Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Log Please Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My Log Please Help

Unread postby forgivenred » May 2nd, 2009, 10:19 pm

Here's my log please help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:58 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\MEG~1.ACE\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa150
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa150
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa150
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 8844 bytes



Thanks for the help!
forgivenred
Active Member
 
Posts: 4
Joined: May 2nd, 2009, 10:09 pm
Advertisement
Register to Remove

Re: My Log Please Help

Unread postby hottroc » May 4th, 2009, 6:42 pm

-----------------------------------------------------------
Malware Removal forum

Hi, Thank you for posting your HijackThis log and welcome to the forum. My name is hottroc and I am going to be helping you to remove any malicious infections from your system.

I shall examine your log and get back to you as soon as possible with further instructions.

I am currently still in training here so all my instructions to you will be double-checked by an expert before posting. This means there will be a small extra delay which I apologise for but please bear with us.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: My Log Please Help

Unread postby forgivenred » May 8th, 2009, 3:53 pm

Thank you hottroc, I appreciate any help that you can give me. If it helps any, the specific name of the virus is "Trojan.Generic.1608309"
forgivenred
Active Member
 
Posts: 4
Joined: May 2nd, 2009, 10:09 pm

Re: My Log Please Help

Unread postby hottroc » May 9th, 2009, 7:28 am

Hi, thanks for your patience, I am very sorry about the long delay. From an initial look I can see only some minor issues but just to be sure I think we will look a little deeper. Please follow these instructions:

  1. Please download OTViewIt by OldTimer and save it to your Desktop.
  2. Close all applications and windows.
  3. Double-click on the OTViewIt.exeto start OTViewIt.
  4. Place a checkmark in the blue-colored "Scan All Users" checkbox.
  5. Click the blue Run Scan button.
  6. OTViewIt will now start its scan.
  7. When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
  8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.


Also it appears as though you have 2 antivirus products on your system, BitDefender and AVG. Can you confirm this? Are they both up-to-date? It is not recommended to have 2 running at the same time as they can cause conflicts and other problems. I would recommend you to uninstall one and make sure the other is fully updated.

The name of the virus you quoted, where was this seen please? It sounds like a file found by the heuristics system which can sometimes be a little overcautious but the above scan will hopefully show me anything present. Are you having any particular problems with your system?
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: My Log Please Help

Unread postby hottroc » May 13th, 2009, 5:53 am

Hi, I haven't heard from you for a few days now. Please respond to the topic within the next 24 hours or the topic will be closed. Thanks.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: My Log Please Help

Unread postby forgivenred » May 13th, 2009, 10:20 am

Sorry for the delay. Here are the contents of OTViewIt.Txt:

OTViewIt logfile created on: 5/13/2009 9:13:01 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.88 Mb Total Physical Memory | 562.73 Mb Available Physical Memory | 55.61% Memory free
2.37 Gb Paging File | 1.97 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.91 Gb Total Space | 91.70 Gb Free Space | 85.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-6E40E97492
Current User Name: Meg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== Processes ==========

[2009/04/01 10:26:54 | 00,415,024 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
[2009/04/01 10:26:43 | 01,626,112 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[2008/02/28 02:00:20 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2008/02/28 02:00:04 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2008/02/28 02:00:14 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2008/05/16 01:39:00 | 16,862,720 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2008/04/24 20:32:08 | 01,044,480 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2007/07/05 13:35:54 | 00,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
[2008/02/28 02:00:16 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2008/06/10 05:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2009/04/28 09:28:56 | 00,778,240 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
[2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2009/04/28 09:28:56 | 00,438,272 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
[2008/07/08 18:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
[2008/06/04 20:10:02 | 00,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[2008/08/15 12:58:44 | 00,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Meg.ACER-6E40E97492\Local Settings\Temp\RtkBtMnt.exe
[2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/06/10 05:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
[2009/05/12 12:55:46 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\OTViewIt.exe
[2008/04/14 22:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE

========== (O23) Win32 Services ==========

[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/07/17 13:06:56 | 00,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
[2004/07/15 03:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/07/31 17:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
[2009/04/01 10:26:54 | 00,415,024 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
[2007/08/24 05:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (SiteAdvisor Service [Auto | Stopped])
[2009/04/01 10:26:43 | 01,626,112 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV [Auto | Running])

