-
Google results re-direct to random websites (and computer is slow)
Hi,
My computer (running Vista) has started to re-direct Google results to seemingly random websites. I have backed up the registry using ERUNT, when I try and run DDS however it runs for a while and then the computer locks up (nothing responds, can't get task manager open etc). The computer has Microsoft Security Essentials which was recently installed, it did find several issues, but I disabled the live protection for running DDS.
Also a portable version of Spybot was used recently as well, the scan on that also found some issues that were fixed by the program.
I am not sure where to go from here if any further information is required please let me know.
And thanks very much in advance of any advice given.
-
-
aswMBR wont run....
Thanks for the reply.
I tried running aswMBR as described, however it won’t start up. When I double click it no GUI runs or anything like that. I checked the processes running in the task list and the aswMBR.exe process does pop up for around 2 seconds but then it just disappears.
Should I try running in safe mode?
-
Good Morning,
Yes , try safemode.
To Enter Safemode
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu. - Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
- Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode
-
Afternoon,
Thanks for the rapid reply.
Tried to run in safe mode and the exact same issue, aswMEB.exe shows in the process list for around 2 seconds before just shutting down again....
Are there any other steps I should take?
-
With Vista, you need to RIGHT CLICK ON A PROGRAM AND SELECT "RUN AS ADMINISTRATOR" Have you done that ?
Try that also with DDS both normally and in Safemode
If still a no go than try running these programs
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
- Double click GMER.exe.
- If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
- In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Click the image to enlarge it
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
-
-
OLT.txt (safe mode)
OTL logfile created on: 29/11/2011 10:11:44 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 65.49% Memory free
3.74 Gb Paging File | 3.31 Gb Available in Paging File | 88.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 87.17 Gb Free Space | 60.41% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sandra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (uxriqpob) -- C:\Users\Sandra\AppData\Local\Temp\uxriqpob.sys (GMER)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (GemCCID) -- C:\Windows\System32\drivers\GemCCID.sys (Gemalto)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cars.uk.msn.com/
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.comhttp://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2010/11/23 15:18:28 | 000,002,037 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb2.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2011/11/25 17:09:19 | 000,437,966 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15090 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKLM..\Run: [AMFucJFMaVdteYf.exe] C:\ProgramData\AMFucJFMaVdteYf.exe File not found
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers File not found
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-565932158-212264510-2539292498-1000..\Run: [{37E04771-0D69-BB1A-F662-609E08C9BB5B}] C:\Users\Sandra\AppData\Roaming\Loyfz\ovxay.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A4F467-8F06-4D9B-A7EC-F89D639D7B84}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{236af0aa-a248-11df-94da-00218503497f}\Shell - "" = AutoRun
O33 - MountPoints2\{236af0aa-a248-11df-94da-00218503497f}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{448c0d2c-238c-11de-9138-00218503497f}\Shell - "" = AutoRun
O33 - MountPoints2\{448c0d2c-238c-11de-9138-00218503497f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O33 - MountPoints2\{e86c80f0-f67a-11df-8dea-00218503497f}\Shell\AutoRun\command - "" = RECYCLERBIN\autorun32.exe
O33 - MountPoints2\{e86c80f0-f67a-11df-8dea-00218503497f}\Shell\open\command - "" = RECYCLERBIN\autorun32.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/29 10:09:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2011/11/29 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\gmer
[2011/11/29 07:34:18 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2011/11/28 16:32:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/28 16:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/28 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/25 18:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/25 18:12:19 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/11/25 18:04:58 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdkiller.com
[2011/11/25 17:55:15 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/25 17:53:01 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Google
[2011/11/25 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Apps
[2011/11/25 17:52:40 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Deployment
[2011/11/14 20:15:14 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2008/08/31 16:23:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2008/08/31 16:23:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2008/08/31 16:23:20 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2008/08/31 16:23:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2008/08/31 16:23:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2008/08/31 16:23:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2008/08/31 16:23:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2008/08/31 16:23:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2008/08/31 16:23:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2008/08/31 16:23:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2008/08/31 16:23:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2008/08/31 16:23:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2008/08/31 16:23:18 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2008/08/31 16:23:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2008/08/31 16:23:18 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sandra\AppData\Roaming\*.tmp files -> C:\Users\Sandra\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/29 10:09:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2011/11/29 09:59:36 | 000,617,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/29 09:59:36 | 000,113,626 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/29 09:55:28 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/29 09:55:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/29 09:23:59 | 000,002,627 | ---- | M] () -- C:\Users\Sandra\Desktop\Microsoft Office Word 2007.lnk
[2011/11/29 07:48:30 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/29 07:48:30 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/29 07:46:14 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job
[2011/11/29 07:34:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2011/11/28 16:58:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000UA.job
[2011/11/28 16:31:43 | 000,000,922 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/28 16:31:30 | 000,000,723 | ---- | M] () -- C:\Users\Sandra\Desktop\ERUNT.lnk
[2011/11/28 15:53:41 | 000,403,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/26 20:57:26 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000Core.job
[2011/11/26 03:18:50 | 000,000,384 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011/11/26 03:01:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/25 18:33:23 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/11/25 18:32:49 | 000,022,032 | ---- | M] () -- C:\Windows\DCEBoot.exe
[2011/11/25 18:16:27 | 000,000,036 | ---- | M] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2011/11/25 18:05:06 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdkiller.com
[2011/11/25 17:55:22 | 000,002,056 | ---- | M] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2011/11/25 17:55:22 | 000,002,018 | ---- | M] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/25 17:09:19 | 000,437,966 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/25 17:07:44 | 000,000,273 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111125-170744.backup
[2011/11/25 17:07:44 | 000,000,211 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111125-170919.backup
[2011/11/14 20:15:15 | 000,000,288 | ---- | M] () -- C:\ProgramData\~ai3h6NmYYVmUXf
[2011/11/14 20:15:15 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ai3h6NmYYVmUXfr
[2011/11/14 20:15:11 | 000,000,336 | ---- | M] () -- C:\ProgramData\ai3h6NmYYVmUXf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sandra\AppData\Roaming\*.tmp files -> C:\Users\Sandra\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/28 16:31:43 | 000,000,922 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/28 16:31:30 | 000,000,723 | ---- | C] () -- C:\Users\Sandra\Desktop\ERUNT.lnk
[2011/11/26 03:18:50 | 000,000,384 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2011/11/25 18:32:49 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/11/25 18:32:28 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/11/25 18:16:27 | 000,000,036 | ---- | C] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2011/11/25 18:15:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/25 18:13:06 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/25 17:55:22 | 000,002,056 | ---- | C] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2011/11/25 17:55:22 | 000,002,018 | ---- | C] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/25 17:53:03 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000UA.job
[2011/11/25 17:53:01 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000Core.job
[2011/11/14 20:15:15 | 000,000,216 | ---- | C] () -- C:\ProgramData\~ai3h6NmYYVmUXfr
[2011/11/14 20:15:14 | 000,000,288 | ---- | C] () -- C:\ProgramData\~ai3h6NmYYVmUXf
[2011/11/14 20:15:11 | 000,000,336 | ---- | C] () -- C:\ProgramData\ai3h6NmYYVmUXf
[2011/02/10 12:00:07 | 000,008,885 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/06 00:15:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/29 19:31:02 | 000,000,680 | ---- | C] () -- C:\Users\Sandra\AppData\Local\d3d9caps.dat
[2009/10/22 16:12:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 16:12:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 10:06:15 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/09/23 10:06:06 | 000,000,392 | ---- | C] () -- C:\Windows\videoimp.ini
[2009/04/10 17:19:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/12/16 20:55:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/11 08:38:24 | 000,000,031 | ---- | C] () -- C:\Windows\UKCpInfo.sys
[2008/09/02 13:16:08 | 000,019,220 | ---- | C] () -- C:\Windows\wwdslcfg.ini
[2008/09/01 10:11:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/31 16:26:29 | 000,000,359 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/08/31 16:23:20 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2008/08/31 16:23:19 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2008/08/31 12:54:02 | 000,036,864 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 03:14:01 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008/08/29 19:50:48 | 000,001,770 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/28 11:32:14 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/05/28 11:32:14 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/05/28 11:30:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/03/16 20:42:41 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/16 20:10:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/16 19:16:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/03/16 19:03:42 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008/03/16 19:03:42 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/02/08 01:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 16:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,403,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,617,100 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,113,626 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/05 20:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2001/12/26 22:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 05:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 22:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 04:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008/08/31 16:57:11 | 000,000,000 | -HSD | M] -- C:\Users\Sandra\AppData\Roaming\.#
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Acer GameZone Console
[2010/10/08 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Doctor Who
[2008/09/02 14:59:26 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\eSobi
[2011/11/25 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Loyfz
[2011/02/09 20:38:02 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Umno
[2011/11/29 07:48:29 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/29 07:46:14 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job
========== Purity Check ==========
< End of report >
-
Extra.txt (safe mode)
OTL Extras logfile created on: 29/11/2011 10:11:44 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 65.49% Memory free
3.74 Gb Paging File | 3.31 Gb Available in Paging File | 88.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 87.17 Gb Free Space | 60.41% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 1
"UpdatesDisableNotify" = 1
"FirewallDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-565932158-212264510-2539292498-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA48B5A-721E-42DD-9091-E5D681A23832}" = rport=445 | protocol=6 | dir=out | app=system |
"{18227C3F-E366-4A32-A9BC-668BBA9E2684}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1A75D010-66D0-4F84-8F79-CE1A47F900C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1E06DEFE-F45F-472F-A44D-B11157E54DB7}" = rport=137 | protocol=17 | dir=out | app=system |
"{2364BAFF-8F02-440F-93BB-4B45B94D9A09}" = rport=139 | protocol=6 | dir=out | app=system |
"{29ED1E56-5537-4128-9B28-1E45A4D5E6B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3569FFA0-6578-41F5-AF39-2885E8DBC179}" = lport=2869 | protocol=6 | dir=in | app=system |
"{439255EF-0EC8-4903-99E0-4D0E8EE84B0A}" = lport=139 | protocol=6 | dir=in | app=system |
"{49DB3196-3369-4693-836F-7966FF696AA2}" = lport=138 | protocol=17 | dir=in | app=system |
"{4DC689AC-2B87-4DE9-BF1F-20C831254C19}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{687D9400-8743-4905-BB5D-5EF22EF265E7}" = rport=138 | protocol=17 | dir=out | app=system |
"{70BCDF53-6B32-42B2-8A91-D287ECAB81EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{731526DC-9FD0-484F-A8A9-757F08AB290C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76FC8A44-384A-4229-9FC1-E34161CE4143}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E5C762B-4F55-46D1-BFF7-54C79EEA0A86}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85F84575-818D-454D-825E-FADB2FB4181F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9148F9D3-1990-4982-A5A2-F09E2FC7B380}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A19266E1-136F-469F-B441-ADD820C1BACB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A2B15BA2-BF9A-4EA7-8039-5EFAEAC8B505}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF410BDD-7DA6-41CA-B21F-D9C85A2D10CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5D1F4E0-C61C-4CA4-8C3B-77206005DB8B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D64203C1-B3B9-4817-8A0D-16991EE51934}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E272453B-FF6D-414D-A298-79C2C9DF9589}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E50DC98A-7396-44EC-9E30-6F1BB76D57BF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E8031A00-BB61-4FED-8787-42C180C26B24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAAFB9D2-447E-49D0-8D7D-2704FB2C67B8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EF67B4E3-5753-4342-9402-6F3BC4C7D39A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE5D8C08-DFE7-4544-A945-33AF5DDE18F3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C790791-E228-413B-9F5B-0F320CB46323}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{17C9276A-32A3-4F4D-B7A6-BECCDDB400D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23BF090D-004F-4AEA-AC02-DC08D246F3CC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{260F8CFD-9B0A-47E9-A060-34ADEC9C646D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{286753EF-FC39-441D-99AF-759A684B669D}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{39863CA9-3184-4F99-9510-39E313EE846B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{46D60F9B-E542-4931-91E8-875CB2A2C023}" = protocol=17 | dir=in | app=c:\users\sandra\appdata\local\microsoft\windows\temporary internet files\content.ie5\x7hno9ml\ibario_free_apps[1].exe |
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{4B8E8CA9-15C0-4129-972E-BCD8622EFBE3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4E85AD45-7F10-474C-A38A-88F45454E4DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4EE579B8-8792-4F08-86F2-9E204355FB94}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{53348555-6C41-417A-BD59-92D959FF0D20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BDC9874-C9EC-4D61-B6E4-C28DC5F85FAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A0E25BE-4704-4513-9DB6-CC9F4D76E71D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{6FB43F1B-4C3E-4CA0-85CC-47846D90DE13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70441C18-3E53-4EFF-B676-D2C732DCB557}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{7873C6C1-DE66-4F60-8D7C-038B19372F4A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8203FFAA-6836-45A2-B49C-2BB200637354}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89EC6C5A-4AB0-4332-8222-0B151E8A8E96}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8DB9A8B6-0248-4FFC-B0C2-248498CD7EAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{9C21E579-0335-4DA1-82E1-0CFF9330D9D8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{A311AFF8-3918-4E44-86B4-092E9FC748B4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A87F9AF7-D5ED-41A3-8A4F-827573E03DAC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{A95B326A-DD98-4550-8653-CE41D482B8FA}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{ABF1E444-BE72-4461-9BC6-B61BF7C7761F}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{AF4E35F3-CB1C-4CCC-B550-4ABB596A3BA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B001219C-0707-4311-8825-20706CEB7AEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1B10214-56D5-4988-96FE-673E246A85EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C318B0A4-B2D0-4D2E-9441-555DC11A8A75}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D597FFA3-E510-4247-885C-48DF5DD70233}" = protocol=6 | dir=out | app=system |
"{E8998D40-7B5B-4B37-A27F-BD3719A2EFC3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F04600EE-CD98-4ED1-AE8E-68E799CDB2BE}" = protocol=6 | dir=in | app=c:\users\sandra\appdata\local\microsoft\windows\temporary internet files\content.ie5\x7hno9ml\ibario_free_apps[1].exe |
"{F3928664-CB28-4F6A-97DD-5B3CE02572F7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{66C32D7C-0081-450B-9192-F94473D35499}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{68D896C9-D45A-4B12-BB4A-C66EB55FE555}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{7C6F24C4-AB6A-401D-A735-274AA29E24D3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{9FAB68A7-C3C4-4F55-ACEE-5E51FBC9294E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{CD506D6C-1D9B-4283-AA40-C7EB589895ED}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{1CF77600-CAB0-4A97-A050-2DC5071D3738}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{8642EC0C-0138-41B1-8FD5-792F60537FC5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{87EB75DF-6688-4C09-B2E8-0A5675F66605}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{D16AF569-6951-458A-B162-1A3794402317}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager
"{01400202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard - WE 2002
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{302A4752-29A9-4DEA-9FB4-9D1E79D26D2B}" = ArcSoft PhotoImpression 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A41CB67-E6DE-4AD3-856C-B3DB8270F7B3}" = MEGA PIXEL DSC
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9F73FDEF-DDC1-4307-9D96-13AB3254641A}_is1" = Doctor Who: The Adventure Games
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CC9D63F7-BC73-41EB-BAA5-C1A863BCF22A}" = ArcSoft PhotoBase 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money System Pack
"{D99B6D3B-9554-4D17-868F-E7FCA05A5A50}" = ArcSoft VideoImpression 1.6
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}" = Microsoft AutoRoute 2002
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Coupon Printer2.0" = Coupon Printer
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"Indeo® software" = Indeo® software
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"QuickTime" = QuickTime
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21/06/2011 09:48:29 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.19088, time
stamp 0x000707f5, faulting module WININET.dll, version 8.0.6001.19088, time stamp
0x4de091b6, exception code 0xc00000fd, fault offset 0x0000168f, process id 0x11a4,
application start time 0x01cc3019d56d7c92.
Error - 21/06/2011 09:53:22 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.19088, time
stamp 0x000707f5, faulting module ntdll.dll, version 6.0.6002.18327, time stamp
0x4cb73436, exception code 0xc00000fd, fault offset 0x00048819, process id 0x1004,
application start time 0x01cc301a883f1312.
Error - 21/06/2011 09:58:16 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.19088, time
stamp 0x000707f5, faulting module WININET.dll, version 8.0.6001.19088, time stamp
0x4de091b6, exception code 0xc00000fd, fault offset 0x0000169b, process id 0x14a8,
application start time 0x01cc301b3b0f7112.
Error - 21/06/2011 10:03:11 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.19088, time
stamp 0x000707f5, faulting module ntdll.dll, version 6.0.6002.18327, time stamp
0x4cb73436, exception code 0xc00000fd, fault offset 0x00048819, process id 0x1174,
application start time 0x01cc301beddff622.
Error - 21/06/2011 10:08:05 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.19088, time
stamp 0x000707f5, faulting module WININET.dll, version 8.0.6001.19088, time stamp
0x4de091b6, exception code 0xc00000fd, fault offset 0x0000168e, process id 0xed4,
application start time 0x01cc301ca0b0a242.
Error - 21/06/2011 10:13:59 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.19088, time
stamp 0x000707f5, faulting module ntdll.dll, version 6.0.6002.18327, time stamp
0x4cb73436, exception code 0xc00000fd, fault offset 0x00048819, process id 0x1310,
application start time 0x01cc301d538286e2.
Error - 21/06/2011 10:18:52 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.19088, time
stamp 0x000707f5, faulting module WININET.dll, version 8.0.6001.19088, time stamp
0x4de091b6, exception code 0xc00000fd, fault offset 0x0000168f, process id 0x16d4,
application start time 0x01cc301e06515e42.
Error - 21/06/2011 10:23:47 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.19088, time
stamp 0x000707f5, faulting module WININET.dll, version 8.0.6001.19088, time stamp
0x4de091b6, exception code 0xc00000fd, fault offset 0x0000168f, process id 0x1350,
application start time 0x01cc301eb922a6a2.
Error - 21/06/2011 10:28:39 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.19088, time
stamp 0x000707f5, faulting module WININET.dll, version 8.0.6001.19088, time stamp
0x4de091b6, exception code 0xc00000fd, fault offset 0x0000169b, process id 0x14e4,
application start time 0x01cc301f6bf1a512.
Error - 21/06/2011 10:33:34 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.19088, time
stamp 0x000707f5, faulting module WININET.dll, version 8.0.6001.19088, time stamp
0x4de091b6, exception code 0xc00000fd, fault offset 0x0000169b, process id 0x560,
application start time 0x01cc30201ec20312.
[ OSession Events ]
Error - 26/08/2011 10:47:05 | Computer Name = Sandra-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29/11/2011 05:19:28 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29/11/2011 05:19:28 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 29/11/2011 05:54:41 | Computer Name = Sandra-PC | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.
Error - 29/11/2011 05:54:41 | Computer Name = Sandra-PC | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.
Error - 29/11/2011 05:55:41 | Computer Name = Sandra-PC | Source = DCOM | ID = 10005
Description =
Error - 29/11/2011 05:55:48 | Computer Name = Sandra-PC | Source = DCOM | ID = 10005
Description =
Error - 29/11/2011 05:55:50 | Computer Name = Sandra-PC | Source = DCOM | ID = 10005
Description =
Error - 29/11/2011 05:55:52 | Computer Name = Sandra-PC | Source = DCOM | ID = 10005
Description =
Error - 29/11/2011 05:56:41 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29/11/2011 05:56:41 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
-
OLT.txt (normal mode)
OTL logfile created on: 29/11/2011 11:17:05 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 51.56% Memory free
3.74 Gb Paging File | 2.72 Gb Available in Paging File | 72.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 89.08 Gb Free Space | 61.74% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sandra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbkcoms.exe ( )
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (uxriqpob) -- C:\Users\Sandra\AppData\Local\Temp\uxriqpob.sys (GMER)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (GemCCID) -- C:\Windows\System32\drivers\GemCCID.sys (Gemalto)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cars.uk.msn.com/
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.comhttp://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2010/11/23 15:18:28 | 000,002,037 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb2.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2011/11/25 17:09:19 | 000,437,966 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15090 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKLM..\Run: [AMFucJFMaVdteYf.exe] C:\ProgramData\AMFucJFMaVdteYf.exe File not found
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers File not found
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-565932158-212264510-2539292498-1000..\Run: [{37E04771-0D69-BB1A-F662-609E08C9BB5B}] C:\Users\Sandra\AppData\Roaming\Loyfz\ovxay.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A4F467-8F06-4D9B-A7EC-F89D639D7B84}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{236af0aa-a248-11df-94da-00218503497f}\Shell - "" = AutoRun
O33 - MountPoints2\{236af0aa-a248-11df-94da-00218503497f}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{448c0d2c-238c-11de-9138-00218503497f}\Shell - "" = AutoRun
O33 - MountPoints2\{448c0d2c-238c-11de-9138-00218503497f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O33 - MountPoints2\{e86c80f0-f67a-11df-8dea-00218503497f}\Shell\AutoRun\command - "" = RECYCLERBIN\autorun32.exe
O33 - MountPoints2\{e86c80f0-f67a-11df-8dea-00218503497f}\Shell\open\command - "" = RECYCLERBIN\autorun32.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/29 10:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/11/29 10:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Paint.NET
[2011/11/29 10:28:57 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\Paint
[2011/11/29 10:09:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2011/11/29 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\gmer
[2011/11/29 07:34:18 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2011/11/28 16:32:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/28 16:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/28 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/25 18:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/25 18:12:19 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/11/25 18:04:58 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdkiller.com
[2011/11/25 17:55:15 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/25 17:53:01 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Google
[2011/11/25 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Apps
[2011/11/25 17:52:40 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Deployment
[2011/11/14 20:15:14 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2008/08/31 16:23:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2008/08/31 16:23:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2008/08/31 16:23:20 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2008/08/31 16:23:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2008/08/31 16:23:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2008/08/31 16:23:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2008/08/31 16:23:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2008/08/31 16:23:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2008/08/31 16:23:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2008/08/31 16:23:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2008/08/31 16:23:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2008/08/31 16:23:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2008/08/31 16:23:18 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2008/08/31 16:23:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2008/08/31 16:23:18 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sandra\AppData\Roaming\*.tmp files -> C:\Users\Sandra\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/29 11:16:05 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job
[2011/11/29 10:58:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000UA.job
[2011/11/29 10:30:53 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/11/29 10:22:40 | 000,618,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/29 10:22:40 | 000,114,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/29 10:17:58 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/29 10:17:52 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/29 10:17:51 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/29 10:17:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/29 10:09:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2011/11/29 09:23:59 | 000,002,627 | ---- | M] () -- C:\Users\Sandra\Desktop\Microsoft Office Word 2007.lnk
[2011/11/29 07:34:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2011/11/28 16:31:43 | 000,000,922 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/28 16:31:30 | 000,000,723 | ---- | M] () -- C:\Users\Sandra\Desktop\ERUNT.lnk
[2011/11/28 15:53:41 | 000,403,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/26 20:57:26 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000Core.job
[2011/11/26 03:18:50 | 000,000,384 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011/11/26 03:01:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/25 18:33:23 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/11/25 18:32:49 | 000,022,032 | ---- | M] () -- C:\Windows\DCEBoot.exe
[2011/11/25 18:16:27 | 000,000,036 | ---- | M] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2011/11/25 18:05:06 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdkiller.com
[2011/11/25 17:55:22 | 000,002,056 | ---- | M] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2011/11/25 17:55:22 | 000,002,018 | ---- | M] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/25 17:09:19 | 000,437,966 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/25 17:07:44 | 000,000,273 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111125-170744.backup
[2011/11/25 17:07:44 | 000,000,211 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111125-170919.backup
[2011/11/14 20:15:15 | 000,000,288 | ---- | M] () -- C:\ProgramData\~ai3h6NmYYVmUXf
[2011/11/14 20:15:15 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ai3h6NmYYVmUXfr
[2011/11/14 20:15:11 | 000,000,336 | ---- | M] () -- C:\ProgramData\ai3h6NmYYVmUXf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sandra\AppData\Roaming\*.tmp files -> C:\Users\Sandra\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/29 10:30:53 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/11/29 10:30:53 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/11/28 16:31:43 | 000,000,922 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/28 16:31:30 | 000,000,723 | ---- | C] () -- C:\Users\Sandra\Desktop\ERUNT.lnk
[2011/11/26 03:18:50 | 000,000,384 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2011/11/25 18:32:49 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/11/25 18:32:28 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/11/25 18:16:27 | 000,000,036 | ---- | C] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2011/11/25 18:15:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/25 18:13:06 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/25 17:55:22 | 000,002,056 | ---- | C] () -- C:\Users\Sandra\Desktop\Google Chrome.lnk
[2011/11/25 17:55:22 | 000,002,018 | ---- | C] () -- C:\Users\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/25 17:53:03 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000UA.job
[2011/11/25 17:53:01 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-565932158-212264510-2539292498-1000Core.job
[2011/11/14 20:15:15 | 000,000,216 | ---- | C] () -- C:\ProgramData\~ai3h6NmYYVmUXfr
[2011/11/14 20:15:14 | 000,000,288 | ---- | C] () -- C:\ProgramData\~ai3h6NmYYVmUXf
[2011/11/14 20:15:11 | 000,000,336 | ---- | C] () -- C:\ProgramData\ai3h6NmYYVmUXf
[2011/02/10 12:00:07 | 000,008,885 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/06 00:15:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/29 19:31:02 | 000,000,680 | ---- | C] () -- C:\Users\Sandra\AppData\Local\d3d9caps.dat
[2009/10/22 16:12:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 16:12:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 10:06:15 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/09/23 10:06:06 | 000,000,392 | ---- | C] () -- C:\Windows\videoimp.ini
[2009/04/10 17:19:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/12/16 20:55:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/11 08:38:24 | 000,000,031 | ---- | C] () -- C:\Windows\UKCpInfo.sys
[2008/09/02 13:16:08 | 000,019,220 | ---- | C] () -- C:\Windows\wwdslcfg.ini
[2008/09/01 10:11:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/31 16:26:29 | 000,000,359 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/08/31 16:23:20 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2008/08/31 16:23:19 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2008/08/31 12:54:02 | 000,036,864 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 03:14:01 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008/08/29 19:50:48 | 000,001,770 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/28 11:32:14 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/05/28 11:32:14 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/05/28 11:30:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/03/16 20:42:41 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/16 20:10:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/16 19:16:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/03/16 19:03:42 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008/03/16 19:03:42 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/02/08 01:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 16:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,403,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,618,260 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,114,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/05 20:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2001/12/26 22:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 05:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 22:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 04:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008/08/31 16:57:11 | 000,000,000 | -HSD | M] -- C:\Users\Sandra\AppData\Roaming\.#
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Acer GameZone Console
[2010/10/08 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Doctor Who
[2008/09/02 14:59:26 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\eSobi
[2011/11/25 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Loyfz
[2011/02/09 20:38:02 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Umno
[2011/11/29 07:48:29 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/29 11:16:05 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job
========== Purity Check ==========
< End of report >
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules