TechSpot

[Info] About Alcxmntr

By learninmypc
Nov 24, 2011
  1. As I was rebooting my pc the other day, an End Program box popped up with ALCXMNTR , it might of had .exe on it, I don't recall.
    Anyhow, I googled it & found this http://www.bleepingcomputer.com/startups/Alcxmntr.exe-245.html amongst other possibilities.

    I've run my scans , Mbam,SAS & Avast & they come up clean.
    Am I infected or not? :confused:
     
  2. Broni

    Broni Malware Annihilator Posts: 52,561   +340

    BC info is correct.
    You should disable it as a startup, but do NOT delete the file because you won't be able to update Real.
     
  3. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    Real as in Real Player? If so, I got rid of that a long time ago. If not that, how do I disable it? Thanks.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,561   +340

    In that case....

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
     
  5. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    When I double click it to run, a black ractangular box pops up & I can see words flying by & then it disappears. Where do I go to find it & post it??
     
  6. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    CLARIFICATION Please. In your instructions it says to "double click" it.
    When I got this computer, I set it up via Folder Options to "Single click", does that matter ?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,561   +340

    Try right click and "Open".
     
  8. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    Ok but first, which do I click on?
    [​IMG]
     
  9. Broni

    Broni Malware Annihilator Posts: 52,561   +340

    2nd one...autoruns.exe
     
  10. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    Thanks, will do so now & post back.
     
  11. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    Did that & got this
    [​IMG]

    Next ? :)
     
  12. Broni

    Broni Malware Annihilator Posts: 52,561   +340

    Did what exactly?
     
  13. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    Clicked on the 2nd one like you told me to & got that.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,561   +340

    I said RIGHT click and click "Open".
     
  15. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    Ok, I did that & got the same thing. I hope I'm not missing something. If I am,I'm sorry.

    [​IMG]
     
  16. Broni

    Broni Malware Annihilator Posts: 52,561   +340

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    OTL logfile created on: 11/25/2011 8:12:08 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.48 Mb Total Physical Memory | 200.04 Mb Available Physical Memory | 39.11% Memory free
    1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.20% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 179.89 Gb Total Space | 76.07 Gb Free Space | 42.29% Space Free | Partition Type: NTFS
    Drive D: | 6.40 Gb Total Space | 0.68 Gb Free Space | 10.68% Space Free | Partition Type: FAT32

    Computer Name: CYBER | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/25 20:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\OTL.exe
    PRC - [2011/11/24 03:15:54 | 000,617,488 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
    PRC - [2011/11/24 03:15:54 | 000,339,472 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
    PRC - [2011/10/10 07:32:12 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
    PRC - [2011/09/06 12:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/09/06 12:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/04/18 22:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
    PRC - [2011/04/07 13:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    PRC - [2011/01/24 12:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/25 11:35:27 | 001,619,456 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112501\algo.dll
    MOD - [2011/11/25 09:12:36 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112501\aswRep.dll
    MOD - [2011/02/04 17:48:32 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
    MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2010/09/08 10:00:00 | 003,849,216 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
    MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2005/08/05 13:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
    MOD - [2005/08/05 12:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
    MOD - [2002/09/23 21:11:24 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\hcwXDS.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/10/10 07:32:12 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
    SRV - [2011/09/06 12:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/04/18 22:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
    SRV - [2011/04/18 22:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2011/01/24 12:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/09/06 12:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/09/06 12:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/09/06 12:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/09/06 12:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/09/06 12:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/09/06 12:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/09/06 12:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/03/02 11:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
    DRV - [2011/01/17 08:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
    DRV - [2011/01/17 07:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
    DRV - [2011/01/12 09:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
    DRV - [2010/09/01 00:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2010/07/08 07:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
    DRV - [2009/03/04 01:30:14 | 000,709,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2006/04/05 01:46:30 | 000,163,840 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0250Dev.sys -- (V0250Dev)
    DRV - [2005/04/20 10:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/27 19:28:22 | 000,116,736 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2) Hauppauge WinTV PVR PCI II (26xxx)
    DRV - [2004/07/19 16:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2004/07/17 03:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2004/06/29 16:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2004/05/08 16:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2003/12/12 05:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
    DRV - [2003/09/19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003/07/18 15:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
    DRV - [2003/07/11 21:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
    DRV - [2002/10/04 16:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
    DRV - [2001/06/04 13:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [1999/09/10 04:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kirotv.com/
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 62 C7 FE 74 75 CC 01 [binary data]
    IE - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.kirotv.com/"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
    FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
    FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
    FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.5
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
    FF - prefs.js..extensions.enabledItems: lcdclock_bloodeye@gmail.com:0.4.2
    FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.2
    FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
    FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {e6c4c3ef-3d4d-42d6-8283-8da73c53a283}:2.5.1
    FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
    FF - prefs.js..keyword.URL: "http://www.google.com.my/search?q= "
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/09/06 18:46:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/22 10:52:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/22 12:32:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Components: C:\Program Files\SeaMonkey\components [2011/11/22 11:03:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2011/08/08 06:36:34 | 000,000,000 | ---D | M]