========== Driver Services ==========

[2008/04/14 22:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/14 02:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Boot | Running])
[2008/05/20 19:31:26 | 01,312,576 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416 [On_Demand | Running])
[2008/04/14 22:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2008/04/14 22:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
File not found -- -- (Avg7RsW [Disabled | Running])
[2008/09/18 12:09:12 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm [On_Demand | Running])
[2008/12/10 20:42:46 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
[2009/03/25 18:20:39 | 00,137,224 | ---- | M] (BitDefender LLC) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
[2009/04/03 13:13:02 | 00,008,832 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
[2008/04/14 22:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2008/04/14 22:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
[2008/04/14 22:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/02/15 00:12:06 | 05,854,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])
[2008/05/20 04:53:00 | 04,800,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/07/07 20:16:26 | 00,096,856 | ---- | M] (JMicron Technology Corporation) -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR [On_Demand | Stopped])
[2008/04/14 22:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2008/09/02 14:32:06 | 00,013,056 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Running])
[2008/04/14 22:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/07/31 17:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/04/14 22:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2008/04/14 22:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2008/04/14 22:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2008/06/30 22:27:44 | 00,108,800 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
[2008/04/14 22:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/14 02:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Boot | Running])
[2007/10/01 15:59:46 | 01,769,984 | ---- | M] () -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])
[2008/04/14 22:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2008/04/14 22:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2008/04/14 22:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2008/04/14 22:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2008/04/14 22:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2008/04/24 20:17:10 | 00,225,024 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2009/04/18 18:38:12 | 00,039,808 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Running])
[2008/04/14 22:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 19:06:40 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0109&m=aoa150
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0109&m=aoa150
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0109&m=aoa150

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3608563885-1456529303-1442883288-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0109&m=aoa150
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0109&m=aoa150

[HKEY_USERS\S-1-5-21-3608563885-1456529303-1442883288-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3608563885-1456529303-1442883288-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{089FD14D-132B-48FC-8861-0048AE113215} (HKLM) -- C:\Program Files\SiteAdvisor\6172\SiteAdv.dll File not found
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" (HKLM) -- C:\Program Files\SiteAdvisor\6172\SiteAdv.dll File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}" (HKLM) -- C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.)
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender)
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LaunchApp"=Alaunch (Acer Inc.)
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"PLFSetL"=C:\WINDOWS\PLFSetL.exe (sonix)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)

[HKEY_USERS\S-1-5-21-3608563885-1456529303-1442883288-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)

========== (O4) Startup Folders ==========

File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
[2008/06/04 20:10:02 | 00,114,688 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3608563885-1456529303-1442883288-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 17:33:03 | 03,751,995 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2007/10/05 22:37:38 | 17,927,192 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 17:33:03 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 17:33:03 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-3608563885-1456529303-1442883288-1006\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\WINDOWS\system32\GPhotos.scr [2009/01/05 17:33:03 | 03,751,995 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2007/10/05 22:37:38 | 17,927,192 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 05:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/08/29 02:49:28 | 00,606,120 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/08/29 02:49:28 | 00,606,120 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 22:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/14 22:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 07:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 07:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/08/29 02:49:28 | 00,606,120 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 22:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 22:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 07:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3608563885-1456529303-1442883288-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/08/29 02:49:28 | 00,606,120 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 22:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 22:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 07:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{0947A1B9-B090-4890-9D9D-BFAC89AAE0B0} (Servers: | Description: Realtek RTL8102E Family PCI-E Fast Ethernet NIC)
{131946CA-AE48-4D3D-89A5-2F0C7FCFB534} (Servers: | Description: )
{32C708AF-AF5A-4F2D-9BA6-D1F2C5856E1C} (Servers: | Description: Atheros AR5007EG Wireless Network Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/08/15 12:37:44 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 90 Days ==========

[2009/05/12 12:55:43 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\OTViewIt.exe
[2009/05/10 17:24:39 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/05/10 15:37:58 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\mormon.doc
[2009/05/03 15:17:07 | 06,264,217 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\The La's - BBC In Session - 2008 - 06 - The La's - There She Goes (May 31, 1988 Session).mp3
[2009/05/03 15:17:07 | 00,198,144 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\writing_style_guide.doc
[2009/05/03 15:17:07 | 00,169,472 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\TaxReturn(3).pdf
[2009/05/03 15:17:07 | 00,166,028 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\TaxReturn(2).pdf
[2009/05/03 15:17:07 | 00,078,678 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\TaxReturn.pdf
[2009/05/03 15:17:07 | 00,065,271 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\TaxReturn(4).pdf
[2009/05/03 15:17:07 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\springfield to denver april 8 to april 14.doc
[2009/05/03 15:17:07 | 00,009,188 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Trial Play.odt
[2009/05/03 15:17:07 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Windows Media Player.lnk
[2009/05/03 15:17:06 | 00,049,471 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Sandi Meg Hat.jpg
[2009/05/03 15:17:06 | 00,039,230 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Sandi Meg Court.jpg
[2009/05/03 15:17:06 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\PSY book Review.doc
[2009/05/03 15:17:06 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\psy ppr.doc
[2009/05/03 15:17:06 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\sell for mom and pop.doc
[2009/05/03 15:17:06 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Psy Communication.doc
[2009/05/03 15:17:06 | 00,015,478 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\songs to download.odt
[2009/05/03 15:17:06 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Rental Application.doc
[2009/05/03 15:17:06 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Psychology Thought Paper 2.wps
[2009/05/03 15:17:06 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\sports psychology thought ppr 2.doc
[2009/05/03 15:17:06 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Registry Mechanic.lnk
[2009/05/03 15:16:59 | 14,935,3184 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe
[2009/05/03 15:16:59 | 03,088,505 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Sandi Rock Climbing 2.jpg
[2009/05/03 15:16:59 | 02,856,710 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Sandi Rock Climbing 1.jpg
[2009/05/03 15:16:59 | 00,105,307 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Red Leaf.jpg
[2009/05/03 15:16:59 | 00,086,016 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Online_Employment_Application_james river.doc
[2009/05/03 15:16:59 | 00,061,146 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Sandi Wedding.jpg
[2009/05/03 15:16:59 | 00,033,942 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\meg iulian cropped.jpg
[2009/05/03 15:16:59 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Wingard Resume.doc
[2009/05/03 15:16:59 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\mike's view on Christian homosexuals.doc
[2009/05/03 15:16:59 | 00,015,660 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Wingard Resume.docx
[2009/05/03 15:16:59 | 00,001,606 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Mozilla Firefox.lnk
[2009/05/03 15:16:58 | 03,912,212 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Court Rock Climbing 3.jpg
[2009/05/03 15:16:58 | 03,541,102 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Court Rock Climbing 2.jpg
[2009/05/03 15:16:58 | 01,584,247 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Court Rock Climbing 1.jpg
[2009/05/03 15:16:58 | 00,899,665 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\i1040ez instructions.pdf
[2009/05/03 15:16:58 | 00,111,702 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\FTF1239826624877.pdf
[2009/05/03 15:16:58 | 00,086,016 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\JRA application.doc
[2009/05/03 15:16:58 | 00,080,771 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Heather Height.jpg
[2009/05/03 15:16:58 | 00,072,446 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Karen's Wedding.jpg
[2009/05/03 15:16:58 | 00,055,799 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Cowboy Hat.jpg
[2009/05/03 15:16:58 | 00,047,493 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Iulian.jpg
[2009/05/03 15:16:58 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Holocaust Notes 3 Feb 09.doc
[2009/05/03 15:16:58 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Holocaust Notes 17 Feb 09.doc
[2009/05/03 15:16:58 | 00,031,244 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg and Sandi Bowling.jpg
[2009/05/03 15:16:58 | 00,004,222 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\maggie.jpg
[2009/05/03 15:16:58 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\iTunes.lnk
[2009/05/03 15:16:57 | 00,211,008 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\f1040ez.pdf
[2009/05/03 15:16:57 | 00,066,975 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\FTF1239826211821.pdf
[2009/05/03 15:16:57 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\FAFSA.doc
[2009/05/03 15:16:56 | 05,722,648 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\emusic_fx_bundle.exe
[2009/05/03 15:16:54 | 00,048,064 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Dawn.jpg
[2009/05/03 15:16:54 | 00,015,519 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Courtney Ropp-Resume.docx
[2009/05/03 15:16:54 | 00,015,380 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Courtney Ropp-Resume(2).docx
[2009/05/03 15:16:54 | 00,011,068 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\cover letter_BGT.docx
[2009/05/03 15:16:54 | 00,001,867 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\BitDefender Antivirus 2009.lnk
[2009/05/03 15:16:53 | 00,062,888 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\300px-Battle_of_Wilsons_Creek.png
[2009/05/03 15:16:53 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Arousal PPR.doc
[2009/05/03 15:16:53 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\15 april 09.doc
[2009/05/03 15:16:53 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\08 April 09 Notes.doc
[2009/05/03 15:16:53 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\30 march 09 notes.doc
[2009/05/03 15:16:53 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\22 April 09.doc
[2009/05/03 15:16:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Worship Theology
[2009/05/03 15:16:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Sports Psy
[2009/05/03 15:16:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Short Hair
[2009/05/03 15:16:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\ROTC 212
[2009/05/03 15:16:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\ROTC 102
[2009/05/03 15:16:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Psychology of Sports and Physical Education
[2009/05/03 15:16:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Organizatonal Management
[2009/05/03 15:14:49 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\My Pictures
[2009/05/03 15:14:26 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\My eMusic
[2009/05/03 15:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Holocaust
[2009/05/03 09:36:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Worship Theology Week 6&7
[2009/05/02 19:47:45 | 00,001,681 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\HijackThis.lnk
[2009/05/02 19:47:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\New Folder
[2009/05/02 16:38:12 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/05/02 16:37:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\Application Data\Elluminate
[2009/04/19 20:04:18 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2009/04/18 18:28:14 | 00,000,132 | ---- | C] () -- C:\httpdwl.dat
[2009/04/03 15:16:56 | 06,264,217 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\The La's - BBC In Session - 2008 - 06 - The La's - There She Goes (May 31, 1988 Session).mp3
[2009/04/02 23:41:32 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/04/02 18:16:47 | 00,000,000 | RH-D | C] -- C:\$VAULT$.AVG
[2009/03/28 18:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\Local Settings\Application Data\eMusic
[2009/03/28 18:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\Application Data\eMusic
[2009/03/28 18:46:24 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\My eMusic
[2009/03/28 18:46:20 | 00,000,000 | ---D | C] -- C:\Program Files\eMusic Download Manager
[2009/03/28 18:44:45 | 05,722,648 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\emusic_fx_bundle.exe
[2009/03/24 21:40:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\Application Data\Apple Computer
[2009/03/24 21:40:25 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\iTunes.lnk
[2009/03/24 21:39:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/24 21:38:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\Local Settings\Application Data\Apple
[2009/03/24 21:37:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/03/24 21:36:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\Local Settings\Application Data\Apple Computer
[2009/03/10 18:45:21 | 00,198,144 | ---- | C] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\writing_style_guide.doc
[2009/03/08 18:30:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\Application Data\AVG7
[2009/03/08 18:30:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg7
[2009/03/05 20:16:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\Application Data\Move Networks
[2009/03/03 21:28:19 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/03/03 21:22:14 | 00,001,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus 2009.lnk
[2009/03/03 21:22:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\Application Data\BitDefender
[2009/02/23 13:03:54 | 00,001,048 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/02/18 20:20:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Meg.ACER-6E40E97492\Application Data\CiscoCAA
[2009/02/18 20:20:43 | 00,001,962 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
[2009/02/18 20:20:43 | 00,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clean Access Agent.lnk
[2009/02/18 20:20:35 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2009/02/18 20:18:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

========== Files - Modified Within 90 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/05/12 12:55:46 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\OTViewIt.exe
[2009/05/12 12:55:23 | 00,001,048 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/05/10 17:32:23 | 00,474,002 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/10 17:32:23 | 00,403,850 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/10 17:32:23 | 00,063,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/10 17:25:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/10 17:25:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/10 17:25:21 | 10,611,05664 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/10 15:42:56 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/05/10 15:40:40 | 05,359,544 | -H-- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Local Settings\Application Data\IconCache.db
[2009/05/10 15:38:01 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\mormon.doc
[2009/05/05 15:19:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/02 22:50:39 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/05/02 19:47:45 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\HijackThis.lnk
[2009/05/02 13:24:16 | 00,114,176 | -HS- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Thumbs.db:encryptable
[2009/04/26 11:19:06 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\iTunes.lnk
[2009/04/22 09:42:18 | 00,013,312 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\22 April 09.doc
[2009/04/20 14:09:19 | 00,064,768 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/20 14:08:22 | 00,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/19 20:04:18 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2009/04/19 12:31:02 | 14,935,3184 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe
[2009/04/18 18:28:14 | 00,000,132 | ---- | M] () -- C:\httpdwl.dat
[2009/04/18 18:10:42 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/17 09:30:26 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\iTunes.lnk
[2009/04/15 21:00:40 | 00,065,271 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\TaxReturn(4).pdf
[2009/04/15 19:41:32 | 00,169,472 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\TaxReturn(3).pdf
[2009/04/15 19:38:12 | 00,166,028 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\TaxReturn(2).pdf
[2009/04/15 15:17:10 | 00,111,702 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\FTF1239826624877.pdf
[2009/04/15 15:10:20 | 00,066,975 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\FTF1239826211821.pdf
[2009/04/15 09:29:26 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\15 april 09.doc
[2009/04/11 15:07:20 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\sell for mom and pop.doc
[2009/04/10 01:09:02 | 00,078,678 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\TaxReturn.pdf
[2009/04/08 09:45:00 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\08 April 09 Notes.doc
[2009/04/06 07:36:10 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\mike's view on Christian homosexuals.doc
[2009/04/06 00:24:00 | 06,264,217 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\The La's - BBC In Session - 2008 - 06 - The La's - There She Goes (May 31, 1988 Session).mp3
[2009/04/06 00:23:59 | 06,264,217 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\The La's - BBC In Session - 2008 - 06 - The La's - There She Goes (May 31, 1988 Session).mp3
[2009/04/05 19:43:00 | 00,004,222 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\maggie.jpg
[2009/04/02 23:41:40 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Windows Media Player.lnk
[2009/04/02 23:41:39 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\Windows Media Player.lnk
[2009/04/01 21:55:12 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\FAFSA.doc
[2009/04/01 17:33:40 | 00,062,888 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\300px-Battle_of_Wilsons_Creek.png
[2009/04/01 08:41:12 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\30 march 09 notes.doc
[2009/03/30 01:15:54 | 00,048,064 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Dawn.jpg
[2009/03/29 10:16:02 | 00,009,188 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Trial Play.odt
[2009/03/28 18:45:42 | 05,722,648 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\emusic_fx_bundle.exe
[2009/03/28 18:45:41 | 05,722,648 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\emusic_fx_bundle.exe
[2009/03/27 11:32:14 | 00,015,478 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\songs to download.odt
[2009/03/24 20:04:24 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Rental Application.doc
[2009/03/10 18:45:24 | 00,198,144 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\writing_style_guide.doc
[2009/03/10 18:45:24 | 00,198,144 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop\writing_style_guide.doc
[2009/03/08 18:25:52 | 00,001,962 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
[2009/03/08 18:25:52 | 00,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clean Access Agent.lnk
[2009/03/07 20:18:12 | 00,899,665 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\i1040ez instructions.pdf
[2009/03/07 20:12:42 | 00,211,008 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\f1040ez.pdf
[2009/03/07 19:09:42 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\springfield to denver april 8 to april 14.doc
[2009/03/03 21:22:16 | 00,001,867 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\BitDefender Antivirus 2009.lnk
[2009/03/03 21:22:14 | 00,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus 2009.lnk
[2009/03/02 21:09:12 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Arousal PPR.doc
[2009/03/02 20:16:26 | 00,080,771 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Heather Height.jpg
[2009/03/02 14:06:16 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\Application Data\wklnhst.dat
[2009/02/28 17:57:34 | 00,072,446 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Karen's Wedding.jpg
[2009/02/28 13:07:00 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Psy Communication.doc
[2009/02/23 01:57:34 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\PSY book Review.doc
[2009/02/21 22:59:04 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Holocaust Notes 3 Feb 09.doc
[2009/02/21 22:07:44 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Wingard Resume.doc
[2009/02/21 22:07:32 | 00,015,660 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg Wingard Resume.docx
[2009/02/21 00:26:44 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\psy ppr.doc
[2009/02/18 20:50:08 | 00,031,244 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Meg and Sandi Bowling.jpg
[2009/02/17 20:25:06 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\Holocaust Notes 17 Feb 09.doc
< End of report >



And here are the contents of Extras.Txt:

OTViewIt Extras logfile created on: 5/13/2009 9:13:01 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Meg.ACER-6E40E97492\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.88 Mb Total Physical Memory | 562.73 Mb Available Physical Memory | 55.61% Memory free
2.37 Gb Paging File | 1.97 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.91 Gb Total Space | 91.70 Gb Free Space | 85.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-6E40E97492
Current User Name: Meg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 22:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 22:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 22:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 22:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/08/29 01:43:30 | 01,022,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/03/12 20:56:54 | 13,498,664 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/06/10 02:21:04 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/29 01:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/29 01:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/29 01:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 15:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 11:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
File not found C:\Program Files\SiteAdvisor\6172\SiteAdv.dll (siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 23:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{04010300-6D72-4D54-8686-91D884A27B5C}"=Cisco Clean Access Agent
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{162B71B8-8464-4680-A086-601D555B331D}"=Apple Mobile Device Support
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{28006915-2739-4EBE-B5E8-49B25D32EB33}"=Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{5744C55E-8FC2-41ED-A91B-65F95732524C}"=BitDefender Antivirus 2009
"{69333A04-5134-40A5-A055-9166A7AA1EC8}"=
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}"=iTunes
"{C9BED750-1211-4480-B1A5-718A3BE15525}"=REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}"=Microsoft Office Suite Activation Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}"=InterVideo Register Manager
"{F44DA61E-720D-4E79-871F-F6E628B33242}"=OpenOffice.org 3.0
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"eMusic Download Manager"=eMusic Download Manager 4.1.1
"HDMI"=Intel(R) Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.8)"=Mozilla Firefox (3.0.8)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Picasa 3"=Picasa 3
"Registry Mechanic_is1"=Registry Mechanic 8.0
"SynTPDeinstKey"=Synaptics Pointing Device Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3608563885-1456529303-1442883288-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2009 6:15:02 PM | Computer Name = ACER-6E40E97492 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/24/2009 6:15:02 PM | Computer Name = ACER-6E40E97492 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/24/2009 6:15:02 PM | Computer Name = ACER-6E40E97492 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/24/2009 9:34:02 PM | Computer Name = ACER-6E40E97492 | Source = McLogEvent | ID = 5022
Description =

Error - 2/25/2009 4:55:08 PM | Computer Name = ACER-6E40E97492 | Source = McLogEvent | ID = 5022
Description =

Error - 2/26/2009 2:03:29 AM | Computer Name = ACER-6E40E97492 | Source = McLogEvent | ID = 5022
Description =

Error - 2/26/2009 2:32:51 AM | Computer Name = ACER-6E40E97492 | Source = McLogEvent | ID = 5022
Description =

Error - 2/26/2009 12:12:17 PM | Computer Name = ACER-6E40E97492 | Source = McLogEvent | ID = 5022
Description =

Error - 2/28/2009 6:14:40 PM | Computer Name = ACER-6E40E97492 | Source = McLogEvent | ID = 5022
Description =

Error - 3/2/2009 7:05:19 PM | Computer Name = ACER-6E40E97492 | Source = McLogEvent | ID = 5022
Description =

[ System Events ]
Error - 5/2/2009 2:40:07 PM | Computer Name = ACER-6E40E97492 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 5/2/2009 5:12:11 PM | Computer Name = ACER-6E40E97492 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 5/2/2009 11:50:09 PM | Computer Name = ACER-6E40E97492 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 5/2/2009 11:52:49 PM | Computer Name = ACER-6E40E97492 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 5/7/2009 1:17:59 PM | Computer Name = ACER-6E40E97492 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.124 for the Network Card with network
address 00234D716739 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/7/2009 11:28:17 PM | Computer Name = ACER-6E40E97492 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 5/7/2009 11:31:26 PM | Computer Name = ACER-6E40E97492 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 5/10/2009 10:18:42 AM | Computer Name = ACER-6E40E97492 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 5/10/2009 4:40:22 PM | Computer Name = ACER-6E40E97492 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 5/10/2009 4:42:50 PM | Computer Name = ACER-6E40E97492 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.


< End of report >



Yes, I did have two anti-virus programs. Since reading your post I have deleted the AVG and now only have BitDefender. I found the virus after a BitDefender scan. It said that it was found in my volume.
forgivenred
Active Member
 
Posts: 4
Joined: May 2nd, 2009, 10:09 pm

Re: My Log Please Help

Unread postby hottroc » May 15th, 2009, 4:22 am

Thanks for that, I have checked through the log.

This file exhibits certain behaviour that some people consider malicious:


ALCMTR.EXE


...so we will remove it unless you really need it.


-----------------------------------------------------------
Fix with HJT

Open up Hijackthis.
Click on Do a system scan only.
Place a checkmark next to this line.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.


-----------------------------------------------------------
Online Virus Scan


Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. You will be prompted to install an application from Kaspersky. Click Run.
  3. It will start downloading and installing the scanner and virus definitions.
  4. When the downloads have finished, click on Settings.
  5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives and Mail bases

      [/b]
  6. Click on My Computer under Scan.
  7. Go and make a cup of tea, it could be some time
  8. Once the scan is complete, it will display the results. Click on View Scan Report.
  9. You will see a list of infected items there. Click on Save Report As....
  10. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  11. Please post this log in your next reply along with a fresh HijackThis log.




Now regarding the few Event log errors at the end of your previous OTViewIt scan....

Right-click your C: drive icon , choose Properties...Tools tab then choose Check Now to run the chkdsk utility on the volume C:.

Then to help resolve the other errors please read these links with instructions for solving those errors:


http://www.eventid.net/display.asp?eventid=5022&eventno=3414&source=McLogEvent&phase=1
http://www.windowsbbs.com/windows-xp/47229-problems-shutdown-reboot-logoff-dcom-automatic-updates.html
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: My Log Please Help

Unread postby forgivenred » May 17th, 2009, 5:02 pm

Here's the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:37 PM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\MEG~1.ACE\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Meg.ACER-6E40E97492\My Documents\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa150
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa150
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa150
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 7789 bytes





Here's the virus scan log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, May 17, 2009 05:34:26
Records in database: 2187227
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\

Scan statistics:
Files scanned: 58667
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:44:50

No malware has been detected. The scan area is clean.

The selected area was scanned.
forgivenred
Active Member
 
Posts: 4
Joined: May 2nd, 2009, 10:09 pm

Re: My Log Please Help

Unread postby hottroc » May 18th, 2009, 4:37 am

Congratulations, the log looks good, your system appears CLEAN. Are you experiencing any problems? If not then please read on for some prevention advice....


It's a good idea to reset your Restore Points in case they have been infected in the past.

Note: This will remove all previous Restore Points

***Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer.

***Turn System Restore back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Click Start.... My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab
This time select the: Restore Defaults
Select: Apply, and click OK


Go here to update your Java software.
Your download should start automatically in a few seconds. If not, click the the link that says "click here to start the download".
Note: You might need to click the yellow warning bar at the top of the browser window to show the installation.

Click Install to start the installation process when the dialogue box appears.
After reading the license agreement, click the Accept button to accept its terms and to continue with the installation.We recommend that you keep the default settings then click the Next button to continue with the installation.
Once the installation is successfully completed, you will see the Verify Installation page where you can verify your Java version installation.
NOTE: You may need to restart (close and re-open) your browser to enable the Java installation.

Make sure you uninstall any older versions using Add/Remove Programs from Control Panel as older versions are known to contain security vulnerabilities.


If you dont have these programs I would recommend that you get them.
Spywareblaster <http://www.javacoolsoftware.com/spywareblaster.html>,
Spywareguard <http://www.javacoolsoftware.com/spywareguard.html> and
They will add 1000's of sites to your resticted zone and block some hijacks from happening.

It is critical to have both a firewall and anti virus to protect your system. Can you confirm if your Bitdefender AV includes the Bullguard Firewall? If it doesn't then let me know as I can advise on a free firewall for you. Also make sure you keep both updated regularly.

Keep your system up to date at Windows Update and run Spybot, once a week and hopefully you will be ok from here on. It is available from http://www.spybot.com.

Update Non-Microsoft Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the >Secunia Software Inspector< - I suggest that you run it at least once a month.

Safe Surfing.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: My Log Please Help

Unread postby hottroc » May 23rd, 2009, 5:06 am

Hi, are you all sorted now? If no further response this topic will be closed within 3 days.
Regards,
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: My Log Please Help

Unread postby NonSuch » May 28th, 2009, 9:13 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 306 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware