dat
[2011/06/19 06:00:12 | 000,000,959 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Reboottime.vbs
[2011/06/19 04:41:24 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/06/19 02:43:31 | 004,951,132 | ---- | C] () -- C:\Users\Adebaibe\Documents\04Go for Soda192kbps.mp3
[2011/06/17 21:46:59 | 006,751,087 | ---- | C] () -- C:\Users\Adebaibe\Documents\SAMintensity2MANUAL.pdf
[2011/06/17 05:21:26 | 000,006,286 | ---- | C] () -- C:\Users\Adebaibe\Documents\My Favorite Theme.theme
[2011/06/17 03:23:56 | 000,002,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011/06/17 03:23:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/06/16 21:58:57 | 000,000,600 | ---- | C] () -- C:\Users\Adebaibe\PUTTY.RND
[2011/06/16 17:43:35 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/06/16 17:43:35 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/16 17:37:58 | 000,000,222 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Internet Options.lnk
[2011/06/15 15:38:55 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/06/15 15:38:46 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/06/15 12:28:23 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2011/06/12 12:12:52 | 000,000,020 | ---- | C] () -- C:\Windows\NNS.INI
[2011/06/10 12:03:58 | 000,158,720 | ---- | C] () -- C:\Windows\System32\_WS_VideoConverterContextMenu.dll
[2011/06/07 13:05:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/07 13:05:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/07 13:05:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/07 12:49:45 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/06/05 02:31:33 | 854,935,474 | ---- | C] () -- C:\Users\Adebaibe\The Best Bits of Mr Bean.wmv
[2011/06/05 02:28:36 | 067,271,576 | ---- | C] () -- C:\Users\Adebaibe\Mr Bean The Bus Stop Sketch.wmv
[2011/06/05 02:28:11 | 110,368,884 | ---- | C] () -- C:\Users\Adebaibe\Mr Bean The Library Sketch.wmv
[2011/06/05 02:15:19 | 292,454,506 | ---- | C] () -- C:\Users\Adebaibe\10 Do-It-Yourself, MrBean.wmv
[2011/06/05 02:14:33 | 286,030,308 | ---- | C] () -- C:\Users\Adebaibe\11 Back To School, MrBean.wmv
[2011/06/05 02:13:43 | 297,870,506 | ---- | C] () -- C:\Users\Adebaibe\12 Tee Off, MrBean.wmv
[2011/06/05 02:12:59 | 285,766,188 | ---- | C] () -- C:\Users\Adebaibe\13 Good Night, MrBean.wmv
[2011/06/05 02:12:18 | 309,439,010 | ---- | C] () -- C:\Users\Adebaibe\14 Hair by MrBean of London.wmv
[2011/06/02 23:03:24 | 000,009,115 | ---- | C] () -- C:\Users\Adebaibe\Documents\PIllReminder.odt
[2011/06/01 23:37:05 | 2227,141,488 | ---- | C] () -- C:\Users\Adebaibe\R30.wmv
[2011/06/01 21:38:15 | 000,001,082 | ---- | C] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare Video Converter Platinum.lnk
[2011/06/01 21:38:03 | 000,496,640 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011/06/01 21:38:02 | 000,675,840 | ---- | C] () -- C:\Windows\System32\ac3filter.ax
[2011/05/27 22:02:53 | 000,000,552 | ---- | C] () -- C:\Users\Adebaibe\AppData\Local\d3d8caps.dat
[2011/05/24 18:18:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/05/24 12:03:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/05/24 12:03:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/22 13:52:08 | 000,000,136 | ---- | C] () -- C:\ProgramData\avalon2.2.ini
[2011/05/22 13:31:04 | 000,031,007 | ---- | C] () -- C:\Users\Adebaibe\AppData\Roaming\UserTile.png
[2011/05/16 18:13:00 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2011/05/16 12:33:19 | 000,092,672 | ---- | C] () -- C:\Users\Adebaibe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/15 23:35:40 | 000,000,025 | ---- | C] () -- C:\Windows\EPNX210.ini
[2011/05/15 23:10:35 | 000,000,118 | ---- | C] () -- C:\Users\Adebaibe\AppData\Roaming\wklnhst.dat
[2011/05/15 21:13:20 | 000,000,760 | ---- | C] () -- C:\Users\Adebaibe\AppData\Roaming\setup_ldm.iss
[2011/05/15 20:23:24 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2011/05/15 20:23:17 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2011/05/15 19:58:42 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/07/31 08:01:29 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/31 06:50:23 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/07/31 06:44:29 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/07/31 06:44:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/07/31 06:43:32 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/07/31 05:07:59 | 000,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/31 05:07:10 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/31 05:07:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/04/25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,315,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:34:43 | 000,000,041 | ---- | C] () -- C:\Windows\System32\mqtgsvc.exe.cfg
[2006/11/02 03:33:01 | 000,666,808 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,125,670 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/05/15 20:03:17 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Acer
[2011/06/23 12:45:09 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\AVG10
[2011/06/25 13:04:09 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\BitLord
[2011/05/30 02:07:14 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\DSMP
[2011/06/13 23:24:13 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Epson
[2011/05/22 00:24:46 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\GetRightToGo
[2011/06/26 00:45:24 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\GlarySoft
[2011/06/24 09:32:32 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\gtk-2.0
[2011/06/19 20:12:24 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\iExpert Software
[2011/05/15 20:03:06 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Leadertech
[2011/06/15 12:22:52 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Music Recognition
[2011/05/21 01:07:27 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\MusicNet
[2011/06/24 03:14:44 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\NCH Swift Sound
[2011/06/26 09:23:46 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\OpenCandy
[2011/05/23 07:50:27 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\OpenOffice.org
[2011/05/26 18:09:24 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\OxelonMC
[2011/05/22 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\PeerNetworking
[2011/06/25 04:12:46 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Python-Eggs
[2011/05/17 22:46:23 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Songbird2
[2011/06/24 07:20:09 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\SpeedItUp
[2011/05/15 23:14:32 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Template
[2011/06/20 01:33:38 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Tific
[2011/05/23 01:27:01 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\VSRevoGroup
[2011/06/21 09:41:40 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\W3i, LLC
[2011/05/22 14:54:44 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\WFDS
[2011/05/25 18:06:03 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Windows Live Writer
[2011/06/10 12:03:49 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Wondershare
[2011/06/26 01:29:36 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2011/06/26 01:27:09 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Here is the extra

OTL Extras logfile created on: 6/27/2011 11:30:44 AM - Run 8
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Adebaibe\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.59% Memory free
3.88 Gb Paging File | 2.53 Gb Available in Paging File | 65.26% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 10.43 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 18.95 Gb Free Space | 27.26% Space Free | Partition Type: NTFS
Drive E: | 152.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TOM-SAWYER | User Name: Adebaibe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2326887077-3983706615-3144136406-1000]
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07635246-2844-4109-871A-38A69B190F27}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{0892C480-2A8F-4701-A032-0AF09F0752C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09932A24-D415-41D0-83CA-E4A4BB2C30E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B455DF0-2DA4-4BC1-97EC-14E40ED07887}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0DE0266A-7CC9-45D1-9375-6C1E273F2127}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{0E198EC6-79B6-421A-83F1-4E475C1CEE39}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11912627-7EC0-4676-B988-FBCC17922CE6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2DEDC3D6-717D-47A7-9370-1C7377476118}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3413610B-1D19-468C-97D3-460570CBBA3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39B24AB3-BCD2-48E2-A152-EDF747A855A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F4A8FF0-8B82-4751-9DC8-057CFEC955F8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4302FA5D-6F04-4D73-A8BE-B7372252E38B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{461D97F0-E47B-4A5D-B449-72FF90192ACF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{508DD46E-8A85-4D20-9B5A-825CA20C83E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5294B622-C6E2-4494-8AD1-7922995F3E83}" = rport=10243 | protocol=6 | dir=out | app=system |
"{52B4BB6B-B3FF-493A-B4DC-AC775603752D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{63C78481-9CFB-4C8F-B577-F2A9F4E86EEC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6AE29FEB-7903-4A99-B2DF-C2B080AFB1A7}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8020D830-7221-44FB-B656-EB1A49A25395}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A72732E-BF29-4B50-AFFD-70E2148D0D1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CE367BB-54B9-4C5E-9C8D-8B967DED1F8C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB9833D1-1097-4427-AB81-7C78C7B7BFB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFA36CD8-47AB-4648-9430-CF1B24C6178D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{B2ABEDA9-0B6D-42AD-B02D-F7008D5C59CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B90CB731-DD8A-4707-85CD-12FB8CF66AC4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C28196F1-15EB-4CF4-8D79-872A3BF47B64}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D37BA86B-EFED-4A02-BD9D-C718690ED227}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7773EE6-4B44-4D42-9495-A5F2CA6E7F22}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E24189DD-49F4-441A-8CCC-229A14899BA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E55DBDAD-B1D0-4D79-AB41-8C175D568AAC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{EA5CA415-DDC7-43E7-B96C-E659DD74A09B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EB76C935-2CB2-4EF4-ABA5-1942533603BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EEA947D4-1588-44BC-BE77-5A9F2FB66DB7}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B3F7D2-0C96-4119-A5B7-4A7E936AE553}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{13F175ED-B4B2-4802-AC94-349B6A8A901C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{140654DB-D1DC-42F0-9373-38A2AF175327}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{23C52C00-AD15-4862-9047-0EB49A98DF78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C01749D-1145-4342-BD79-0A193E438D5C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{33149B96-2B6D-4D3D-B09D-290B52423C0B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3FCCC9DE-36EA-4B06-9F7C-B9EE8F4972FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42DA4C2C-F921-41D2-9F16-4AE2C44D1103}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{456AB8CB-8501-48D7-9704-FF73978F69F9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{55661BE2-4E95-4B2E-B900-CBE02AC451A6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5BC8A8BA-5F41-4618-8D6F-CD209AFF70E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D48D79E-8B79-46D4-850B-C109384D8CDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62C2BA24-4C01-4967-8812-0052DC12BEA3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{62CBF5CD-6312-454A-929D-27B2E367A834}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{657B30B9-7DFE-4472-B675-174B0DD78D4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BB2C652-B78E-4573-BA65-269D5452E25D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6FD65FD0-AABB-47F9-8DB5-76D79095D9B8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{83989971-D066-4785-847A-831F88429E39}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{884CF666-568F-4BEE-94D8-7185A72FE1D3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8ACA1097-2C8E-4615-9258-0198E9C9C492}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8DB6A7FD-26B1-45EA-AFF9-A5512258A1E0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9140F1FD-A179-4506-90B0-77753C29AB87}" = protocol=6 | dir=out | app=system |
"{B0001EBA-BC44-42A7-8E72-8EFDB3842484}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B75E5CFD-B559-46D0-BADD-C2947B6ED76A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9DA2D35-E510-4F90-87B3-3CEDDE61442C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{DA359D9A-190B-4BBA-8170-FE888448F35A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DB973554-27C3-438D-AB86-6D23387A34F8}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DF041095-C5D5-454A-A737-05C78AF7C431}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DF7DF914-A97C-4F47-BB2A-8BEBC74B9788}" = protocol=6 | dir=in | app=c:\users\adebaibe\desktop\solutoinstaller.exe |
"{E0BE69E0-0C4A-45FA-AB29-F52F8DE7C8F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E76E33AA-9760-4F64-BA68-3B59790FF564}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{EB249466-66E7-4831-BB0B-7E671BDFD06F}" = protocol=17 | dir=in | app=c:\users\adebaibe\desktop\solutoinstaller.exe |
"{EF6231E2-9173-452A-ADD0-BF9C16FF66D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0337AB79-279C-4D8B-B601-BC585FB91BD8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{121DE4A5-326E-4B6A-941A-458D117EC411}C:\program files\mindtouch easy installer\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\mindtouch easy installer\mysql\bin\mysqld.exe |
"TCP Query User{1A946C77-D54B-44DB-8238-19B39E77B012}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{36795B08-4088-4A87-82F1-8C0FE69FBBFB}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{73AEA30A-3D60-4A37-96B7-42731E960EF1}C:\program files\mindtouch easy installer\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files\mindtouch easy installer\apache2\bin\httpd.exe |
"UDP Query User{03AC1B75-FB62-4B8D-9287-DABBD8487220}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{115FECCB-F900-47BA-A789-EAFD573E5DE9}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3BBD3D0C-5A10-4565-A948-5C94EF3EAA67}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{4B3F955C-15B7-4E47-A364-1618A7FAA38B}C:\program files\mindtouch easy installer\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\mindtouch easy installer\mysql\bin\mysqld.exe |
"UDP Query User{61AAE540-2926-4AC4-A5C3-64C2164F0247}C:\program files\mindtouch easy installer\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files\mindtouch easy installer\apache2\bin\httpd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF1EDAC1-1EF6-495A-8211-8EECEE496060}" = VMOps VM Instance Manager
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Absolute Uninstaller_is1" = Absolute Uninstaller 2.8.0.636
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agent Ransack_is1" = Agent Ransack 2010
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"DivX Setup.divx.com" = DivX Setup
"EPSON NX210 Series" = EPSON NX210 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder5.01" = Freecorder 5
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LManager" = Launch Manager
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"MWSnap 3" = MWSnap 3
"Revo Uninstaller" = Revo Uninstaller 1.92
"sp6" = Logitech SetPoint 6.22
"Winamp" = Winamp
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite" = Windows Live Essentials
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 5.1.3.1)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SugarSync" = SugarSync Manager
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2011 6:04:11 PM | Computer Name = Tom-Sawyer | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b50 Start Time: 01cc2f9354d42b89 Termination Time: 46

Error - 6/20/2011 6:27:30 PM | Computer Name = Tom-Sawyer | Source = Application Hang | ID = 1002
Description = The program msconfig.exe version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12b4 Start Time: 01cc2f98db3dd495 Termination Time: 0

Error - 6/20/2011 6:28:01 PM | Computer Name = Tom-Sawyer | Source = Application Hang | ID = 1002
Description = The program msconfig.exe version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1778 Start Time: 01cc2f99431a9355 Termination Time: 0

Error - 6/20/2011 7:36:00 PM | Computer Name = Tom-Sawyer | Source = System Restore | ID = 8209
Description =

Error - 6/20/2011 7:50:27 PM | Computer Name = Tom-Sawyer | Source = System Restore | ID = 8209
Description =

Error - 6/21/2011 1:32:34 AM | Computer Name = Tom-Sawyer | Source = Application Hang | ID = 1002
Description = The program Magnify.exe version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: fdc Start Time: 01cc2fd4403096b2 Termination Time: 0

Error - 6/21/2011 2:19:38 AM | Computer Name = Tom-Sawyer | Source = EventSystem | ID = 4609
Description =

Error - 6/21/2011 3:51:23 AM | Computer Name = Tom-Sawyer | Source = EventSystem | ID = 4609
Description =

Error - 6/21/2011 3:51:47 AM | Computer Name = Tom-Sawyer | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4d334d98,
faulting module iexplore.exe, version 0.0.0.0, time stamp 0x4d334d98, exception
code 0x40000015, fault offset 0x0008cb40, process id 0x754, application start time
0x01cc2fe8112da9b8.

Error - 6/21/2011 3:52:07 AM | Computer Name = Tom-Sawyer | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 6/26/2011 4:26:39 AM | Computer Name = Tom-Sawyer | Source = LSM | ID = 1048
Description =

Error - 6/26/2011 4:28:10 AM | Computer Name = Tom-Sawyer | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/26/2011 4:28:43 AM | Computer Name = Tom-Sawyer | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/26/2011 4:29:05 AM | Computer Name = Tom-Sawyer | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 6/26/2011 4:31:16 AM | Computer Name = Tom-Sawyer | Source = Service Control Manager | ID = 7022
Description =

Error - 6/26/2011 4:31:16 AM | Computer Name = Tom-Sawyer | Source = LSM | ID = 1048
Description =

Error - 6/27/2011 1:47:42 PM | Computer Name = Tom-Sawyer | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {6180A391-AC39-4797-B9F7-E186F38B718C}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 6/27/2011 1:47:42 PM | Computer Name = Tom-Sawyer | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {6180A391-AC39-4797-B9F7-E186F38B718C}
with the Router Manager for the IPV6 protocol. The following error occurred: Cannot
complete this function.

Error - 6/27/2011 1:50:25 PM | Computer Name = Tom-Sawyer | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {6180A391-AC39-4797-B9F7-E186F38B718C}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 6/27/2011 1:50:25 PM | Computer Name = Tom-Sawyer | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {6180A391-AC39-4797-B9F7-E186F38B718C}
with the Router Manager for the IPV6 protocol. The following error occurred: Cannot
complete this function.


< End of report > Hope you can understand this?????? I can't YET....

TRhank you
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 5315
    Memory
    2 gb
    Hard Drives
    C drive
    D Drive
    Case
    Standard Acer Aspire Case
    Cooling
    Cooling Pad and USB Desklamp/fan combo
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    DSL 20mb/s
    Other Info
    I run a 60watt speakers from my headphone jack, and I got 10port USB HUB USB Wireless adapter foer the internet
Re: Since My trojan, I got error messages when I try to start defender and security s

Did you do the ESET online scan? If so, can you reply with the log. If not, can you do it and post back with the log?

Did you upload the files to Virus Total? If so, can you reply with the log. If not, can you do it and post back with the log?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Re: Since My trojan, I got error messages when I try to start defender and security s

Here is my otl log

OTL logfile created on: 6/27/2011 11:30:43 AM - Run 8
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Adebaibe\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.59% Memory free
3.88 Gb Paging File | 2.53 Gb Available in Paging File | 65.26% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 10.43 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 18.95 Gb Free Space | 27.26% Space Free | Partition Type: NTFS
Drive E: | 152.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TOM-SAWYER | User Name: Adebaibe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Adebaibe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - D:\Downloads\Total.Video.Converter.New.Ultimate.2008.v3.11.Winall\Total.Video.Converter.New.Ultimate.2008.v3.11.Winall\Total.Video.Converter.New.Ultimate.2008.v3.11.Winall.exe (Thank You For Sharing)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Plus Converter\DivXConverterLauncher.exe (DivX, Inc.)
PRC - C:\Program Files\DivX\DivX Transcode Engine\DivXEngine.exe (DivX, Inc.)
PRC - C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Adebaibe\AppData\Local\temp\ir_ext_temp_0\autorun.exe (Thank You For Sharing)
PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Adebaibe\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SupportSoft RemoteAssist) -- File not found
SRV - (NNSvc) -- File not found
SRV - (MobilityService) -- File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (VMOpsInstanceMgr) -- C:\Program Files\VMOps, Inc\VMOps VM Instance Manager\vmopsservice.exe (VMOps Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AutoInstallEJCD) -- C:\Users\Adebaibe\AppData\Local\temp\RarSFX0\AutoInstallEJCDSvc.exe ()
SRV - (msav) -- C:\Program Files\Moon Secure Antivirus\msavcore.exe ()
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (MpKsl4169718e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{39069CE0-796C-405E-A134-D52799883452}\MpKsl4169718e.sys (Microsoft Corporation)
DRV - (ZDCNDIS5) -- C:\Windows\System32\ZDCndis5.sys (ZDC., Inc. (ZDC))
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (RDPDISPM) -- C:\Windows\System32\drivers\rdpdispm.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (MEMSWEEP2) -- C:\Windows\System32\88EF.tmp (Sophos Plc)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (QW720V32) Qwest 802.11n XN720 Driver(vista) -- C:\Windows\System32\drivers\WLANUHN.sys (Atheros Communications, Inc.)
DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/nchfilebulldog/{E7D951AA-74C0-4202-A211-E6D898BE244F}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Sign In
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 B0 F8 47 DB 2F CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.conduit.com?SearchSource=10&ctid=CT1060933
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = AcPro Search
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Bitlord 1.2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e039738&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/05/24 18:00:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/26 07:51:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 00:43:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 09:24:42 | 000,000,000 | ---D | M]

[2011/05/21 16:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adebaibe\AppData\Roaming\Mozilla\Extensions
[2011/05/17 22:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adebaibe\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/26 00:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adebaibe\AppData\Roaming\Mozilla\Firefox\Profiles\5to7owbs.default\extensions
[2011/06/25 04:12:20 | 000,000,000 | ---D | M] (Bitlord 1.2 Community Toolbar) -- C:\Users\Adebaibe\AppData\Roaming\Mozilla\Firefox\Profiles\5to7owbs.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}
[2011/06/18 21:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/24 20:46:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/06/19 23:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{B56F37F8-7023-4c2b-B27E-815594CA64E7}
[2011/05/21 00:32:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/24 18:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/24 20:46:23 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/22 11:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/06/15 12:11:02 | 000,003,189 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\acpro.xml
[2010/01/01 01:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/06/23 12:49:33 | 000,002,359 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/09/14 05:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old
[2010/01/01 01:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/05/19 22:04:25 | 000,002,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchvsl.xml
[2010/01/01 01:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 01:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 01:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/06/26 01:22:54 | 000,000,021 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.3.25 205.171.2.25
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/04/26 10:37:38 | 000,000,246 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 18:47:18 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/06/26 10:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/26 10:07:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/26 09:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/06/26 09:25:49 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/06/26 09:25:48 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/06/26 09:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011/06/26 09:24:42 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011/06/26 09:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011/06/26 09:23:57 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\OpenCandy
[2011/06/26 09:23:46 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Winamp
[2011/06/26 09:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/06/26 09:23:46 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\OpenCandy
[2011/06/26 07:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/06/26 07:49:13 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\DivX
[2011/06/26 07:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/06/26 07:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/06/26 07:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/06/26 07:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/06/26 07:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/06/25 21:59:15 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{4CDE4F71-9992-4496-ABF6-0CCCBF6992C8}
[2011/06/25 05:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller
[2011/06/25 05:16:57 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\GlarySoft
[2011/06/25 05:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Absolute Uninstaller
[2011/06/25 05:16:51 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\System32\tm20dec.ax
[2011/06/25 05:16:46 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/06/25 05:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
[2011/06/25 04:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Final Fantasy VII
[2011/06/25 04:12:46 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Python-Eggs
[2011/06/25 04:12:43 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\BitLord
[2011/06/25 04:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/06/25 04:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\BitLord 1.2
[2011/06/24 14:53:30 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\Avatars ETC
[2011/06/24 14:36:26 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\Desktop\MISC
[2011/06/24 07:27:14 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\gtk-2.0
[2011/06/24 07:27:07 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\.thumbnails
[2011/06/24 07:20:09 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\SpeedItUp
[2011/06/24 07:18:15 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\.gimp-2.6
[2011/06/24 07:18:03 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\.gegl-0.0
[2011/06/24 07:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
[2011/06/24 07:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gimp
[2011/06/24 07:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Gimp-2.0
[2011/06/24 07:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/06/24 07:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/06/24 07:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/06/24 07:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/06/24 06:49:28 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\Smart_PC_Utilities,_Ltd
[2011/06/24 05:56:13 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Malwarebytes
[2011/06/24 05:56:07 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/24 05:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/24 05:56:00 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/24 05:25:50 | 003,412,856 | ---- | C] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\Users\Adebaibe\Desktop\procexp.exe
[2011/06/24 04:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSConfig CleanUp
[2011/06/24 04:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSConfig CleanUp
[2011/06/24 01:15:39 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/23 18:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack
[2011/06/23 18:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mythicsoft
[2011/06/23 17:38:12 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{7B0E950E-DBFC-4EF4-AEAC-5CB6E524D8A5}
[2011/06/23 17:33:05 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qwest 11n Wireless WPS Tool
[2011/06/23 17:31:12 | 000,449,536 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\WLANUHN.sys
[2011/06/23 17:31:12 | 000,094,208 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\ZDCN50.dll
[2011/06/23 17:31:12 | 000,020,736 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\ZDCndis5.sys
[2011/06/23 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Qwest 11n Wireless WPS Tool
[2011/06/23 17:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\AutoInstall
[2011/06/23 12:45:09 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\AVG10
[2011/06/23 05:37:23 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{9F0BB30B-9191-4876-A6EF-51A7E9B73752}
[2011/06/23 02:53:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/23 02:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/23 02:06:40 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\Documents\Scan Logs
[2011/06/23 02:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/06/22 21:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/06/22 21:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/06/22 21:53:52 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/06/22 17:36:08 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{E63EDA16-9739-4006-9B46-424A77C12CF5}
[2011/06/22 11:14:04 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2011/06/22 10:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/06/22 10:46:42 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011/06/22 10:41:35 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2011/06/22 10:41:16 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/06/22 10:30:30 | 005,702,656 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2011/06/22 10:30:30 | 003,821,568 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2011/06/22 10:30:30 | 002,576,384 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igd10umd32.dll
[2011/06/22 10:30:30 | 000,536,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2011/06/22 10:30:30 | 000,200,192 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2011/06/22 10:30:30 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v1666.dll
[2011/06/22 10:30:30 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2011/06/22 10:30:30 | 000,059,392 | ---- | C] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll
[2011/06/22 10:30:30 | 000,051,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2011/06/22 10:30:30 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2011/06/22 10:30:29 | 004,112,384 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4icd32.dll
[2011/06/22 10:30:29 | 002,674,688 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4dev32.dll
[2011/06/22 10:30:29 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2011/06/22 10:30:28 | 008,198,680 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\TVWSetup.exe
[2011/06/22 10:30:28 | 000,668,696 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcfg.exe
[2011/06/22 10:30:25 | 000,310,784 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2011/06/22 10:30:25 | 000,304,640 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2011/06/22 10:30:25 | 000,303,616 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2011/06/22 10:30:25 | 000,303,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2011/06/22 10:30:25 | 000,303,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresp.lrc
[2011/06/22 10:30:25 | 000,299,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2011/06/22 10:30:25 | 000,294,912 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2011/06/22 10:30:25 | 000,291,328 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2011/06/22 10:30:25 | 000,289,280 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2011/06/22 10:30:25 | 000,288,256 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2011/06/22 10:30:25 | 000,287,744 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2011/06/22 10:30:25 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2011/06/22 10:30:25 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2011/06/22 10:30:25 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2011/06/22 10:30:25 | 000,281,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2011/06/22 10:30:25 | 000,280,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2011/06/22 10:30:25 | 000,279,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2011/06/22 10:30:25 | 000,279,040 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2011/06/22 10:30:25 | 000,277,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2011/06/22 10:30:25 | 000,262,656 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2011/06/22 10:30:25 | 000,252,416 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2011/06/22 10:30:25 | 000,249,856 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2011/06/22 10:30:25 | 000,206,848 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2011/06/22 10:30:25 | 000,205,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2011/06/22 10:30:25 | 000,179,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2011/06/22 10:30:25 | 000,178,176 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2011/06/22 10:30:25 | 000,119,296 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2011/06/22 10:26:55 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Adebaibe\Desktop\OTL.exe
[2011/06/22 09:52:47 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\SlimWare Utilities Inc
[2011/06/22 08:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2011/06/22 05:50:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/22 05:37:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/22 05:37:10 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\temp
[2011/06/21 22:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\VMOps, Inc
[2011/06/21 19:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/06/21 18:16:43 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\SugarSync
[2011/06/21 18:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync
[2011/06/21 09:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Moon Secure Antivirus
[2011/06/20 16:53:25 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{1B563A5A-2F92-4191-B42A-6200AC2350D8}
[2011/06/20 13:14:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\NtmsData
[2011/06/20 12:41:07 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/06/20 11:57:57 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{24714825-B05E-4EEC-8404-95A320C82AE7}
[2011/06/20 08:02:07 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/06/20 03:36:41 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWSnap
[2011/06/20 03:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWSnap
[2011/06/20 03:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\MWSnap
[2011/06/20 02:56:16 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\Symantec
[2011/06/20 01:33:38 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Tific
[2011/06/20 01:22:56 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{D0D0DAEA-8CC4-4D2B-A4F2-18E840BA11C5}
[2011/06/19 20:21:01 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2011/06/19 20:12:24 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\iExpert Software
[2011/06/19 14:52:58 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/06/19 04:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Utilities
[2011/06/17 08:21:37 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\MozillaControl
[2011/06/17 08:19:42 | 000,000,000 | ---D | C] -- C:\Windows\'Full Speed' Internet Booster + Performance Tests
[2011/06/16 22:57:20 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\Documents\Freecorder
[2011/06/16 22:57:19 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\FLVService
[2011/06/16 22:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
[2011/06/16 22:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2011/06/15 20:58:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 20:58:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/15 20:58:26 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/15 20:58:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/15 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/06/15 08:56:53 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{58718B25-B5C8-4684-9E8C-FD5964A09705}
[2011/06/14 15:03:17 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{EE5521DE-81B8-4E1A-9695-AF893B245BDA}
[2011/06/14 02:47:23 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{D5842E21-AF8B-4871-BD00-92639EB31E0F}
[2011/06/12 12:12:51 | 000,446,464 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\HHActiveX.dll
[2011/06/12 12:12:49 | 000,081,920 | ---- | C] (Net Nanny Software International, Inc.) -- C:\Windows\System32\NNComm.dll
[2011/06/12 12:12:49 | 000,024,576 | ---- | C] (Net Nanny Software International, Inc.) -- C:\Windows\System32\HookRes.dll
[2011/06/12 01:02:10 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Media Player Classic
[2011/06/10 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\Wondershare
[2011/06/10 12:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2011/06/10 12:03:49 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Wondershare
[2011/06/08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2011/06/07 20:39:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\msmq
[2011/06/07 13:04:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/07 12:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/06 11:21:32 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{467B2737-9022-491D-BC7C-4DF2B08EBF3D}
[2011/06/05 21:48:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/05 18:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/05 18:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/02 10:53:02 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2011/06/01 21:38:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/01 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\Documents\Wondershare Video Converter Platinum
[2011/06/01 21:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2011/06/01 21:38:02 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2011/06/01 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/06/01 20:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/06/01 20:18:46 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2011/06/01 19:02:10 | 000,000,000 | ---D | C] -- C:\Temp
[2011/06/01 18:11:26 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{9459B512-A83D-48DC-8F25-509AC7D5BED6}
[2011/06/01 18:11:26 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{92417B40-4066-4FE1-B4F9-642CDF67292A}
[2011/06/01 18:07:13 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrr7153.rra
[2011/05/31 14:33:41 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrr7b55.rra
[2011/05/31 14:33:32 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2011/05/30 02:07:14 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\DSMP
[2011/05/29 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\Music Recognition
[2011/05/29 16:32:19 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\NCH Software
[2011/05/29 16:30:43 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Roaming\NCH Swift Sound
[2011/05/29 06:20:26 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\CrashDumps
[2011/05/28 18:57:12 | 000,000,000 | ---D | C] -- C:\Users\Adebaibe\AppData\Local\{F372734F-0A40-45F0-9C4E-A9A45128CB8E}
[2011/05/15 19:58:42 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/07/31 06:43:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/27 11:29:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/27 11:29:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/27 11:08:49 | 000,092,672 | ---- | M] () -- C:\Users\Adebaibe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 10:58:16 | 000,666,808 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/27 10:58:16 | 000,125,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/26 17:43:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/26 16:47:30 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2011/06/26 10:51:06 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/26 10:50:38 | 000,001,772 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Microsoft Security Essentials.lnk
[2011/06/26 10:08:22 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/26 09:25:50 | 000,000,764 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/06/26 09:25:50 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/06/26 07:51:29 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/06/26 07:51:29 | 000,001,401 | ---- | M] () -- C:\Users\Adebaibe\Desktop\DivX Movies.lnk
[2011/06/26 07:50:03 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/06/26 07:48:27 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/26 07:48:27 | 000,001,919 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/26 02:01:06 | 000,002,489 | ---- | M] () -- C:\Users\Adebaibe\Desktop\HiJack.lnk
[2011/06/26 01:41:32 | 000,001,132 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Wondershare.lnk
[2011/06/26 01:41:32 | 000,001,082 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare Video Converter Platinum.lnk
[2011/06/26 01:29:36 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/06/26 01:29:34 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/26 01:28:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/26 01:22:54 | 000,000,021 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/25 19:46:03 | 000,007,512 | -HS- | M] () -- C:\Users\Adebaibe\AppData\Local\t05kv0komxexml6l86yyf04
[2011/06/25 19:46:03 | 000,007,512 | -HS- | M] () -- C:\ProgramData\t05kv0komxexml6l86yyf04
[2011/06/25 05:17:15 | 000,000,815 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Absolute Uninstaller.lnk
[2011/06/25 05:17:15 | 000,000,791 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Absolute.lnk
[2011/06/25 05:16:35 | 000,000,800 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Final Fantasy VII.lnk
[2011/06/25 01:11:32 | 000,000,134 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Device Manager - Shortcut.lnk
[2011/06/24 21:39:19 | 001,007,120 | ---- | M] () -- C:\Users\Adebaibe\Desktop\iExplore.exe
[2011/06/24 14:21:50 | 000,453,632 | ---- | M] () -- C:\Users\Adebaibe\Desktop\CKScanner.exe
[2011/06/24 09:32:32 | 000,004,670 | ---- | M] () -- C:\Users\Adebaibe\.recently-used.xbel
[2011/06/24 07:13:37 | 000,000,862 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Gimp 2.lnk
[2011/06/24 05:56:07 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\MB.lnk
[2011/06/24 04:41:52 | 000,000,815 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\MSConfigCleanUp.lnk
[2011/06/24 03:21:33 | 000,000,134 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Backup and Restore.lnk
[2011/06/24 02:00:41 | 000,000,067 | ---- | M] () -- C:\Windows\WpsCenterV.INI
[2011/06/23 17:31:12 | 000,094,208 | ---- | M] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\ZDCN50.dll
[2011/06/23 17:31:12 | 000,020,736 | ---- | M] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\ZDCndis5.sys
[2011/06/23 13:43:12 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/23 13:20:00 | 000,000,248 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/06/23 13:17:01 | 000,010,124 | ---- | M] () -- C:\Windows\System32\.rsp
[2011/06/23 13:17:01 | 000,001,571 | ---- | M] () -- C:\Windows\System32\.lck
[2011/06/23 13:12:14 | 000,012,984 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/06/23 12:52:08 | 000,075,264 | ---- | M] () -- C:\Users\Adebaibe\Desktop\SystemLook.exe
[2011/06/22 21:58:05 | 000,020,225 | ---- | M] () -- C:\Users\Adebaibe\Documents\services.odt
[2011/06/22 18:52:02 | 000,152,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.zip
[2011/06/22 10:47:51 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2011/06/22 10:26:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Adebaibe\Desktop\OTL.exe
[2011/06/21 12:21:35 | 000,000,356 | ---- | M] () -- C:\Windows\System32\events.dat
[2011/06/21 04:41:30 | 000,001,356 | ---- | M] () -- C:\Users\Adebaibe\AppData\Local\d3d9caps.dat
[2011/06/21 02:07:54 | 000,010,792 | -HS- | M] () -- C:\Users\Adebaibe\AppData\Local\4gv052822p
[2011/06/21 00:51:36 | 000,010,090 | -HS- | M] () -- C:\ProgramData\4gv052822p
[2011/06/20 03:36:41 | 000,000,692 | ---- | M] () -- C:\Users\Adebaibe\Desktop\SMILE.lnk
[2011/06/19 06:00:12 | 000,000,959 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Reboottime.vbs
[2011/06/18 21:41:59 | 000,000,834 | ---- | M] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/18 21:41:48 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\FOX.lnk
[2011/06/17 23:33:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/17 21:47:00 | 006,751,087 | ---- | M] () -- C:\Users\Adebaibe\Documents\SAMintensity2MANUAL.pdf
[2011/06/17 05:21:26 | 000,006,286 | ---- | M] () -- C:\Users\Adebaibe\Documents\My Favorite Theme.theme
[2011/06/17 04:55:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/17 03:04:04 | 000,000,600 | ---- | M] () -- C:\Users\Adebaibe\PUTTY.RND
[2011/06/16 17:43:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/16 17:43:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/16 17:37:58 | 000,000,222 | ---- | M] () -- C:\Users\Adebaibe\Desktop\Internet Options.lnk
[2011/06/15 20:58:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 20:58:28 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/15 20:58:26 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/15 20:58:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/15 15:38:55 | 000,000,073 | ---- | M] () -- C:\Windows\cdplayer.ini
[2011/06/15 15:38:46 | 000,001,492 | ---- | M] () -- C:\ProgramData\ss.ini
[2011/06/15 13:18:07 | 000,034,308 | ---- | M] () -- C:\Windows\System32\BASSMOD.dll
[2011/06/13 23:43:19 | 000,012,976 | ---- | M] () -- C:\Users\Adebaibe\Documents\Mdicationreminder.odt
[2011/06/12 12:12:52 | 000,000,020 | ---- | M] () -- C:\Windows\NNS.INI
[2011/06/11 02:44:56 | 000,315,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/07 12:52:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/06/02 23:03:28 | 000,009,115 | ---- | M] () -- C:\Users\Adebaibe\Documents\PIllReminder.odt
[2011/06/02 11:49:07 | 854,935,474 | ---- | M] () -- C:\Users\Adebaibe\The Best Bits of Mr Bean.wmv
[2011/06/02 11:00:35 | 067,271,576 | ---- | M] () -- C:\Users\Adebaibe\Mr Bean The Bus Stop Sketch.wmv
[2011/06/02 10:56:40 | 110,368,884 | ---- | M] () -- C:\Users\Adebaibe\Mr Bean The Library Sketch.wmv
[2011/06/02 10:53:02 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2011/06/02 10:12:48 | 297,870,506 | ---- | M] () -- C:\Users\Adebaibe\12 Tee Off, MrBean.wmv
[2011/06/02 09:55:28 | 286,030,308 | ---- | M] () -- C:\Users\Adebaibe\11 Back To School, MrBean.wmv
[2011/06/02 09:22:31 | 309,439,010 | ---- | M] () -- C:\Users\Adebaibe\14 Hair by MrBean of London.wmv
[2011/06/02 09:02:00 | 292,454,506 | ---- | M] () -- C:\Users\Adebaibe\10 Do-It-Yourself, MrBean.wmv
[2011/06/02 07:08:31 | 285,766,188 | ---- | M] () -- C:\Users\Adebaibe\13 Good Night, MrBean.wmv
[2011/06/02 01:37:59 | 2227,141,488 | ---- | M] () -- C:\Users\Adebaibe\R30.wmv
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/29 07:31:13 | 004,951,132 | ---- | M] () -- C:\Users\Adebaibe\Documents\04Go for Soda192kbps.mp3
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/26 10:50:38 | 000,001,772 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Microsoft Security Essentials.lnk
[2011/06/26 09:25:50 | 000,000,764 | ---- | C] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/06/26 09:25:50 | 000,000,740 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/06/26 07:51:29 | 000,001,401 | ---- | C] () -- C:\Users\Adebaibe\Desktop\DivX Movies.lnk
[2011/06/26 07:50:03 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/06/26 07:48:41 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/06/26 07:48:27 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/26 07:48:27 | 000,001,919 | ---- | C] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/26 01:41:31 | 000,158,720 | ---- | C] () -- C:\Windows\System32\WS_VideoConverterContextMenu.dll
[2011/06/26 01:38:52 | 000,001,132 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Wondershare.lnk
[2011/06/26 01:38:50 | 000,158,720 | ---- | C] () -- C:\Windows\System32\__WS_VideoConverterContextMenu.dll
[2011/06/25 19:44:46 | 000,007,512 | -HS- | C] () -- C:\Users\Adebaibe\AppData\Local\t05kv0komxexml6l86yyf04
[2011/06/25 19:44:46 | 000,007,512 | -HS- | C] () -- C:\ProgramData\t05kv0komxexml6l86yyf04
[2011/06/25 05:17:15 | 000,000,815 | ---- | C] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Absolute Uninstaller.lnk
[2011/06/25 05:17:15 | 000,000,791 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Absolute.lnk
[2011/06/25 05:16:35 | 000,000,800 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Final Fantasy VII.lnk
[2011/06/25 01:11:32 | 000,000,134 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Device Manager - Shortcut.lnk
[2011/06/25 00:07:49 | 001,007,120 | ---- | C] () -- C:\Users\Adebaibe\Desktop\iExplore.exe
[2011/06/24 14:21:47 | 000,453,632 | ---- | C] () -- C:\Users\Adebaibe\Desktop\CKScanner.exe
[2011/06/24 09:32:32 | 000,004,670 | ---- | C] () -- C:\Users\Adebaibe\.recently-used.xbel
[2011/06/24 07:24:46 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/06/24 07:13:37 | 000,000,862 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Gimp 2.lnk
[2011/06/24 05:56:07 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\MB.lnk
[2011/06/24 04:41:52 | 000,000,815 | ---- | C] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\MSConfigCleanUp.lnk
[2011/06/24 03:21:33 | 000,000,134 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Backup and Restore.lnk
[2011/06/24 01:15:39 | 000,002,489 | ---- | C] () -- C:\Users\Adebaibe\Desktop\HiJack.lnk
[2011/06/23 17:34:49 | 000,000,067 | ---- | C] () -- C:\Windows\WpsCenterV.INI
[2011/06/23 13:20:00 | 000,000,248 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/06/23 12:52:03 | 000,075,264 | ---- | C] () -- C:\Users\Adebaibe\Desktop\SystemLook.exe
[2011/06/22 21:58:01 | 000,020,225 | ---- | C] () -- C:\Users\Adebaibe\Documents\services.odt
[2011/06/22 10:30:25 | 000,039,872 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2011/06/22 10:30:25 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2011/06/22 10:30:24 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2011/06/22 10:08:42 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/06/22 04:54:44 | 000,010,124 | ---- | C] () -- C:\Windows\System32\.rsp
[2011/06/22 04:54:44 | 000,001,571 | ---- | C] () -- C:\Windows\System32\.lck
[2011/06/21 22:17:26 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/21 19:38:38 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/21 19:38:36 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/21 18:16:13 | 000,001,711 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync Manager.lnk
[2011/06/21 11:18:39 | 000,000,356 | ---- | C] () -- C:\Windows\System32\events.dat
[2011/06/20 23:24:02 | 000,010,792 | -HS- | C] () -- C:\Users\Adebaibe\AppData\Local\4gv052822p
[2011/06/20 23:24:02 | 000,010,090 | -HS- | C] () -- C:\ProgramData\4gv052822p
[2011/06/20 18:50:43 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/20 03:36:41 | 000,000,692 | ---- | C] () -- C:\Users\Adebaibe\Desktop\SMILE.lnk
[2011/06/20 00:25:33 | 000,001,356 | ---- | C] () -- C:\Users\Adebaibe\AppData\Local\d3d9caps.dat
[2011/06/19 06:00:12 | 000,000,959 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Reboottime.vbs
[2011/06/19 04:41:24 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/06/19 02:43:31 | 004,951,132 | ---- | C] () -- C:\Users\Adebaibe\Documents\04Go for Soda192kbps.mp3
[2011/06/17 21:46:59 | 006,751,087 | ---- | C] () -- C:\Users\Adebaibe\Documents\SAMintensity2MANUAL.pdf
[2011/06/17 05:21:26 | 000,006,286 | ---- | C] () -- C:\Users\Adebaibe\Documents\My Favorite Theme.theme
[2011/06/17 03:23:56 | 000,002,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011/06/17 03:23:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/06/16 21:58:57 | 000,000,600 | ---- | C] () -- C:\Users\Adebaibe\PUTTY.RND
[2011/06/16 17:43:35 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/06/16 17:43:35 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/16 17:37:58 | 000,000,222 | ---- | C] () -- C:\Users\Adebaibe\Desktop\Internet Options.lnk
[2011/06/15 15:38:55 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/06/15 15:38:46 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/06/15 12:28:23 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2011/06/12 12:12:52 | 000,000,020 | ---- | C] () -- C:\Windows\NNS.INI
[2011/06/10 12:03:58 | 000,158,720 | ---- | C] () -- C:\Windows\System32\_WS_VideoConverterContextMenu.dll
[2011/06/07 13:05:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/07 13:05:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/07 13:05:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/07 12:49:45 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/06/05 02:31:33 | 854,935,474 | ---- | C] () -- C:\Users\Adebaibe\The Best Bits of Mr Bean.wmv
[2011/06/05 02:28:36 | 067,271,576 | ---- | C] () -- C:\Users\Adebaibe\Mr Bean The Bus Stop Sketch.wmv
[2011/06/05 02:28:11 | 110,368,884 | ---- | C] () -- C:\Users\Adebaibe\Mr Bean The Library Sketch.wmv
[2011/06/05 02:15:19 | 292,454,506 | ---- | C] () -- C:\Users\Adebaibe\10 Do-It-Yourself, MrBean.wmv
[2011/06/05 02:14:33 | 286,030,308 | ---- | C] () -- C:\Users\Adebaibe\11 Back To School, MrBean.wmv
[2011/06/05 02:13:43 | 297,870,506 | ---- | C] () -- C:\Users\Adebaibe\12 Tee Off, MrBean.wmv
[2011/06/05 02:12:59 | 285,766,188 | ---- | C] () -- C:\Users\Adebaibe\13 Good Night, MrBean.wmv
[2011/06/05 02:12:18 | 309,439,010 | ---- | C] () -- C:\Users\Adebaibe\14 Hair by MrBean of London.wmv
[2011/06/02 23:03:24 | 000,009,115 | ---- | C] () -- C:\Users\Adebaibe\Documents\PIllReminder.odt
[2011/06/01 23:37:05 | 2227,141,488 | ---- | C] () -- C:\Users\Adebaibe\R30.wmv
[2011/06/01 21:38:15 | 000,001,082 | ---- | C] () -- C:\Users\Adebaibe\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare Video Converter Platinum.lnk
[2011/06/01 21:38:03 | 000,496,640 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011/06/01 21:38:02 | 000,675,840 | ---- | C] () -- C:\Windows\System32\ac3filter.ax
[2011/05/27 22:02:53 | 000,000,552 | ---- | C] () -- C:\Users\Adebaibe\AppData\Local\d3d8caps.dat
[2011/05/24 18:18:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/05/24 12:03:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/05/24 12:03:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/22 13:52:08 | 000,000,136 | ---- | C] () -- C:\ProgramData\avalon2.2.ini
[2011/05/22 13:31:04 | 000,031,007 | ---- | C] () -- C:\Users\Adebaibe\AppData\Roaming\UserTile.png
[2011/05/16 18:13:00 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2011/05/16 12:33:19 | 000,092,672 | ---- | C] () -- C:\Users\Adebaibe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/15 23:35:40 | 000,000,025 | ---- | C] () -- C:\Windows\EPNX210.ini
[2011/05/15 23:10:35 | 000,000,118 | ---- | C] () -- C:\Users\Adebaibe\AppData\Roaming\wklnhst.dat
[2011/05/15 21:13:20 | 000,000,760 | ---- | C] () -- C:\Users\Adebaibe\AppData\Roaming\setup_ldm.iss
[2011/05/15 20:23:24 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2011/05/15 20:23:17 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2011/05/15 19:58:42 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/07/31 08:01:29 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/31 06:50:23 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/07/31 06:44:29 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/07/31 06:44:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/07/31 06:43:32 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/07/31 05:07:59 | 000,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/31 05:07:10 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/31 05:07:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/04/25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,315,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:34:43 | 000,000,041 | ---- | C] () -- C:\Windows\System32\mqtgsvc.exe.cfg
[2006/11/02 03:33:01 | 000,666,808 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,125,670 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/05/15 20:03:17 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Acer
[2011/06/23 12:45:09 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\AVG10
[2011/06/25 13:04:09 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\BitLord
[2011/05/30 02:07:14 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\DSMP
[2011/06/13 23:24:13 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Epson
[2011/05/22 00:24:46 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\GetRightToGo
[2011/06/26 00:45:24 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\GlarySoft
[2011/06/24 09:32:32 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\gtk-2.0
[2011/06/19 20:12:24 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\iExpert Software
[2011/05/15 20:03:06 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Leadertech
[2011/06/15 12:22:52 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Music Recognition
[2011/05/21 01:07:27 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\MusicNet
[2011/06/24 03:14:44 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\NCH Swift Sound
[2011/06/26 09:23:46 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\OpenCandy
[2011/05/23 07:50:27 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\OpenOffice.org
[2011/05/26 18:09:24 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\OxelonMC
[2011/05/22 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\PeerNetworking
[2011/06/25 04:12:46 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Python-Eggs
[2011/05/17 22:46:23 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Songbird2
[2011/06/24 07:20:09 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\SpeedItUp
[2011/05/15 23:14:32 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Template
[2011/06/20 01:33:38 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Tific
[2011/05/23 01:27:01 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\VSRevoGroup
[2011/06/21 09:41:40 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\W3i, LLC
[2011/05/22 14:54:44 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\WFDS
[2011/05/25 18:06:03 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Windows Live Writer
[2011/06/10 12:03:49 | 000,000,000 | ---D | M] -- C:\Users\Adebaibe\AppData\Roaming\Wondershare
[2011/06/26 01:29:36 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2011/06/26 01:27:09 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Here is the extra

OTL Extras logfile created on: 6/27/2011 11:30:44 AM - Run 8
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Adebaibe\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.59% Memory free
3.88 Gb Paging File | 2.53 Gb Available in Paging File | 65.26% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 10.43 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 18.95 Gb Free Space | 27.26% Space Free | Partition Type: NTFS
Drive E: | 152.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TOM-SAWYER | User Name: Adebaibe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2326887077-3983706615-3144136406-1000]
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07635246-2844-4109-871A-38A69B190F27}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{0892C480-2A8F-4701-A032-0AF09F0752C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09932A24-D415-41D0-83CA-E4A4BB2C30E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B455DF0-2DA4-4BC1-97EC-14E40ED07887}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0DE0266A-7CC9-45D1-9375-6C1E273F2127}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{0E198EC6-79B6-421A-83F1-4E475C1CEE39}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11912627-7EC0-4676-B988-FBCC17922CE6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2DEDC3D6-717D-47A7-9370-1C7377476118}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3413610B-1D19-468C-97D3-460570CBBA3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39B24AB3-BCD2-48E2-A152-EDF747A855A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F4A8FF0-8B82-4751-9DC8-057CFEC955F8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4302FA5D-6F04-4D73-A8BE-B7372252E38B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{461D97F0-E47B-4A5D-B449-72FF90192ACF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{508DD46E-8A85-4D20-9B5A-825CA20C83E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5294B622-C6E2-4494-8AD1-7922995F3E83}" = rport=10243 | protocol=6 | dir=out | app=system |
"{52B4BB6B-B3FF-493A-B4DC-AC775603752D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{63C78481-9CFB-4C8F-B577-F2A9F4E86EEC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6AE29FEB-7903-4A99-B2DF-C2B080AFB1A7}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8020D830-7221-44FB-B656-EB1A49A25395}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A72732E-BF29-4B50-AFFD-70E2148D0D1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CE367BB-54B9-4C5E-9C8D-8B967DED1F8C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB9833D1-1097-4427-AB81-7C78C7B7BFB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFA36CD8-47AB-4648-9430-CF1B24C6178D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{B2ABEDA9-0B6D-42AD-B02D-F7008D5C59CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B90CB731-DD8A-4707-85CD-12FB8CF66AC4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C28196F1-15EB-4CF4-8D79-872A3BF47B64}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D37BA86B-EFED-4A02-BD9D-C718690ED227}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7773EE6-4B44-4D42-9495-A5F2CA6E7F22}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E24189DD-49F4-441A-8CCC-229A14899BA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E55DBDAD-B1D0-4D79-AB41-8C175D568AAC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{EA5CA415-DDC7-43E7-B96C-E659DD74A09B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EB76C935-2CB2-4EF4-ABA5-1942533603BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EEA947D4-1588-44BC-BE77-5A9F2FB66DB7}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B3F7D2-0C96-4119-A5B7-4A7E936AE553}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{13F175ED-B4B2-4802-AC94-349B6A8A901C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{140654DB-D1DC-42F0-9373-38A2AF175327}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{23C52C00-AD15-4862-9047-0EB49A98DF78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C01749D-1145-4342-BD79-0A193E438D5C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{33149B96-2B6D-4D3D-B09D-290B52423C0B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3FCCC9DE-36EA-4B06-9F7C-B9EE8F4972FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42DA4C2C-F921-41D2-9F16-4AE2C44D1103}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{456AB8CB-8501-48D7-9704-FF73978F69F9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{55661BE2-4E95-4B2E-B900-CBE02AC451A6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5BC8A8BA-5F41-4618-8D6F-CD209AFF70E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D48D79E-8B79-46D4-850B-C109384D8CDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62C2BA24-4C01-4967-8812-0052DC12BEA3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{62CBF5CD-6312-454A-929D-27B2E367A834}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{657B30B9-7DFE-4472-B675-174B0DD78D4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BB2C652-B78E-4573-BA65-269D5452E25D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6FD65FD0-AABB-47F9-8DB5-76D79095D9B8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{83989971-D066-4785-847A-831F88429E39}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{884CF666-568F-4BEE-94D8-7185A72FE1D3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8ACA1097-2C8E-4615-9258-0198E9C9C492}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8DB6A7FD-26B1-45EA-AFF9-A5512258A1E0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9140F1FD-A179-4506-90B0-77753C29AB87}" = protocol=6 | dir=out | app=system |
"{B0001EBA-BC44-42A7-8E72-8EFDB3842484}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B75E5CFD-B559-46D0-BADD-C2947B6ED76A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9DA2D35-E510-4F90-87B3-3CEDDE61442C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{DA359D9A-190B-4BBA-8170-FE888448F35A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DB973554-27C3-438D-AB86-6D23387A34F8}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DF041095-C5D5-454A-A737-05C78AF7C431}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DF7DF914-A97C-4F47-BB2A-8BEBC74B9788}" = protocol=6 | dir=in | app=c:\users\adebaibe\desktop\solutoinstaller.exe |
"{E0BE69E0-0C4A-45FA-AB29-F52F8DE7C8F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E76E33AA-9760-4F64-BA68-3B59790FF564}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{EB249466-66E7-4831-BB0B-7E671BDFD06F}" = protocol=17 | dir=in | app=c:\users\adebaibe\desktop\solutoinstaller.exe |
"{EF6231E2-9173-452A-ADD0-BF9C16FF66D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0337AB79-279C-4D8B-B601-BC585FB91BD8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{121DE4A5-326E-4B6A-941A-458D117EC411}C:\program files\mindtouch easy installer\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\mindtouch easy installer\mysql\bin\mysqld.exe |
"TCP Query User{1A946C77-D54B-44DB-8238-19B39E77B012}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{36795B08-4088-4A87-82F1-8C0FE69FBBFB}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{73AEA30A-3D60-4A37-96B7-42731E960EF1}C:\program files\mindtouch easy installer\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files\mindtouch easy installer\apache2\bin\httpd.exe |
"UDP Query User{03AC1B75-FB62-4B8D-9287-DABBD8487220}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{115FECCB-F900-47BA-A789-EAFD573E5DE9}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3BBD3D0C-5A10-4565-A948-5C94EF3EAA67}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{4B3F955C-15B7-4E47-A364-1618A7FAA38B}C:\program files\mindtouch easy installer\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\mindtouch easy installer\mysql\bin\mysqld.exe |
"UDP Query User{61AAE540-2926-4AC4-A5C3-64C2164F0247}C:\program files\mindtouch easy installer\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files\mindtouch easy installer\apache2\bin\httpd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF1EDAC1-1EF6-495A-8211-8EECEE496060}" = VMOps VM Instance Manager
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Absolute Uninstaller_is1" = Absolute Uninstaller 2.8.0.636
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agent Ransack_is1" = Agent Ransack 2010
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"DivX Setup.divx.com" = DivX Setup
"EPSON NX210 Series" = EPSON NX210 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder5.01" = Freecorder 5
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LManager" = Launch Manager
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"MWSnap 3" = MWSnap 3
"Revo Uninstaller" = Revo Uninstaller 1.92
"sp6" = Logitech SetPoint 6.22
"Winamp" = Winamp
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite" = Windows Live Essentials
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 5.1.3.1)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SugarSync" = SugarSync Manager
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2011 6:04:11 PM | Computer Name = Tom-Sawyer | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b50 Start Time: 01cc2f9354d42b89 Termination Time: 46

Error - 6/20/2011 6:27:30 PM | Computer Name = Tom-Sawyer | Source = Application Hang | ID = 1002
Description = The program msconfig.exe version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12b4 Start Time: 01cc2f98db3dd495 Termination Time: 0

Error - 6/20/2011 6:28:01 PM | Computer Name = Tom-Sawyer | Source = Application Hang | ID = 1002
Description = The program msconfig.exe version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1778 Start Time: 01cc2f99431a9355 Termination Time: 0

Error - 6/20/2011 7:36:00 PM | Computer Name = Tom-Sawyer | Source = System Restore | ID = 8209
Description =

Error - 6/20/2011 7:50:27 PM | Computer Name = Tom-Sawyer | Source = System Restore | ID = 8209
Description =

Error - 6/21/2011 1:32:34 AM | Computer Name = Tom-Sawyer | Source = Application Hang | ID = 1002
Description = The program Magnify.exe version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: fdc Start Time: 01cc2fd4403096b2 Termination Time: 0

Error - 6/21/2011 2:19:38 AM | Computer Name = Tom-Sawyer | Source = EventSystem | ID = 4609
Description =

Error - 6/21/2011 3:51:23 AM | Computer Name = Tom-Sawyer | Source = EventSystem | ID = 4609
Description =

Error - 6/21/2011 3:51:47 AM | Computer Name = Tom-Sawyer | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4d334d98,
faulting module iexplore.exe, version 0.0.0.0, time stamp 0x4d334d98, exception
code 0x40000015, fault offset 0x0008cb40, process id 0x754, application start time
0x01cc2fe8112da9b8.

Error - 6/21/2011 3:52:07 AM | Computer Name = Tom-Sawyer | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 6/26/2011 4:26:39 AM | Computer Name = Tom-Sawyer | Source = LSM | ID = 1048
Description =

Error - 6/26/2011 4:28:10 AM | Computer Name = Tom-Sawyer | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/26/2011 4:28:43 AM | Computer Name = Tom-Sawyer | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/26/2011 4:29:05 AM | Computer Name = Tom-Sawyer | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 6/26/2011 4:31:16 AM | Computer Name = Tom-Sawyer | Source = Service Control Manager | ID = 7022
Description =

Error - 6/26/2011 4:31:16 AM | Computer Name = Tom-Sawyer | Source = LSM | ID = 1048
Description =

Error - 6/27/2011 1:47:42 PM | Computer Name = Tom-Sawyer | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {6180A391-AC39-4797-B9F7-E186F38B718C}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 6/27/2011 1:47:42 PM | Computer Name = Tom-Sawyer | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {6180A391-AC39-4797-B9F7-E186F38B718C}
with the Router Manager for the IPV6 protocol. The following error occurred: Cannot
complete this function.

Error - 6/27/2011 1:50:25 PM | Computer Name = Tom-Sawyer | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {6180A391-AC39-4797-B9F7-E186F38B718C}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 6/27/2011 1:50:25 PM | Computer Name = Tom-Sawyer | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {6180A391-AC39-4797-B9F7-E186F38B718C}
with the Router Manager for the IPV6 protocol. The following error occurred: Cannot
complete this function.


< End of report > Hope you can understand this?????? I can't YET....

TRhank you
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 5315
    Memory
    2 gb
    Hard Drives
    C drive
    D Drive
    Case
    Standard Acer Aspire Case
    Cooling
    Cooling Pad and USB Desklamp/fan combo
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    DSL 20mb/s
    Other Info
    I run a 60watt speakers from my headphone jack, and I got 10port USB HUB USB Wireless adapter foer the internet
Re: Since My trojan, I got error messages when I try to start defender and security s

Where do do i send the code????Where do I paste it?

Peter
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 5315
    Memory
    2 gb
    Hard Drives
    C drive
    D Drive
    Case
    Standard Acer Aspire Case
    Cooling
    Cooling Pad and USB Desklamp/fan combo
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    DSL 20mb/s
    Other Info
    I run a 60watt speakers from my headphone jack, and I got 10port USB HUB USB Wireless adapter foer the internet
Re: Since My trojan, I got error messages when I try to start defender and security s

What is the ESET ONLINE SCAN????????
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 5315
    Memory
    2 gb
    Hard Drives
    C drive
    D Drive
    Case
    Standard Acer Aspire Case
    Cooling
    Cooling Pad and USB Desklamp/fan combo
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    DSL 20mb/s
    Other Info
    I run a 60watt speakers from my headphone jack, and I got 10port USB HUB USB Wireless adapter foer the internet

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Re: Since My trojan, I got error messages when I try to start defender and security s

Thanks again Rich :)

Go to VirusTotal - Free Online Virus, Malware and URL Scanner and you'll see a Browse button. Upload one of the following files:

C:\Users\Adebaibe\AppData\Local\t05kv0komxexml6l86yyf04
C:\ProgramData\t05kv0komxexml6l86yyf04
C:\Users\Adebaibe\AppData\Local\4gv052822p
C:\ProgramData\4gv052822p
Click to expand...

Copy and paste the link that it takes you to into your next post, repeat for all 4 files

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Re: Since My trojan, I got error messages when I try to start defender and security s

OK I was looking for the files in appdata and prqogramdata etc, I didnt find anything under that code, but I found alot of empty folders with the lond code or what ever you want to call the folder titles, they are empty????? Should I erase them????????
I scanned the oct tsxt and was clean....
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 5315
    Memory
    2 gb
    Hard Drives
    C drive
    D Drive
    Case
    Standard Acer Aspire Case
    Cooling
    Cooling Pad and USB Desklamp/fan combo
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    DSL 20mb/s
    Other Info
    I run a 60watt speakers from my headphone jack, and I got 10port USB HUB USB Wireless adapter foer the internet
Re: Since My trojan, I got error messages when I try to start defender and security s

Do a full scan with ESET online scanner.

Then do the virus total instructions I said in my last post. The files will be hidden, so you will need to show hidden files and folders:

http://www.vistax64.com/tutorials/86163-hidden-files-folders.html

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Re: Since My trojan, I got error messages when I try to start defender and security s

It picked up 3 threats, and deleted them... 2 opencandy
1 adon

Tuy for the site.... It came in handy,

The other links were nothing, I checked them..

I got alot of empty folders that have wierd names, like a serial number........Do I delete these or leave them?????
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 5315
    Memory
    2 gb
    Hard Drives
    C drive
    D Drive
    Case
    Standard Acer Aspire Case
    Cooling
    Cooling Pad and USB Desklamp/fan combo
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    DSL 20mb/s
    Other Info
    I run a 60watt speakers from my headphone jack, and I got 10port USB HUB USB Wireless adapter foer the internet
Re: Since My trojan, I got error messages when I try to start defender and security s

No problem, can I have another OTL log please? Just to make sure they're gone

How's your computer running? Any luck starting MSE yet?

I can't really say because I don't know what's made them and if they're in use, for all I know it could be a genuine program that's done it and requires those directories for its use - its better to be safe than sorry :)

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Re: Since My trojan, I got error messages when I try to start defender and security s

mse is running fine, I eneded up uninstalling it and reinstalling it.. I think it was corrupted to the point of no repair...Just in case it gets that way again, I got the setup in my dowmloads,,,,,,

View attachment OTL1.Txt
 

My Computer

System One

  • Manufacturer/Model
    Acer Aspire 5315
    Memory
    2 gb
    Hard Drives
    C drive
    D Drive
    Case
    Standard Acer Aspire Case
    Cooling
    Cooling Pad and USB Desklamp/fan combo
    Keyboard
    Logitech
    Mouse
    Logitech
    Internet Speed
    DSL 20mb/s
    Other Info
    I run a 60watt speakers from my headphone jack, and I got 10port USB HUB USB Wireless adapter foer the internet
Re: Since My trojan, I got error messages when I try to start defender and security s

I would recommend that you remove Moon Secure Anti Virus as having multiple AV programs on your computer can cause conflicts.

You also need to do this: http://www.vistax64.com/tutorials/233243-default-file-type-associations-restore.html

For the .com extension


In the OTL custom scans/fixes box, can you copy and paste the following and click the Run Fix button

Code: 
:FILES
C:\Users\Adebaibe\AppData\Local\t05kv0komxexml6l86yyf04 /D
C:\ProgramData\t05kv0komxexml6l86yyf04 /D
C:\Users\Adebaibe\AppData\Local\4gv052822p /D
C:\ProgramData\4gv052822p /D

Please post back with the OTL fix log, it will open in a text window upon completion


Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
You must log in or register to reply here.
Back
Top