    [2009/10/30 23:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Extensions
    [2009/10/30 23:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
    [2011/07/28 12:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\ezk0nmcc.cyber\extensions
    [2011/07/28 12:15:59 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\ezk0nmcc.cyber\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/11/18 05:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\extensions
    [2011/11/08 08:28:16 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2011/11/17 17:37:50 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/11/17 08:33:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/01/13 19:53:25 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
    [2009/08/28 20:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Profiles\default\kbza1opp.slt\extensions
    [2009/08/28 20:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Profiles\default\kbza1opp.slt\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/11/24 07:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\SeaMonkey\Profiles\nobug08s.default\extensions
    [2011/11/17 17:39:54 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\SeaMonkey\Profiles\nobug08s.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2011/11/17 17:39:55 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\SeaMonkey\Profiles\nobug08s.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/11/17 17:39:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\SeaMonkey\Profiles\nobug08s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/06/08 10:28:19 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\SeaMonkey\Profiles\nobug08s.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
    [2009/11/14 01:27:44 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\searchplugins\GoogleFeed.xml
    [2009/08/24 15:42:17 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\Firefox\Profiles\w6iqtf69.default\searchplugins\webster.xml
    [2011/11/22 10:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.SEATTLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W6IQTF69.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.SEATTLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W6IQTF69.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.SEATTLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W6IQTF69.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.SEATTLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W6IQTF69.DEFAULT\EXTENSIONS\{E6C4C3EF-3D4D-42D6-8283-8DA73C53A283}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.SEATTLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W6IQTF69.DEFAULT\EXTENSIONS\OPTOUT@GOOGLE.COM.XPI
    [2011/09/06 18:46:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
    [2011/11/20 20:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/25 15:29:44 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2008/02/04 17:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
    [2007/02/26 12:44:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
    [2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/20 17:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
    CHR - plugin: SuperAdBlocker FireFox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
    CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: X-notifier (Gmail, Hotmail, Yahoo, AOL ...) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apebebenniibdlpbookhgelaghfnaonp\0.8.5_0\
    CHR - Extension: WOT = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.9_0\
    CHR - Extension: YouTube = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
    CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
    CHR - Extension: IBA Opt-out (by Google) = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.0_0\
    CHR - Extension: avast! WebRep = C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

    Hosts file not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {E1FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
    O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
    O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe (Bitsum Technologies)
    O4 - HKLM..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\processlasso.exe (Bitsum Technologies)
    O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
    O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1307928640-4091270434-1924496998-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251314773281 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F197E4D-DAFD-4588-9ED7-B5D6B2B1B6D9}: DhcpNameServer = 192.168.1.1 184.16.33.54
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/22 00:36:41 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/25 20:03:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\OTL.exe
    [2011/11/25 19:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\Autoruns
    [2011/11/25 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\Cache
    [2011/11/24 08:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ProcessLasso
    [2011/11/24 08:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Process Lasso
    [2011/11/24 08:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\Application Data\ProcessLasso
    [2011/11/24 08:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Process Lasso
    [2011/11/23 19:08:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\Recent
    [2011/11/11 12:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\111111
    [2011/11/07 13:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/11/07 13:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Simple Adblock
    [2011/10/28 12:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\viewscanbyid.aspx_files
    [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
  18. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    ========== Files Created - No Company Name ==========

    [2011/11/25 17:14:13 | 000,577,930 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\Autoruns.zip
    [2011/11/21 08:08:40 | 000,035,831 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\signbot.gif
    [2011/11/19 07:27:17 | 000,013,917 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\my front yard.jpg
    [2011/11/19 07:10:21 | 000,948,203 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\my front yard.wmv
    [2011/11/11 12:18:07 | 000,020,797 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\stick of ram.jpg
    [2011/11/08 15:40:23 | 000,412,206 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Desktop\bookmarks.html
    [2011/10/31 13:01:11 | 000,796,772 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\diamondmax_10_product_manual_pata.pdf
    [2011/10/28 12:18:28 | 000,078,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\My Documents\viewscanbyid.aspx.htm
    [2011/05/12 17:17:47 | 000,081,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/09/12 20:45:24 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/09/12 20:45:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2010/09/12 20:45:16 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/09/12 20:45:16 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/09/12 20:45:14 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/08/22 22:52:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2010/01/23 23:47:18 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\housecall.guid.cache
    [2010/01/13 17:52:15 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
    [2009/12/23 20:09:06 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0A7E249F04.sys
    [2009/12/23 20:09:05 | 000,002,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2009/12/11 02:12:55 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2009/09/13 21:34:18 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2009/08/23 00:18:45 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/22 11:55:55 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2009/08/22 00:40:15 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SEATTLE\Local Settings\Application Data\fusioncache.dat
    [2009/08/22 00:34:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/08/22 00:34:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/08/22 00:34:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/08/22 00:34:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/08/22 00:34:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/08/22 00:34:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/07/25 00:00:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
    [2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
    [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2008/11/30 19:11:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
    [2008/02/29 23:04:35 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
    [2008/02/29 23:04:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
    [2008/02/29 23:04:09 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
    [2008/02/29 23:03:15 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2008/02/29 22:59:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\Brownie.ini
    [2007/12/17 11:34:21 | 000,000,240 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/11/24 10:08:08 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
    [2007/11/24 10:03:02 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
    [2007/11/24 10:02:58 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
    [2007/11/24 10:02:58 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
    [2007/11/24 10:02:40 | 000,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
    [2007/11/24 09:57:12 | 000,000,090 | ---- | C] () -- C:\WINDOWS\TestSupp.ini
    [2007/09/15 10:22:47 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
    [2007/05/08 17:12:46 | 000,000,246 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/04/27 23:00:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ORUN32.EXE
    [2006/12/26 18:59:44 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl01.dat
    [2006/12/26 17:37:51 | 000,000,269 | ---- | C] () -- C:\WINDOWS\hpqgrcpy.INI
    [2006/12/26 15:30:50 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2006/12/20 21:25:25 | 000,085,319 | ---- | C] () -- C:\WINDOWS\hpgins01.dat.temp
    [2006/12/20 21:25:25 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl01.dat.temp
    [2006/11/27 03:10:24 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
    [2006/11/19 14:50:27 | 000,085,319 | ---- | C] () -- C:\WINDOWS\hpgins01.dat
    [2006/11/11 17:28:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
    [2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/06/25 14:44:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2005/06/25 14:44:12 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
    [2005/06/25 14:43:54 | 000,016,211 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2005/05/27 23:32:05 | 000,000,638 | ---- | C] () -- C:\WINDOWS\tlknw6.ini
    [2005/01/25 15:34:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2004/09/10 15:16:36 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/09/10 15:16:36 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/09/10 15:16:32 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/09/10 15:16:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/09/10 15:16:19 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/09/10 15:15:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/09/10 15:15:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/09/10 15:15:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/09/10 15:14:35 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/09/03 14:56:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/09/02 23:33:49 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
    [2004/09/02 23:31:48 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
    [2004/09/02 23:29:30 | 000,025,995 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2004/09/02 23:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2004/09/02 23:17:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/09/02 22:41:07 | 000,094,364 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
    [2004/09/02 22:41:07 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
    [2004/09/02 22:33:01 | 000,104,140 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
    [2004/09/02 22:33:01 | 000,016,939 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
    [2004/09/02 22:22:04 | 000,089,076 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
    [2004/09/02 22:22:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
    [2004/09/02 22:13:14 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
    [2004/09/02 22:13:14 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
    [2004/09/02 22:05:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/09/02 22:02:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
    [2004/09/02 21:49:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
    [2004/09/02 21:49:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
    [2004/09/02 21:49:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
    [2004/09/02 21:21:43 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
    [2004/09/02 21:21:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
    [2004/09/02 21:21:11 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2004/09/02 20:52:23 | 000,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/09/02 20:50:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/09/02 20:41:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/09/02 20:25:54 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/09/02 20:24:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/09/02 20:24:45 | 000,459,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/09/02 20:24:44 | 000,079,496 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/09/02 13:34:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/09/02 13:33:45 | 000,380,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/06/29 04:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/06/07 17:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
    [2003/11/12 23:41:04 | 001,176,416 | ---- | C] () -- C:\Program Files\LOTR3.exe
    [2003/11/07 14:40:28 | 000,563,381 | ---- | C] () -- C:\Program Files\FrontMenu.jpg
    [2003/10/17 08:56:54 | 000,340,746 | ---- | C] () -- C:\Program Files\ASSav.scr
    [2003/10/09 13:57:10 | 000,562,406 | ---- | C] () -- C:\Program Files\Intro.jpg
    [2003/09/15 22:52:24 | 000,489,195 | ---- | C] () -- C:\Program Files\Credits.jpg
    [2003/08/28 10:03:24 | 000,048,862 | ---- | C] () -- C:\Program Files\FreLogo.jpg
    [2003/08/28 10:03:02 | 000,054,228 | ---- | C] () -- C:\Program Files\GerLogo.jpg
    [2003/08/28 10:02:28 | 000,050,193 | ---- | C] () -- C:\Program Files\ItaLogo.jpg
    [2003/08/28 10:01:40 | 000,050,515 | ---- | C] () -- C:\Program Files\SpaLogo.jpg
    [2003/06/10 09:58:58 | 000,540,054 | ---- | C] () -- C:\Program Files\frodomsk.bmp
    [2003/06/10 09:58:14 | 001,117,574 | ---- | C] () -- C:\Program Files\elvishtext.bmp
    [2003/05/15 20:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin
    [2003/03/06 21:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
    [2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2004/09/02 23:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
    [2011/08/11 13:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
    [2010/01/19 17:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011/11/17 11:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
    [2007/07/15 11:40:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2008/08/12 01:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
    [2010/01/07 00:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2004/09/02 23:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2011/07/09 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
    [2011/08/18 21:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2006/11/11 17:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
    [2006/11/27 03:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
    [2009/04/19 07:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2010/07/04 18:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
    [2006/01/07 03:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2011/11/24 08:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProcessLasso
    [2006/11/11 17:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2009/10/01 16:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
    [2011/08/12 10:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
    [2009/08/15 15:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2009/07/26 20:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2011/11/25 20:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2004/09/02 23:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
    [2011/11/25 20:15:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{16D795B5-B10F-44CB-946F-5CE8B23252FF}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A

    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,561   +340

    I don't see it running....

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefond
      Alcxmntr*
      :regfind
      Alcxmntr*
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  20. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    Ok, will do so in the morning. Thanks for your patience.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,561   +340

    No problem :)
     
  22. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

    Just to let you know, I do see ALCXMNTR.EXE in my Mike Lins start up so if you still think I should UN check the box, I will. Thanks for your patience Broni
     
  23. Broni

    Broni Malware Annihilator Posts: 52,561   +340

    You're very welcome [​IMG]
     
  24. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,352   +327

  25. Broni

    Broni Malware Annihilator Posts: 52,561   +340

    You can run scan I suggested so we can delete necessary items.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...