The last time I removed temporary files was about one or tow weeks ago.
EST logfile:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=97fd995e3286ed4784a1a7cd0003f64e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-31 04:29:23
# local_time=2011-05-31 12:29:23 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 29521562 29521562 0 0
# compatibility_mode=5892 16776574 100 100 25760600 143454839 0 0
# compatibility_mode=8192 67108863 100 0 29735258 29735258 0 0
# scanned=165226
# found=0
# cleaned=0
# scan_time=12096
OTL.txt logfile:
OTL logfile created on: 5/31/2011 3:16:53 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\@k3yM\Desktop\MalwareRemoval
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 41.21% Memory free
5.73 Gb Paging File | 4.22 Gb Available in Paging File | 73.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 12.18 Gb Free Space | 17.52% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 48.87 Gb Free Space | 70.30% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.00 Gb Free Space | 80.70% Space Free | Partition Type: FAT32
Computer Name: AK3YMS | User Name: @k3yM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/05/31 15:15:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\@k3yM\Desktop\MalwareRemoval\OTL.exe
PRC - [2011/05/06 06:50:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/21 16:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/21 16:22:32 | 000,376,832 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2008/03/05 02:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007/12/06 19:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
========== Modules (SafeList) ========== MOD - [2011/05/31 15:15:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\@k3yM\Desktop\MalwareRemoval\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/24 17:19:18 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/21 16:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/05 02:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/06 19:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
========== Driver Services (SafeList) ========== DRV - [2011/05/31 15:03:11 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05447389-3D8F-4683-8EBF-1456192D9E7B}\MpKsl6f735418.sys -- (MpKsl6f735418)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/08 22:58:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/10/08 22:58:41 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/05/08 05:43:19 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/05/18 23:00:00 | 007,446,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/18 22:59:00 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/05/09 12:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/05/06 02:12:00 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/05 04:15:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/03/21 13:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/01/16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.bigseekpro.com/tempcleaner/{87DEC4D9-D6DC-45E3-8D74-F1C1D0E0996F}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.bigseekpro.com/tempcleaner/{87DEC4D9-D6DC-45E3-8D74-F1C1D0E0996F}
IE - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.soccernet.com/"
FF - prefs.js..extensions.enabledItems:
moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 06:50:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/30 09:30:28 | 000,000,000 | ---D | M]
[2010/05/07 03:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\@k3yM\AppData\Roaming\mozilla\Extensions
[2011/05/27 10:12:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\@k3yM\AppData\Roaming\mozilla\Firefox\Profiles\pb9px39p.default\extensions
[2010/05/12 03:06:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\@k3yM\AppData\Roaming\mozilla\Firefox\Profiles\pb9px39p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/30 09:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/01/04 20:24:22 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\@K3YM\APPDATA\ROAMING\MOVE NETWORKS
[2011/05/06 06:50:22 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/06/11 16:29:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/06 06:50:25 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos-be ... canner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\@k3yM\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\@k3yM\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/12 15:22:44 | 000,000,000 | ---D | M] - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{707ddbac-c1e1-11de-9f6d-001e68912613}\Shell - "" = AutoRun
O33 - MountPoints2\{707ddbac-c1e1-11de-9f6d-001e68912613}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{ac4839c2-a485-11df-a52e-001e68912613}\Shell\AutoRun\command - "" = G:\sources\sperr32.exe x64
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/05/30 09:30:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/27 10:05:29 | 000,000,000 | ---D | C] -- C:\Users\@k3yM\Desktop\MalwareRemoval
[2011/05/27 07:23:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\DriverPerformer
[2011/05/26 23:14:00 | 000,000,000 | ---D | C] -- C:\Users\@k3yM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011/05/20 05:51:58 | 000,000,000 | ---D | C] -- C:\Users\@k3yM\AppData\Local\Windows Live
[2011/05/20 05:51:11 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/05/19 16:39:31 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/15 20:45:12 | 000,000,000 | ---D | C] -- C:\Users\@k3yM\Desktop\EAS 375
[2011/05/06 16:31:09 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/05/06 16:29:55 | 000,000,000 | ---D | C] -- C:\Users\@k3yM\AppData\Local\Electronic Arts
[2011/05/06 16:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2010/01/28 22:48:12 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/05/31 14:10:41 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/31 14:10:41 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/31 10:24:56 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/31 10:24:56 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/31 04:07:56 | 000,137,085 | ---- | M] () -- C:\Users\@k3yM\Desktop\result spring 2011.jpg
[2011/05/30 14:32:40 | 000,453,632 | ---- | M] () -- C:\Users\@k3yM\Desktop\CKScanner.exe
[2011/05/30 12:11:00 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/30 12:10:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/30 12:10:30 | 2951,073,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/30 12:09:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/26 23:14:01 | 000,000,599 | ---- | M] () -- C:\Users\@k3yM\Desktop\Windows Vista Recovery.lnk
[2011/05/26 22:02:17 | 000,000,117 | ---- | M] () -- C:\Users\@k3yM\webct_upload_applet.properties
[2011/05/25 11:05:02 | 000,387,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/20 02:55:38 | 000,010,512 | -HS- | M] () -- C:\Users\@k3yM\AppData\Local\7hn5e2f7f5qufoh8wiu4258
[2011/05/20 02:55:38 | 000,010,512 | -HS- | M] () -- C:\ProgramData\7hn5e2f7f5qufoh8wiu4258
[2011/05/19 16:39:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/06 16:31:09 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/05/31 04:07:56 | 000,137,085 | ---- | C] () -- C:\Users\@k3yM\Desktop\result spring 2011.jpg
[2011/05/30 14:32:39 | 000,453,632 | ---- | C] () -- C:\Users\@k3yM\Desktop\CKScanner.exe
[2011/05/26 23:14:01 | 000,000,599 | ---- | C] () -- C:\Users\@k3yM\Desktop\Windows Vista Recovery.lnk
[2011/05/20 02:36:29 | 000,010,512 | -HS- | C] () -- C:\Users\@k3yM\AppData\Local\7hn5e2f7f5qufoh8wiu4258
[2011/05/20 02:36:29 | 000,010,512 | -HS- | C] () -- C:\ProgramData\7hn5e2f7f5qufoh8wiu4258
[2010/10/08 22:58:42 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/10/08 22:58:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/09/06 14:42:14 | 000,000,600 | ---- | C] () -- C:\Users\@k3yM\AppData\Local\PUTTY.RND
[2010/05/15 15:37:54 | 012,427,264 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/04/09 01:40:05 | 000,000,680 | ---- | C] () -- C:\Users\@k3yM\AppData\Local\d3d9caps.dat
[2010/03/05 23:16:20 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/03/01 19:49:52 | 000,000,238 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/01/28 22:48:13 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2010/01/28 22:48:12 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2010/01/28 22:48:12 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2010/01/28 21:34:51 | 000,000,048 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/04 20:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/07 20:37:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/09/23 18:38:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 18:38:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 08:28:06 | 000,028,672 | ---- | C] () -- C:\Users\@k3yM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/12 03:04:34 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/12 03:04:06 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/09/12 03:04:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/07 12:46:30 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/07 03:08:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/05/22 23:54:27 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/22 23:54:27 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/05/22 23:34:45 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2008/05/22 23:33:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/22 23:14:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/05/22 23:09:39 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/22 22:56:29 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/05/22 22:56:29 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/05/22 22:56:29 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/05/22 22:56:29 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,387,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
< End of report >
Extras.txt logfile:
OTL Extras logfile created on: 5/31/2011 3:16:53 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\@k3yM\Desktop\MalwareRemoval
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 41.21% Memory free
5.73 Gb Paging File | 4.22 Gb Available in Paging File | 73.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 12.18 Gb Free Space | 17.52% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 48.87 Gb Free Space | 70.30% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.00 Gb Free Space | 80.70% Space Free | Partition Type: FAT32
Computer Name: AK3YMS | User Name: @k3yM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14737F1F-749F-4D4E-AFD9-A032107C5EA9}" = lport=139 | protocol=6 | dir=in | app=system |
"{14D44008-4876-4DBB-9B85-E8BFC4407DE3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{377AB6D8-A5B2-41D9-9CAE-61CA872DD87F}" = rport=138 | protocol=17 | dir=out | app=system |
"{446FB42C-502D-4AF5-9A46-5E13BDDC7CEF}" = lport=138 | protocol=17 | dir=in | app=system |
"{5186507F-A2CB-41A1-B925-49F01437A94C}" = rport=139 | protocol=6 | dir=out | app=system |
"{6DC5D09A-B347-4AF9-A6BF-E1F32F734BD2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{83485807-C051-44F7-BFD0-63DB54623A00}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\rpcagentsrv.exe |
"{ADB23263-DC69-4D96-AA3D-FA386655F354}" = rport=445 | protocol=6 | dir=out | app=system |
"{BE8EABF4-D25A-471D-AD70-8C8F8B649B34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CF96A000-9495-465F-98B6-7CDADCBD5F11}" = lport=137 | protocol=17 | dir=in | app=system |
"{D2DA48FE-77AD-42DD-9FD3-CE8A86468341}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{E204F86D-6D67-4526-81B3-4403E8A3AA78}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E38E168F-D866-4B5D-81ED-3ADD61104F45}" = lport=445 | protocol=6 | dir=in | app=system |
"{E99F5308-E413-4EDD-896B-4FCC45BC70DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ECA8C499-91A0-4129-BABE-288C6D67D94A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED3A0DA0-8BF3-4C88-BA10-BAF434359D09}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098F63AD-D441-459C-8910-65C895C3D071}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0EA7FADA-E4E7-41F6-A812-AB5A9BBF3936}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1FCC4AA9-06EA-428F-8422-03FCC0F23C48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{210A549A-7FF7-4F59-A960-604C12E4F6D0}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{30168C5A-8BDD-4847-9ACD-9FF00386BFD0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3421E92E-9581-4F44-A94C-522E0B1322C6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{367E36D2-DCCA-42F1-9D99-58C24DD04A49}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{3DF26E3E-A5C0-4621-99D9-D59F6A9FAC78}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{432CBF54-983E-4D8D-85EB-BFA142742928}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4A3DBFD7-5E0F-4578-9AEF-4C8294B8CCC8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{50C72C87-D85B-46C8-9551-0F401ED518D8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{55D8AB30-E270-4209-A40E-E1AB6C39BE08}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{57295501-B742-4641-B692-F5E73438AE0C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{62F4C103-625B-4F2A-8F3E-1ED074FD67D4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{64F3C2B1-378B-446B-B40A-138FBEE46285}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{681A8CD3-3D9D-4519-9A7E-AB4CAF648393}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{77059593-8CAF-4706-BA15-5C3F12576BBC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{79C1B608-9AAF-4C7D-9ECC-2B9870796C70}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D76BF94-8907-4A0A-88E9-7564AD8898EC}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\rpcagentsrv.exe |
"{882E3C6A-C1C4-4E26-B59D-52E6D1864F5A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{88C8EE2E-A941-4024-A034-E06F42A1362A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{891D4E99-2EAF-408D-A732-E45C6B96E133}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{8C15B218-D10D-4FA0-9B37-B5AA828CABDF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F11D27C-FB82-48D3-ACB5-20C3F2A0F7CA}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{969CB21D-C89E-4CF4-9BAF-917260A85D01}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B199E240-2197-4E9B-AB2E-4A8C14BA6648}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B3123D82-D8AE-483C-800B-BA0389AADA03}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{C72102D2-4E62-4600-AAF1-BE268D7544E1}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{C9D0D467-BDCB-49B7-8CCA-5DAF53A0B993}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D3025A53-7A60-4349-97F8-AD9F270579F7}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D699AF43-C2A0-486C-976E-01E3D32272B1}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{E72791FD-D875-4231-839A-5558D77C703E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F6CE7CEF-6839-4D1A-9807-7B808B50BC74}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{F7AE7553-50C3-46CE-BEFB-846BCAD19506}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FC2082A0-C2D3-404B-AC24-69CDABC1A7E0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{5498B74F-0CF3-47F4-9865-DA70DD5430CA}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{6CE16F0B-69DB-4B4C-9C2B-AF69A4350CC2}D:\pes2010 installed\pes2010.exe" = protocol=6 | dir=in | app=d:\pes2010 installed\pes2010.exe |
"TCP Query User{BCDD7723-152F-4A39-8D08-2B83B475F6B8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{C2557A2F-24A0-4A5B-95B8-C179CF88103E}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"TCP Query User{FC41D4A7-155C-4C65-AB7C-2DB009D6E51F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{208FF257-E9A2-4B6B-9F71-EFE0642D4458}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"UDP Query User{230363BD-AB76-4C39-B82B-4115672499E8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{AD4F0C60-6F7F-42D1-8809-FD42A599B38E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D3B66564-76F8-4AF3-8B77-6A5598FBDD0C}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{DA16C1AA-D0C1-4457-AB24-FCA66BDE03C0}D:\pes2010 installed\pes2010.exe" = protocol=17 | dir=in | app=d:\pes2010 installed\pes2010.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4650F3BF-F9ED-45AB-00A3-C927351E177F}" = Madden NFL 08
"{4AE5C6C0-37AF-11DD-AE16-0800200C9A66}" = NHL® 09
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010c
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Athan" = Athan Basic 3.8
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"EADM" = EA Download Manager
"ENTERPRISER" = Microsoft Office Enterprise 2007
"GridVista" = Acer GridVista
"ImgBurn" = ImgBurn
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.6.5
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"NYKO Gamepad Mapping Tools_is1" = NYKO Gamepad Mapping Tools 2.0.0
"Quran in Ms Word_is1" = Quran in Ms Word
"R for Windows 2.12.1_is1" = R for Windows 2.12.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.17
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 8/11/2010 4:00:18 PM | Computer Name = Ak3yMs | Source = WinMgmt | ID = 10
Description =
Error - 8/12/2010 3:01:40 AM | Computer Name = Ak3yMs | Source = MsiInstaller | ID = 11606
Description =
Error - 8/12/2010 3:01:40 AM | Computer Name = Ak3yMs | Source = MsiInstaller | ID = 11606
Description =
Error - 8/12/2010 3:01:40 AM | Computer Name = Ak3yMs | Source = MsiInstaller | ID = 1024
Description =
Error - 8/12/2010 3:02:23 AM | Computer Name = Ak3yMs | Source = MsiInstaller | ID = 11606
Description =
Error - 8/12/2010 3:02:23 AM | Computer Name = Ak3yMs | Source = MsiInstaller | ID = 11606
Description =
Error - 8/12/2010 3:02:23 AM | Computer Name = Ak3yMs | Source = MsiInstaller | ID = 1024
Description =
Error - 8/12/2010 3:07:16 AM | Computer Name = Ak3yMs | Source = MsiInstaller | ID = 11606
Description =
Error - 8/12/2010 3:07:16 AM | Computer Name = Ak3yMs | Source = MsiInstaller | ID = 11606
Description =
Error - 8/12/2010 3:07:16 AM | Computer Name = Ak3yMs | Source = MsiInstaller | ID = 1024
Description =
[ OSession Events ]
Error - 12/7/2009 8:39:17 AM | Computer Name = Ak3yMs | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5132
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 5/26/2011 11:12:55 PM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/26/2011 11:18:16 PM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7022
Description =
Error - 5/26/2011 11:35:11 PM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/27/2011 7:15:21 AM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/27/2011 7:47:21 AM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/27/2011 10:13:26 AM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/30/2011 9:30:28 AM | Computer Name = Ak3yMs | Source = DCOM | ID = 10005
Description =
Error - 5/30/2011 9:30:28 AM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7009
Description =
Error - 5/30/2011 9:30:28 AM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/30/2011 12:10:59 PM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
< End of report >