Ok here is my rooter log, I'll be posting the others as soon as I do them:
-Comedian does not work for me. AVG also pops up, the program stops responding, and AVG reports that I have to heal a trojan.
-Malwarebytes log:
Malwarebytes' Anti-Malware 1.41
Database version: 2862
Windows 6.0.6002 Service Pack 2
26/09/2009 17:55:13
mbam-log-2009-09-26 (17-55-13).txt
Scan type: Quick Scan
Objects scanned: 86353
Time elapsed: 3 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.3 (en-GB)
.
C:\ [Fixed-NTFS] .. ( Total:226 Go - Free:162 Go )
D:\ [Fixed-NTFS] .. ( Total:222 Go - Free:222 Go )
F:\ [CD_Rom]
.
Scan : 17:28.42
Path : C:\Users\Paul Andrade\Desktop\Rooter.exe
User : Paul Andrade ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (488)
______ C:\Windows\system32\csrss.exe (564)
______ C:\Windows\system32\wininit.exe (624)
______ C:\Windows\system32\csrss.exe (636)
______ C:\Windows\system32\services.exe (676)
______ C:\Windows\system32\lsass.exe (688)
______ C:\Windows\system32\lsm.exe (700)
______ C:\Windows\system32\winlogon.exe (868)
______ C:\Windows\system32\svchost.exe (968)
______ C:\Windows\system32\nvvsvc.exe (1012)
______ C:\Windows\system32\svchost.exe (1044)
______ C:\Windows\System32\svchost.exe (1104)
______ C:\Windows\System32\svchost.exe (1168)
______ C:\Windows\System32\svchost.exe (1204)
______ C:\Windows\system32\svchost.exe (1216)
Locked audiodg.exe (1328)
______ C:\Windows\system32\svchost.exe (1364)
______ C:\Windows\system32\SLsvc.exe (1384)
______ C:\Windows\system32\svchost.exe (1444)
______ C:\Windows\system32\rundll32.exe (1516)
______ C:\Windows\system32\vfsFPService.exe (1580)
______ C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe (1604)
______ C:\Windows\system32\svchost.exe (1676)
______ C:\Windows\system32\WLANExt.exe (1816)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (1836)
______ C:\Windows\System32\spoolsv.exe (236)
______ C:\Windows\system32\svchost.exe (316)
______ C:\Windows\system32\agrsmsvc.exe (1524)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1656)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1696)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1552)
______ C:\Windows\system32\svchost.exe (800)
______ C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (532)
______ C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (2084)
______ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (2160)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2248)
______ C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (2256)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (2284)
______ C:\Program Files\Intel\WiFi\bin\EvtEng.exe (2424)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2484)
______ C:\Program Files\Acer\Acer Bio Protection\BASVC.exe (2536)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2648)
______ C:\Acer\Mobility Center\MobilityService.exe (2664)
______ C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (2716)
______ C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (2964)
______ C:\Windows\system32\svchost.exe (2984)
______ C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (3020)
______ C:\Program Files\Acer\Acer VCM\RS_Service.exe (3040)
______ C:\Windows\system32\svchost.exe (3060)
______ C:\Windows\System32\svchost.exe (3088)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3152)
______ C:\Windows\system32\SearchIndexer.exe (3180)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (3276)
______ C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (3516)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (3536)
______ C:\Windows\system32\wbem\unsecapp.exe (3804)
______ C:\Windows\system32\wbem\wmiprvse.exe (3864)
______ C:\Windows\system32\taskeng.exe (4000)
______ C:\Windows\system32\Dwm.exe (756)
______ C:\Windows\system32\taskeng.exe (1908)
______ C:\Windows\Explorer.EXE (1132)
______ C:\Windows\system32\wbem\wmiprvse.exe (4136)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (4276)
______ C:\Program Files\Windows Defender\MSASCui.exe (4404)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (4428)
______ C:\Windows\RtHDVCpl.exe (4504)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (4516)
______ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (4548)
______ C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (4572)
______ C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (4584)
______ C:\Windows\PLFSetI.exe (4608)
______ C:\Program Files\Launch Manager\LManager.exe (4624)
______ C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (4648)
______ C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (4656)
______ C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (4680)
______ C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (4696)
______ C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (4728)
______ C:\Program Files\AVG\AVG8\avgtray.exe (4752)
______ C:\Program Files\Java\jre6\bin\jusched.exe (4764)
______ C:\Windows\System32\rundll32.exe (4884)
______ C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (4968)
______ C:\Windows\system32\wbem\unsecapp.exe (4984)
______ C:\Users\PAULAN~1\AppData\Local\Temp\RtkBtMnt.exe (4996)
______ C:\Program Files\iTunes\iTunesHelper.exe (5084)
______ C:\Windows\ehome\ehtray.exe (5148)
______ C:\Program Files\Windows Sidebar\sidebar.exe (5180)
______ C:\Program Files\Skype\Phone\Skype.exe (5208)
______ C:\Program Files\Acer\Acer VCM\AcerVCM.exe (5228)
______ C:\Windows\ehome\ehmsas.exe (5240)
______ C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (5284)
______ C:\Windows\ehome\ehsched.exe (5372)
______ C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe (5700)
______ C:\Program Files\Windows Sidebar\sidebar.exe (5736)
______ C:\Windows\ehome\ehRecvr.exe (5804)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (4132)
______ C:\Program Files\Acer\Acer VCM\acp2HID.exe (1308)
______ C:\Program Files\Mozilla Firefox\firefox.exe (5092)
______ C:\Program Files\iPod\bin\iPodService.exe (2836)
______ C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (5992)
______ C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (5896)
______ C:\Windows\system32\svchost.exe (4320)
______ C:\Users\Paul Andrade\Desktop\Rooter.exe (5564)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:13958643712)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:13959692288 | Length:243072499712)
\Device\Harddisk0\Partition3 (Start_Offset:257032192000 | Length:239336423424)
\Device\Harddisk0\Partition4 (Start_Offset:496368615424 | Length:3738173440)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{6A848900-4EF3-4CF7-A4EC-E9DC35A6561D}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 17:28.46
.
C:\Rooter$\Rooter_1.txt - (26/09/2009 | 17:28.46)
-CKScanner:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.NA.11
----- EOF -----
-RootRepeal
Cannot save the report to the desktop? It has a logfile automatically drawn up though...
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/26 17:36
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x90A9B000 Size: 888832 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA1358000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1328 Status: Locked to the Windows API!
==EOF==
-OTL.txt log:
OTL logfile created on: 26/09/2009 17:41:34 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Paul Andrade\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 97.11% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.38 Gb Total Space | 162.79 Gb Free Space | 71.91% Space Free | Partition Type: NTFS
Drive D: | 222.90 Gb Total Space | 222.80 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PAULANDRADE-PC
Current User Name: Paul Andrade
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/08/31 13:05:12 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/05/26 14:43:58 | 00,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008/12/17 12:54:27 | 03,485,696 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009/09/26 00:58:30 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2007/12/11 04:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/28 16:08:09 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/03/03 22:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/17 03:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/07/30 02:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2009/08/28 16:08:12 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2008/08/19 23:27:22 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2009/08/28 16:08:12 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/05/21 14:28:38 | 00,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/21 02:45:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/12/17 12:54:19 | 03,520,512 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
PRC - [2007/01/17 20:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/12/07 01:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2008/04/26 06:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/26 06:36:02 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2009/05/21 13:04:14 | 00,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/01/11 02:03:00 | 00,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/28 16:08:10 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/08/28 16:08:12 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/04/11 07:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 07:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/04/11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/04/11 07:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2008/01/21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/07/21 02:45:06 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/05/07 09:19:26 | 06,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/04/04 10:26:54 | 01,037,608 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/07/30 02:52:50 | 00,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/04/26 06:36:20 | 00,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/12/17 12:54:11 | 03,719,680 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2008/06/30 17:56:32 | 00,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/06/16 10:58:38 | 00,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/09/12 07:46:38 | 00,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/08/01 18:51:42 | 00,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/07/25 00:54:10 | 00,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/07/25 00:54:18 | 00,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/07/19 01:04:36 | 00,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/08/28 16:08:10 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/04/11 07:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/09/26 17:26:25 | 00,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Paul Andrade\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/01/21 03:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2009/04/11 07:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/09/02 15:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2008/03/05 20:56:30 | 01,216,512 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2008/01/21 03:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/04/25 03:50:32 | 00,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe
PRC - [2008/12/17 12:54:31 | 03,833,640 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
PRC - [2009/04/11 07:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/21 03:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe
PRC - [2009/09/26 00:58:31 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2007/03/27 21:00:32 | 00,196,608 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer VCM\acp2HID.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/04/04 10:27:02 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2009/03/30 05:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2009/09/26 17:41:02 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Andrade\Desktop\OTL.exe
========== Win32 Services (SafeList) ========== SRV - [2007/12/11 04:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/08/28 16:08:10 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/28 16:08:09 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/03/03 22:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])
SRV - [2008/01/17 03:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService [Auto | Running])
SRV - [2009/03/30 05:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2008/07/30 02:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service [Auto | Running])
SRV - [2008/01/21 03:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Running])
SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Running])
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/08/19 23:27:22 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService [Auto | Running])
SRV - [2009/04/11 07:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/05/21 14:28:38 | 00,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2009/02/18 19:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/21 02:45:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])
SRV - [2009/02/18 19:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/12/17 12:54:19 | 03,520,512 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC [Auto | Running])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/09/26 00:58:30 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2007/01/17 20:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/12/07 01:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running])
SRV - [2009/02/18 19:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/26 06:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])
SRV - [2008/04/26 06:36:02 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])
SRV - [2009/08/31 13:05:12 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 23:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/21 13:04:14 | 00,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2008/01/11 02:03:00 | 00,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/05/26 14:43:58 | 00,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService [Auto | Running])
SRV - [2008/01/21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto | Running])
SRV - [2008/01/21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_8930IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_8930 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_8930IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.virginmedia.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.virginmedia.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.01
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 19:07:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/28 16:08:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/25 21:19:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/25 21:19:10 | 00,000,000 | ---D | M]
[2009/08/28 11:35:54 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\mozilla\Extensions
[2009/08/28 11:35:54 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/26 13:08:46 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\mozilla\Firefox\Profiles\mgbfggil.default\extensions
[2009/08/28 20:22:17 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\mozilla\Firefox\Profiles\mgbfggil.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/26 00:55:04 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\mozilla\Firefox\Profiles\mgbfggil.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/28 18:08:24 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\mozilla\Firefox\Profiles\mgbfggil.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/08/28 18:08:27 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\mozilla\Firefox\Profiles\mgbfggil.default\extensions\piclens@cooliris.com
[2009/09/04 13:48:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/12 09:54:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/12 09:54:39 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/12 09:54:39 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/27 19:53:38 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/07/23 17:47:22 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/09/12 09:54:40 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/25 21:19:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/25 21:19:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/25 21:19:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/25 21:19:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/25 21:19:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/25 21:19:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/25 21:19:10 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/30 23:24:36 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/07/31 00:39:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 23:24:36 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/07/31 00:39:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 23:24:36 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/07/31 00:39:40 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/31 00:39:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 23:24:36 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (325948 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11155 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found
========== Files/Folders - Created Within 14 Days ========== [2009/09/26 17:40:51 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\Paul Andrade\Desktop\OTL.exe
[2009/09/26 17:35:00 | 00,000,000 | ---D | C] -- C:\Users\Paul Andrade\Desktop\RootRepeal
[2009/09/26 17:31:51 | 00,464,491 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\RootRepeal.zip
[2009/09/26 17:30:52 | 00,440,832 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\CKScanner.exe
[2009/09/26 17:28:46 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/09/26 17:28:14 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\Paul Andrade\Desktop\Rooter.exe
[2009/09/26 17:23:44 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\Paul Andrade\Desktop\TFC.exe
[2009/09/26 17:23:11 | 00,794,112 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\The_Comedian(2).exe
[2009/09/26 17:20:36 | 00,794,112 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\The_Comedian.exe
[2009/09/26 01:32:49 | 00,172,445 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\problem.jpg
[2009/09/26 01:05:26 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/09/26 00:59:31 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/09/26 00:59:20 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/09/26 00:56:45 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/26 00:56:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/09/26 00:56:35 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/09/25 21:28:48 | 00,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2009/09/25 21:27:17 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco
[2009/09/25 21:27:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2009/09/25 21:27:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Intel
[2009/09/25 21:20:15 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/25 21:20:13 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/25 21:20:13 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/25 21:18:47 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/09/25 21:12:00 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/09/25 21:11:48 | 00,000,000 | ---D | C] -- C:\Users\Paul Andrade\AppData\Roaming\SystemRequirementsLab
[2009/09/25 17:05:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/09/25 17:05:46 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/09/25 16:27:53 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/09/25 03:22:25 | 00,000,000 | ---D | C] -- C:\Users\Paul Andrade\AppData\Local\GPUMonitor
[2009/09/24 00:48:28 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2009/09/24 00:48:17 | 00,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2009/09/23 23:25:59 | 00,140,906 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\2 plus years.jpg
[2009/09/23 16:22:21 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/09/22 00:39:39 | 00,115,600 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\Video call snapshot 10.png
[2009/09/21 23:50:29 | 00,095,177 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\Video call snapshot 5.png
[2009/09/21 20:26:00 | 00,142,762 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\2616rosebud5501.jpg
[2009/09/21 20:24:27 | 00,000,000 | ---D | C] -- C:\Users\Paul Andrade\Documents\OneNote Notebooks
[2009/09/21 15:30:19 | 00,001,878 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\HijackThis.lnk
[2009/09/21 15:30:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/20 20:19:26 | 00,000,000 | ---D | C] -- C:\Users\Paul Andrade\Desktop\huge backup
[2009/09/20 20:17:26 | 00,000,336 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\drafts.csv
[2009/09/20 20:17:09 | 00,013,636 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\sentbox.csv
[2009/09/20 20:16:48 | 00,058,402 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\sms invox.csv
[2009/09/20 20:00:17 | 01,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll
[2009/09/20 20:00:17 | 00,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx
[2009/09/20 20:00:17 | 00,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx
[2009/09/20 19:57:52 | 00,000,000 | ---D | C] -- C:\Users\Paul Andrade\Documents\LG Electronics
[2009/09/20 18:57:08 | 00,000,000 | ---D | C] -- C:\Sounds
[2009/09/18 22:50:56 | 00,115,731 | ---- | C] () -- C:\Users\Paul Andrade\Desktop\confirmation.jpg
[2009/09/17 15:54:39 | 00,000,000 | ---D | C] -- C:\Users\Paul Andrade\Documents\Downloads
========== Files - Modified Within 14 Days ========== [2009/09/26 17:41:02 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Andrade\Desktop\OTL.exe
[2009/09/26 17:32:15 | 00,464,491 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\RootRepeal.zip
[2009/09/26 17:32:11 | 00,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A848900-4EF3-4CF7-A4EC-E9DC35A6561D}.job
[2009/09/26 17:31:01 | 00,440,832 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\CKScanner.exe
[2009/09/26 17:30:33 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/26 17:30:33 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/26 17:30:33 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/26 17:28:23 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\Paul Andrade\Desktop\Rooter.exe
[2009/09/26 17:26:43 | 00,032,536 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/09/26 17:26:32 | 00,002,299 | ---- | M] () -- C:\Users\Paul Andrade\AppData\Roaming\acervcmtmp.ini
[2009/09/26 17:26:28 | 00,032,536 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/09/26 17:26:16 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/09/26 17:26:03 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/26 17:26:03 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/26 17:26:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/26 17:25:58 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/26 17:25:49 | 32,190,91456 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/26 17:25:03 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/09/26 17:24:58 | 00,736,658 | -H-- | M] () -- C:\Users\Paul Andrade\AppData\Local\IconCache.db
[2009/09/26 17:23:53 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Andrade\Desktop\TFC.exe
[2009/09/26 17:23:20 | 00,794,112 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\The_Comedian(2).exe
[2009/09/26 13:37:17 | 00,794,112 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\The_Comedian.exe
[2009/09/26 12:58:49 | 41,786,983 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/26 12:58:49 | 00,113,133 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/26 01:32:50 | 00,172,445 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\problem.jpg
[2009/09/26 01:00:53 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/09/26 00:59:11 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/09/24 00:48:28 | 00,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2009/09/23 23:25:59 | 00,140,906 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\2 plus years.jpg
[2009/09/23 14:42:12 | 00,011,776 | ---- | M] () -- C:\Users\Paul Andrade\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/22 00:39:24 | 00,115,600 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\Video call snapshot 10.png
[2009/09/21 20:26:12 | 00,142,762 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\2616rosebud5501.jpg
[2009/09/21 15:30:19 | 00,001,878 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\HijackThis.lnk
[2009/09/21 00:39:48 | 00,095,177 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\Video call snapshot 5.png
[2009/09/20 20:17:27 | 00,000,336 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\drafts.csv
[2009/09/20 20:17:11 | 00,013,636 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\sentbox.csv
[2009/09/20 20:16:53 | 00,058,402 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\sms invox.csv
[2009/09/18 22:50:56 | 00,115,731 | ---- | M] () -- C:\Users\Paul Andrade\Desktop\confirmation.jpg
========== LOP Check ========== [2009/09/25 21:11:48 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming
[2009/08/28 12:25:50 | 00,000,000 | -HSD | M] -- C:\Users\Paul Andrade\AppData\Roaming\.#
[2009/09/25 03:41:21 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\Acer
[2001/01/06 19:39:35 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\Acer GameZone Console
[2009/08/27 23:36:39 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\CyberLink
[2009/08/27 21:26:43 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\eSobi
[2009/09/11 15:38:50 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\gtk-2.0
[2009/08/27 22:16:01 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\Intel
[2009/09/02 18:52:49 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\LG Electronics
[2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\Media Center Programs
[2009/08/30 23:14:14 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\OpenOffice.org
[2009/08/30 15:51:05 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\Sports Interactive
[2009/09/25 21:11:48 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\SystemRequirementsLab
[2009/08/31 20:14:12 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\Template
[2009/08/27 19:44:44 | 00,000,000 | ---D | M] -- C:\Users\Paul Andrade\AppData\Roaming\Validity
[2009/09/26 01:00:53 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/09/26 17:26:03 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/26 17:25:03 | 00,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/26 17:32:11 | 00,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6A848900-4EF3-4CF7-A4EC-E9DC35A6561D}.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:8173A019
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >
Extras.Txt log:
OTL Extras logfile created on: 26/09/2009 17:41:34 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Paul Andrade\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 97.11% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.38 Gb Total Space | 162.79 Gb Free Space | 71.91% Space Free | Partition Type: NTFS
Drive D: | 222.90 Gb Total Space | 222.80 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PAULANDRADE-PC
Current User Name: Paul Andrade
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3026526500-3820844030-2683254478-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E38B47C-C494-45C2-A3C9-802975B19635}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E964550-F75A-488A-8904-B2FA4B6F2C41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6AE0A4D4-3ABA-410C-AF7B-67495EDFE63D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C584541-668A-4A04-8BB2-81315749C696}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D0EC78B-8CD4-42C9-91E0-BC33420B19AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6EC6833B-85E7-455B-B422-71AA33F2BF5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C78F289-718A-47DE-9221-23CE4A4D4480}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B8CE639B-D106-4B7B-BB5B-F640908C4943}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C61F3083-CFF5-473B-A069-43832A479AA9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FA48D8C8-D2ED-414D-87F7-7D4EFBA9407B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03267C1C-72A4-42F0-BD2C-5DB67ACF48C9}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{0786B602-9200-4A8E-9E8D-D55816E339CE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0EFB3381-B8FA-4240-A716-04DCB533A512}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{12FBAFF1-4BD3-4BEF-A204-FBD15E9D6A34}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{14FDEB0E-D8B8-43F2-8501-B6047609275E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3FE412CA-F5EA-41B6-AFAB-49A5B78791A5}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{471A03A5-CAF1-4DDB-9BE4-50DA3EE456C1}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{60914761-AE2B-4578-B746-ED140B36DB99}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{75D11B41-EF22-40C2-B99F-ABCA9D6B6450}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{7B8F435B-3D32-49B5-AC49-165426104064}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{84200E1F-FC35-49F7-9D33-590CAC142BB7}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{90C3CC63-350A-4E1B-B8D4-69AF559903B3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{918BEEFA-CB4C-4444-81B5-BE99E09F5E13}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{96FF9441-E443-4E2B-9D50-FFD3E904C922}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{99432749-65D7-4A00-BEDD-E20B16BCD050}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{A69C6B86-4F1C-4DFF-BECF-EB0320C5F397}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{AC3A7708-DD00-4414-A72B-D0D022EBE9F7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{ACFA88A9-0658-4423-8F36-00BF618901E1}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B3B84CC2-02BF-4F95-BF44-A42F7EDD171D}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{C0F16F52-6AC4-48D8-AB9E-912D9125E1FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD86E1EE-C54E-4634-8F0D-9329F937A639}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{D0C62C40-CF23-4832-BCE0-403055B7F2F6}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{E355B1D7-0BC2-472C-B924-4AB522B7FC88}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{EA28A6E2-FA95-46A9-B176-E651ADB2E210}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EABD37F9-EA62-45F0-BD9B-9DB456D889C4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB3A99A1-B0AC-46FA-BDB7-5D8397082668}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{EE6D4F62-9D5A-4743-B93C-9960FB38A89D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F51F9E40-98CD-4A24-A94C-84684FD3B519}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{FDA18440-2F0E-4FA8-8444-BEE943F61B6F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C52C859-8E8E-4E69-9608-C923644AC1E0}" = LG PC Suite III
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel® PROSet/Wireless WiFi Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.6.3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-07-28
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F59A3B93-6C1C-4C3E-BCC4-4897490E2963}" = LG Bluetooth Drivers
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"Acer Acer Bio Protection 6.0.00.15" = Acer Bio Protection
AAV 6.0.00.15
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.29
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner (remove only)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"Defraggler" = Defraggler (remove only)
"Football Manager 2009" = Football Manager 2009
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 20/09/2009 14:59:38 | Computer Name = PaulAndrade-PC | Source = VSS | ID = 8194
Description =
Error - 20/09/2009 15:04:48 | Computer Name = PaulAndrade-PC | Source = Application Error | ID = 1000
Description = Faulting application LiveUpdate.exe, version 1.2.0.9, time stamp 0x49e68f2e,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x00046cb6, process id 0x3ec, application start time
0x01ca3a25285c786c.
Error - 21/09/2009 08:42:10 | Computer Name = PaulAndrade-PC | Source = WinMgmt | ID = 10
Description =
Error - 21/09/2009 10:21:58 | Computer Name = PaulAndrade-PC | Source = WinMgmt | ID = 10
Description =
Error - 22/09/2009 06:39:34 | Computer Name = PaulAndrade-PC | Source = WinMgmt | ID = 10
Description =
Error - 22/09/2009 10:58:10 | Computer Name = PaulAndrade-PC | Source = WinMgmt | ID = 10
Description =
Error - 22/09/2009 13:07:48 | Computer Name = PaulAndrade-PC | Source = WinMgmt | ID = 10
Description =
Error - 22/09/2009 14:59:47 | Computer Name = PaulAndrade-PC | Source = WinMgmt | ID = 10
Description =
Error - 23/09/2009 07:46:31 | Computer Name = PaulAndrade-PC | Source = WinMgmt | ID = 10
Description =
Error - 23/09/2009 14:25:43 | Computer Name = PaulAndrade-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 28/08/2009 14:13:59 | Computer Name = PaulAndrade-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 28/08/2009 16:02:21 | Computer Name = PaulAndrade-PC | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 28/08/2009 16:02:21 | Computer Name = PaulAndrade-PC | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 28/08/2009 16:02:27 | Computer Name = PaulAndrade-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 02/09/2009 13:56:10 | Computer Name = PaulAndrade-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 17/09/2009 21:04:18 | Computer Name = PaulAndrade-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ System Events ]
Error - 07/09/2009 16:55:29 | Computer Name = PaulAndrade-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 07/09/2009 16:55:59 | Computer Name = PaulAndrade-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 07/09/2009 16:56:29 | Computer Name = PaulAndrade-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 07/09/2009 16:56:59 | Computer Name = PaulAndrade-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 07/09/2009 16:57:29 | Computer Name = PaulAndrade-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 07/09/2009 16:57:59 | Computer Name = PaulAndrade-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 07/09/2009 16:58:29 | Computer Name = PaulAndrade-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 07/09/2009 16:58:59 | Computer Name = PaulAndrade-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 07/09/2009 17:01:02 | Computer Name = PaulAndrade-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 21:55:00 on 07/09/2009 was unexpected.
Error - 07/09/2009 19:02:32 | Computer Name = PaulAndrade-PC | Source = DCOM | ID = 10010
Description =
< End of report >
