[Info] About Alcxmntr

By learninmypc
Nov 24, 2011
  1. As I was rebooting my pc the other day, an End Program box popped up with ALCXMNTR , it might of had .exe on it, I don't recall.
    Anyhow, I googled it & found this http://www.bleepingcomputer.com/startups/Alcxmntr.exe-245.html amongst other possibilities.

    I've run my scans , Mbam,SAS & Avast & they come up clean.
    Am I infected or not? :confused:
  2. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    BC info is correct.
    You should disable it as a startup, but do NOT delete the file because you won't be able to update Real.
  3. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    Real as in Real Player? If so, I got rid of that a long time ago. If not that, how do I disable it? Thanks.
  4. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    In that case....

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
  5. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    When I double click it to run, a black ractangular box pops up & I can see words flying by & then it disappears. Where do I go to find it & post it??
  6. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    CLARIFICATION Please. In your instructions it says to "double click" it.
    When I got this computer, I set it up via Folder Options to "Single click", does that matter ?
  7. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Try right click and "Open".
  8. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    Ok but first, which do I click on?
    [​IMG]
  9. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    2nd one...autoruns.exe
  10. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    Thanks, will do so now & post back.
  11. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    Did that & got this
    [​IMG]

    Next ? :)
     
  12. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Did what exactly?
  13. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    Clicked on the 2nd one like you told me to & got that.
  14. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    I said RIGHT click and click "Open".
  15. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    Ok, I did that & got the same thing. I hope I'm not missing something. If I am,I'm sorry.

    [​IMG]
  16. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  17. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    OTL logfile created on: 11/25/2011 8:12:08 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.48 Mb Total Physical Memory | 200.04 Mb Available Physical Memory | 39.11% Memory free
    1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.20% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 179.89 Gb Total Space | 76.07 Gb Free Space | 42.29% Space Free | Partition Type: NTFS
    Drive D: | 6.40 Gb Total Space | 0.68 Gb Free Space | 10.68% Space Free | Partition Type: FAT32

    Computer Name: CYBER | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/25 20:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\OTL.exe
    PRC - [2011/11/24 03:15:54 | 000,617,488 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
    PRC - [2011/11/24 03:15:54 | 000,339,472 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
    PRC - [2011/10/10 07:32:12 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
    PRC - [2011/09/06 12:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/09/06 12:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/04/18 22:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
    PRC - [2011/04/07 13:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    PRC - [2011/01/24 12:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/25 11:35:27 | 001,619,456 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112501\algo.dll
    MOD - [2011/11/25 09:12:36 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112501\aswRep.dll
    MOD - [2011/02/04 17:48:32 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
    MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2010/09/08 10:00:00 | 003,849,216 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
    MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2005/08/05 13:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
    MOD - [2005/08/05 12:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
    MOD - [2002/09/23 21:11:24 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\hcwXDS.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/10/10 07:32:12 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
    SRV - [2011/09/06 12:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/04/18 22:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
    SRV - [2011/04/18 22:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2011/01/24 12:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/09/06 12:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/09/06 12:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/09/06 12:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/09/06 12:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/09/06 12:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/09/06 12:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/09/06 12:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/03/02 11:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
    DRV - [2011/01/17 08:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
    DRV - [2011/01/17 07:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
    DRV - [2011/01/12 09:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
    DRV - [2010/09/01 00:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2010/07/08 07:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
    DRV - [2009/03/04 01:30:14 | 000,709,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2006/04/05 01:46:30 | 000,163,840 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0250Dev.sys -- (V0250Dev)
    DRV - [2005/04/20 10:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/27 19:28:22 | 000,116,736 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2) Hauppauge WinTV PVR PCI II (26xxx)
    DRV - [2004/07/19 16:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2004/07/17 03:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2004/06/29 16:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2004/05/08 16:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2003/12/12 05:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
    DRV - [2003/09/19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003/07/18 15:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
    DRV - [2003/07/11 21:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
    DRV - [2002/10/04 16:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
    DRV - [2001/06/04 13:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [1999/09/10 04:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kirotv.com/
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 62 C7 FE 74 75 CC 01 [binary data]
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.kirotv.com/"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
    FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
    FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
    FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.5
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
    FF - prefs.js..extensions.enabledItems: lcdclock_bloodeye@gmail.com:0.4.2
    FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.2
    FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
    FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {e6c4c3ef-3d4d-42d6-8283-8da73c53a283}:2.5.1
    FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
    FF - prefs.js..keyword.URL: "http://www.google.com.my/search?q= "
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/09/06 18:46:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/22 10:52:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/22 12:32:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Components: C:\Program Files\SeaMonkey\components [2011/11/22 11:03:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2011/08/08 06:36:34 | 000,000,000 | ---D | M]

    [2009/10/30 23:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Extensions
    [2009/10/30 23:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
    [2011/07/28 12:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\ezk0nmcc.cyber\extensions
    [2011/07/28 12:15:59 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\ezk0nmcc.cyber\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/11/18 05:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\extensions
    [2011/11/08 08:28:16 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2011/11/17 17:37:50 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/11/17 08:33:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/01/13 19:53:25 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
    [2009/08/28 20:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Profiles\default\kbza1opp.slt\extensions
    [2009/08/28 20:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Profiles\default\kbza1opp.slt\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/11/24 07:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\SeaMonkey\Profiles\nobug08s.default\extensions
    [2011/11/17 17:39:54 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\SeaMonkey\Profiles\nobug08s.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2011/11/17 17:39:55 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\SeaMonkey\Profiles\nobug08s.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/11/17 17:39:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\SeaMonkey\Profiles\nobug08s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/06/08 10:28:19 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\SeaMonkey\Profiles\nobug08s.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
    [2009/11/14 01:27:44 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\searchplugins\GoogleFeed.xml
    [2009/08/24 15:42:17 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\searchplugins\webster.xml
    [2011/11/22 10:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.SEATTLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W6IQTF69.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.SEATTLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W6IQTF69.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.SEATTLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W6IQTF69.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.SEATTLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W6IQTF69.DEFAULT\EXTENSIONS\{E6C4C3EF-3D4D-42D6-8283-8DA73C53A283}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.SEATTLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W6IQTF69.DEFAULT\EXTENSIONS\OPTOUT@GOOGLE.COM.XPI
    [2011/09/06 18:46:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
    [2011/11/20 20:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/25 15:29:44 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2008/02/04 17:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
    [2007/02/26 12:44:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
    [2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/20 17:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
    CHR - plugin: SuperAdBlocker FireFox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
    CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: X-notifier (Gmail, Hotmail, Yahoo, AOL ...) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apebebenniibdlpbookhgelaghfnaonp\0.8.5_0\
    CHR - Extension: WOT = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.9_0\
    CHR - Extension: YouTube = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
    CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
    CHR - Extension: IBA Opt-out (by Google) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.0_0\
    CHR - Extension: avast! WebRep = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

    Hosts file not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {E1FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
    O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
    O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe (Bitsum Technologies)
    O4 - HKLM..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\processlasso.exe (Bitsum Technologies)
    O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
    O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251314773281 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F197E4D-DAFD-4588-9ED7-B5D6B2B1B6D9}: DhcpNameServer = 192.168.1.1 184.16.33.54
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/22 00:36:41 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/25 20:03:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\OTL.exe
    [2011/11/25 19:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\Autoruns
    [2011/11/25 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\Cache
    [2011/11/24 08:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ProcessLasso
    [2011/11/24 08:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Process Lasso
    [2011/11/24 08:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\ProcessLasso
    [2011/11/24 08:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Process Lasso
    [2011/11/23 19:08:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\Recent
    [2011/11/11 12:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\111111
    [2011/11/07 13:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/11/07 13:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Simple Adblock
    [2011/10/28 12:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\viewscanbyid.aspx_files
    [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  18. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    ========== Files Created - No Company Name ==========

    [2011/11/25 17:14:13 | 000,577,930 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\Autoruns.zip
    [2011/11/21 08:08:40 | 000,035,831 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\signbot.gif
    [2011/11/19 07:27:17 | 000,013,917 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\my front yard.jpg
    [2011/11/19 07:10:21 | 000,948,203 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\my front yard.wmv
    [2011/11/11 12:18:07 | 000,020,797 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\stick of ram.jpg
    [2011/11/08 15:40:23 | 000,412,206 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\bookmarks.html
    [2011/10/31 13:01:11 | 000,796,772 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\diamondmax_10_product_manual_pata.pdf
    [2011/10/28 12:18:28 | 000,078,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\viewscanbyid.aspx.htm
    [2011/05/12 17:17:47 | 000,081,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/09/12 20:45:24 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/09/12 20:45:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2010/09/12 20:45:16 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/09/12 20:45:16 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/09/12 20:45:14 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/08/22 22:52:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2010/01/23 23:47:18 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\housecall.guid.cache
    [2010/01/13 17:52:15 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
    [2009/12/23 20:09:06 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0A7E249F04.sys
    [2009/12/23 20:09:05 | 000,002,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2009/12/11 02:12:55 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2009/09/13 21:34:18 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2009/08/23 00:18:45 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/22 11:55:55 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2009/08/22 00:40:15 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\fusioncache.dat
    [2009/08/22 00:34:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/08/22 00:34:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/08/22 00:34:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/08/22 00:34:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/08/22 00:34:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/08/22 00:34:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/07/25 00:00:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
    [2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
    [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2008/11/30 19:11:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
    [2008/02/29 23:04:35 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
    [2008/02/29 23:04:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
    [2008/02/29 23:04:09 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
    [2008/02/29 23:03:15 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2008/02/29 22:59:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\Brownie.ini
    [2007/12/17 11:34:21 | 000,000,240 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/11/24 10:08:08 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
    [2007/11/24 10:03:02 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
    [2007/11/24 10:02:58 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
    [2007/11/24 10:02:58 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
    [2007/11/24 10:02:40 | 000,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
    [2007/11/24 09:57:12 | 000,000,090 | ---- | C] () -- C:\WINDOWS\TestSupp.ini
    [2007/09/15 10:22:47 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
    [2007/05/08 17:12:46 | 000,000,246 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/04/27 23:00:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ORUN32.EXE
    [2006/12/26 18:59:44 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl01.dat
    [2006/12/26 17:37:51 | 000,000,269 | ---- | C] () -- C:\WINDOWS\hpqgrcpy.INI
    [2006/12/26 15:30:50 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2006/12/20 21:25:25 | 000,085,319 | ---- | C] () -- C:\WINDOWS\hpgins01.dat.temp
    [2006/12/20 21:25:25 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl01.dat.temp
    [2006/11/27 03:10:24 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
    [2006/11/19 14:50:27 | 000,085,319 | ---- | C] () -- C:\WINDOWS\hpgins01.dat
    [2006/11/11 17:28:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
    [2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/06/25 14:44:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2005/06/25 14:44:12 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
    [2005/06/25 14:43:54 | 000,016,211 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2005/05/27 23:32:05 | 000,000,638 | ---- | C] () -- C:\WINDOWS\tlknw6.ini
    [2005/01/25 15:34:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2004/09/10 15:16:36 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/09/10 15:16:36 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/09/10 15:16:32 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/09/10 15:16:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/09/10 15:16:19 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/09/10 15:15:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/09/10 15:15:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/09/10 15:15:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/09/10 15:14:35 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/09/03 14:56:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/09/02 23:33:49 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
    [2004/09/02 23:31:48 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
    [2004/09/02 23:29:30 | 000,025,995 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2004/09/02 23:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2004/09/02 23:17:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/09/02 22:41:07 | 000,094,364 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
    [2004/09/02 22:41:07 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
    [2004/09/02 22:33:01 | 000,104,140 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
    [2004/09/02 22:33:01 | 000,016,939 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
    [2004/09/02 22:22:04 | 000,089,076 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
    [2004/09/02 22:22:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
    [2004/09/02 22:13:14 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
    [2004/09/02 22:13:14 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
    [2004/09/02 22:05:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/09/02 22:02:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
    [2004/09/02 21:49:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
    [2004/09/02 21:49:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
    [2004/09/02 21:49:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
    [2004/09/02 21:21:43 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
    [2004/09/02 21:21:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
    [2004/09/02 21:21:11 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2004/09/02 20:52:23 | 000,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/09/02 20:50:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/09/02 20:41:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/09/02 20:25:54 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/09/02 20:24:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/09/02 20:24:45 | 000,459,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/09/02 20:24:44 | 000,079,496 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/09/02 13:34:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/09/02 13:33:45 | 000,380,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/06/29 04:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/06/07 17:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
    [2003/11/12 23:41:04 | 001,176,416 | ---- | C] () -- C:\Program Files\LOTR3.exe
    [2003/11/07 14:40:28 | 000,563,381 | ---- | C] () -- C:\Program Files\FrontMenu.jpg
    [2003/10/17 08:56:54 | 000,340,746 | ---- | C] () -- C:\Program Files\ASSav.scr
    [2003/10/09 13:57:10 | 000,562,406 | ---- | C] () -- C:\Program Files\Intro.jpg
    [2003/09/15 22:52:24 | 000,489,195 | ---- | C] () -- C:\Program Files\Credits.jpg
    [2003/08/28 10:03:24 | 000,048,862 | ---- | C] () -- C:\Program Files\FreLogo.jpg
    [2003/08/28 10:03:02 | 000,054,228 | ---- | C] () -- C:\Program Files\GerLogo.jpg
    [2003/08/28 10:02:28 | 000,050,193 | ---- | C] () -- C:\Program Files\ItaLogo.jpg
    [2003/08/28 10:01:40 | 000,050,515 | ---- | C] () -- C:\Program Files\SpaLogo.jpg
    [2003/06/10 09:58:58 | 000,540,054 | ---- | C] () -- C:\Program Files\frodomsk.bmp
    [2003/06/10 09:58:14 | 001,117,574 | ---- | C] () -- C:\Program Files\elvishtext.bmp
    [2003/05/15 20:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin
    [2003/03/06 21:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
    [2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2004/09/02 23:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
    [2011/08/11 13:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
    [2010/01/19 17:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011/11/17 11:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
    [2007/07/15 11:40:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2008/08/12 01:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
    [2010/01/07 00:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2004/09/02 23:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2011/07/09 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
    [2011/08/18 21:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2006/11/11 17:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
    [2006/11/27 03:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
    [2009/04/19 07:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2010/07/04 18:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
    [2006/01/07 03:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2011/11/24 08:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProcessLasso
    [2006/11/11 17:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2009/10/01 16:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
    [2011/08/12 10:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
    [2009/08/15 15:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2009/07/26 20:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2011/11/25 20:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2004/09/02 23:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
    [2011/11/25 20:15:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{16D795B5-B10F-44CB-946F-5CE8B23252FF}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A

    < End of report >
  19. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    I don't see it running....

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefond
      Alcxmntr*
      :regfind
      Alcxmntr*
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  20. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    Ok, will do so in the morning. Thanks for your patience.
  21. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    No problem :)
  22. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

    Just to let you know, I do see ALCXMNTR.EXE in my Mike Lins start up so if you still think I should UN check the box, I will. Thanks for your patience Broni
  23. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    You're very welcome [​IMG]
  24. learninmypc

    learninmypc TechSpot Evangelist Topic Starter Posts: 5,097   +223

  25. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    You can run scan I suggested so we can delete necessary items.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.