OTL logfile created on: 5/23/2011 7:14:52 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\@k3yM\Desktop\MalwareRemoval
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 63.43% Memory free
5.70 Gb Paging File | 4.75 Gb Available in Paging File | 83.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 8.24 Gb Free Space | 11.85% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 33.20 Gb Free Space | 47.75% Space Free | Partition Type: NTFS
Computer Name: AK3YMS | User Name: @k3yM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\@k3yM\Desktop\MalwareRemoval\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\@k3yM\Desktop\MalwareRemoval\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HRU) -- File not found
SRV - (GMYZBU) -- File not found
SRV - (DYXPPQO) -- File not found
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (ADVService) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe (SiSoftware)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
========== Driver Services (SafeList) ==========
DRV - (MpKsla79511f7) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{09BD8FF1-15E1-42AB-8E42-2CCA1A63ADCE}\MpKsla79511f7.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\sandra.sys (SiSoftware)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.soccernet.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 06:50:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 06:50:29 | 000,000,000 | ---D | M]
[2010/05/07 03:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\@k3yM\AppData\Roaming\mozilla\Extensions
[2011/05/06 00:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\@k3yM\AppData\Roaming\mozilla\Firefox\Profiles\pb9px39p.default\extensions
[2010/05/12 03:06:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\@k3yM\AppData\Roaming\mozilla\Firefox\Profiles\pb9px39p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/11 16:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 16:30:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2010/01/04 20:24:22 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\@K3YM\APPDATA\ROAMING\MOVE NETWORKS
[2011/05/06 06:50:22 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/06/11 16:29:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/06 06:50:25 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\@k3yM\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\@k3yM\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{707ddbac-c1e1-11de-9f6d-001e68912613}\Shell - "" = AutoRun
O33 - MountPoints2\{707ddbac-c1e1-11de-9f6d-001e68912613}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{ac4839c2-a485-11df-a52e-001e68912613}\Shell\AutoRun\command - "" = G:\sources\sperr32.exe x64
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2506131056-3247040052-1697288011-1000\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/20 22:48:39 | 000,000,000 | ---D | C] -- C:\Users\@k3yM\Desktop\MalwareRemoval
[2011/05/20 05:51:58 | 000,000,000 | ---D | C] -- C:\Users\@k3yM\AppData\Local\Windows Live
[2011/05/20 05:51:11 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/05/19 16:39:31 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/15 20:45:12 | 000,000,000 | ---D | C] -- C:\Users\@k3yM\Desktop\EAS 375
[2011/05/06 16:31:09 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/05/06 16:29:55 | 000,000,000 | ---D | C] -- C:\Users\@k3yM\AppData\Local\Electronic Arts
[2011/05/06 16:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/04/27 11:57:42 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 11:57:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 11:57:29 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/01/28 22:48:12 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/05/23 07:09:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/23 07:09:43 | 000,042,559 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/23 07:09:43 | 000,042,559 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/23 07:09:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 07:09:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 07:09:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/23 07:09:29 | 2951,081,984 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/23 07:08:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/23 07:08:33 | 000,000,360 | ---- | M] () -- C:\Users\@k3yM\defogger_reenable
[2011/05/20 23:17:10 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/20 23:17:10 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/20 02:55:38 | 000,010,512 | -HS- | M] () -- C:\Users\@k3yM\AppData\Local\7hn5e2f7f5qufoh8wiu4258
[2011/05/20 02:55:38 | 000,010,512 | -HS- | M] () -- C:\ProgramData\7hn5e2f7f5qufoh8wiu4258
[2011/05/20 02:36:10 | 000,327,680 | -HS- | M] () -- C:\Users\@k3yM\AppData\Local\uxi.exe
[2011/05/19 19:43:48 | 000,000,117 | ---- | M] () -- C:\Users\@k3yM\webct_upload_applet.properties
[2011/05/19 16:39:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/06 16:31:09 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/05/06 16:29:02 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/04/25 21:38:48 | 000,000,600 | ---- | M] () -- C:\Users\@k3yM\AppData\Local\PUTTY.RND
[2011/04/24 12:17:41 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/23 07:08:12 | 000,000,360 | ---- | C] () -- C:\Users\@k3yM\defogger_reenable
[2011/05/20 02:36:29 | 000,010,512 | -HS- | C] () -- C:\Users\@k3yM\AppData\Local\7hn5e2f7f5qufoh8wiu4258
[2011/05/20 02:36:29 | 000,010,512 | -HS- | C] () -- C:\ProgramData\7hn5e2f7f5qufoh8wiu4258
[2011/05/20 02:36:10 | 000,327,680 | -HS- | C] () -- C:\Users\@k3yM\AppData\Local\uxi.exe
[2011/05/06 16:29:02 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/10/08 22:58:42 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/10/08 22:58:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/09/06 14:42:14 | 000,000,600 | ---- | C] () -- C:\Users\@k3yM\AppData\Local\PUTTY.RND
[2010/06/09 13:46:20 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/09 13:46:20 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/15 15:37:54 | 012,427,264 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/04/09 01:40:05 | 000,000,680 | ---- | C] () -- C:\Users\@k3yM\AppData\Local\d3d9caps.dat
[2010/03/05 23:16:20 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/03/01 19:49:52 | 000,000,238 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/01/28 22:48:13 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2010/01/28 22:48:12 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2010/01/28 22:48:12 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2010/01/28 21:34:51 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/04 20:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/07 20:37:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/09/23 18:38:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 18:38:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 08:28:06 | 000,028,672 | ---- | C] () -- C:\Users\@k3yM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/12 03:04:34 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/12 03:04:06 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/09/12 03:04:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/07 12:46:30 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/07 03:08:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/05/22 23:54:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/22 23:54:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/05/22 23:34:45 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2008/05/22 23:33:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/22 23:14:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/05/22 23:09:39 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/22 22:56:29 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/05/22 22:56:29 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/05/22 22:56:29 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/05/22 22:56:29 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/05/22 22:55:28 | 000,042,559 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/05/22 22:55:28 | 000,042,559 | ---- | C] () -- C:\ProgramData\nvModes.001
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,387,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 64 bytes -> C:\Users\@k3yM\Desktop\Noyan Wakakaa.mp4:TOC.WMV
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E36F5B57
< End of report >
Extras.txt log:
OTL Extras logfile created on: 5/23/2011 7:14:52 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\@k3yM\Desktop\MalwareRemoval
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 63.43% Memory free
5.70 Gb Paging File | 4.75 Gb Available in Paging File | 83.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 8.24 Gb Free Space | 11.85% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 33.20 Gb Free Space | 47.75% Space Free | Partition Type: NTFS
Computer Name: AK3YMS | User Name: @k3yM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14737F1F-749F-4D4E-AFD9-A032107C5EA9}" = lport=139 | protocol=6 | dir=in | app=system |
"{14D44008-4876-4DBB-9B85-E8BFC4407DE3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{377AB6D8-A5B2-41D9-9CAE-61CA872DD87F}" = rport=138 | protocol=17 | dir=out | app=system |
"{446FB42C-502D-4AF5-9A46-5E13BDDC7CEF}" = lport=138 | protocol=17 | dir=in | app=system |
"{5186507F-A2CB-41A1-B925-49F01437A94C}" = rport=139 | protocol=6 | dir=out | app=system |
"{6DC5D09A-B347-4AF9-A6BF-E1F32F734BD2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{83485807-C051-44F7-BFD0-63DB54623A00}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\rpcagentsrv.exe |
"{ADB23263-DC69-4D96-AA3D-FA386655F354}" = rport=445 | protocol=6 | dir=out | app=system |
"{BE8EABF4-D25A-471D-AD70-8C8F8B649B34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CF96A000-9495-465F-98B6-7CDADCBD5F11}" = lport=137 | protocol=17 | dir=in | app=system |
"{D2DA48FE-77AD-42DD-9FD3-CE8A86468341}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{E204F86D-6D67-4526-81B3-4403E8A3AA78}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E38E168F-D866-4B5D-81ED-3ADD61104F45}" = lport=445 | protocol=6 | dir=in | app=system |
"{E99F5308-E413-4EDD-896B-4FCC45BC70DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ECA8C499-91A0-4129-BABE-288C6D67D94A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED3A0DA0-8BF3-4C88-BA10-BAF434359D09}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098F63AD-D441-459C-8910-65C895C3D071}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0C945AF6-B3C1-4ABD-8040-E0B1E7DE1614}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{0EA7FADA-E4E7-41F6-A812-AB5A9BBF3936}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1FCC4AA9-06EA-428F-8422-03FCC0F23C48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{210A549A-7FF7-4F59-A960-604C12E4F6D0}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{30168C5A-8BDD-4847-9ACD-9FF00386BFD0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3421E92E-9581-4F44-A94C-522E0B1322C6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{367E36D2-DCCA-42F1-9D99-58C24DD04A49}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{3DF26E3E-A5C0-4621-99D9-D59F6A9FAC78}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{432CBF54-983E-4D8D-85EB-BFA142742928}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4A3DBFD7-5E0F-4578-9AEF-4C8294B8CCC8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{50C72C87-D85B-46C8-9551-0F401ED518D8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{55D8AB30-E270-4209-A40E-E1AB6C39BE08}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{57295501-B742-4641-B692-F5E73438AE0C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{62F4C103-625B-4F2A-8F3E-1ED074FD67D4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{64F3C2B1-378B-446B-B40A-138FBEE46285}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{681A8CD3-3D9D-4519-9A7E-AB4CAF648393}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{77059593-8CAF-4706-BA15-5C3F12576BBC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{79C1B608-9AAF-4C7D-9ECC-2B9870796C70}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D76BF94-8907-4A0A-88E9-7564AD8898EC}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\rpcagentsrv.exe |
"{882E3C6A-C1C4-4E26-B59D-52E6D1864F5A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{88C8EE2E-A941-4024-A034-E06F42A1362A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{891D4E99-2EAF-408D-A732-E45C6B96E133}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{8C15B218-D10D-4FA0-9B37-B5AA828CABDF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F11D27C-FB82-48D3-ACB5-20C3F2A0F7CA}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{92FA1F42-1814-4B75-A3E3-E1DBC2FEEA12}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{969CB21D-C89E-4CF4-9BAF-917260A85D01}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B199E240-2197-4E9B-AB2E-4A8C14BA6648}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B3123D82-D8AE-483C-800B-BA0389AADA03}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{C72102D2-4E62-4600-AAF1-BE268D7544E1}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{C9D0D467-BDCB-49B7-8CCA-5DAF53A0B993}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D3025A53-7A60-4349-97F8-AD9F270579F7}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D699AF43-C2A0-486C-976E-01E3D32272B1}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{E72791FD-D875-4231-839A-5558D77C703E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F6CE7CEF-6839-4D1A-9807-7B808B50BC74}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{F7AE7553-50C3-46CE-BEFB-846BCAD19506}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FC2082A0-C2D3-404B-AC24-69CDABC1A7E0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{5498B74F-0CF3-47F4-9865-DA70DD5430CA}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{6CE16F0B-69DB-4B4C-9C2B-AF69A4350CC2}D:\pes2010 installed\pes2010.exe" = protocol=6 | dir=in | app=d:\pes2010 installed\pes2010.exe |
"TCP Query User{BCDD7723-152F-4A39-8D08-2B83B475F6B8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{C2557A2F-24A0-4A5B-95B8-C179CF88103E}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"TCP Query User{FC41D4A7-155C-4C65-AB7C-2DB009D6E51F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{208FF257-E9A2-4B6B-9F71-EFE0642D4458}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"UDP Query User{230363BD-AB76-4C39-B82B-4115672499E8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{AD4F0C60-6F7F-42D1-8809-FD42A599B38E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D3B66564-76F8-4AF3-8B77-6A5598FBDD0C}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{DA16C1AA-D0C1-4457-AB24-FCA66BDE03C0}D:\pes2010 installed\pes2010.exe" = protocol=17 | dir=in | app=d:\pes2010 installed\pes2010.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4650F3BF-F9ED-45AB-00A3-C927351E177F}" = Madden NFL 08
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE5C6C0-37AF-11DD-AE16-0800200C9A66}" = NHL® 09
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010c
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Athan" = Athan Basic 3.8
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"EADM" = EA Download Manager
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Football Manager 2010" = Football Manager 2010
"GridVista" = Acer GridVista
"ImgBurn" = ImgBurn
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.6.5
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"NYKO Gamepad Mapping Tools_is1" = NYKO Gamepad Mapping Tools 2.0.0
"Quran in Ms Word_is1" = Quran in Ms Word
"R for Windows 2.12.1_is1" = R for Windows 2.12.1
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.17
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2506131056-3247040052-1697288011-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/8/2010 2:27:06 PM | Computer Name = Ak3yMs | Source = WinMgmt | ID = 10
Description =
Error - 8/9/2010 2:44:40 PM | Computer Name = Ak3yMs | Source = WinMgmt | ID = 10
Description =
Error - 8/9/2010 7:33:51 PM | Computer Name = Ak3yMs | Source = Application Error | ID = 1000
Description = Faulting application gta_sa.exe, version 0.0.0.0, time stamp 0x427101ca,
faulting module gta_sa.exe, version 0.0.0.0, time stamp 0x427101ca, exception code
0xc0000005, fault offset 0x00401d58, process id 0x1030, application start time 0x01cb3816f9ad6dc4.
Error - 8/10/2010 1:14:03 AM | Computer Name = Ak3yMs | Source = WinMgmt | ID = 10
Description =
Error - 8/10/2010 3:10:31 AM | Computer Name = Ak3yMs | Source = WinMgmt | ID = 10
Description =
Error - 8/10/2010 9:47:18 AM | Computer Name = Ak3yMs | Source = WinMgmt | ID = 10
Description =
Error - 8/10/2010 10:33:14 PM | Computer Name = Ak3yMs | Source = McLogEvent | ID = 5051
Description =
Error - 8/10/2010 10:51:46 PM | Computer Name = Ak3yMs | Source = MsiInstaller | ID = 11313
Description =
Error - 8/10/2010 11:45:23 PM | Computer Name = Ak3yMs | Source = WinMgmt | ID = 10
Description =
Error - 8/11/2010 12:03:01 AM | Computer Name = Ak3yMs | Source = Application Hang | ID = 1002
Description = The program pes2010.exe version 1.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 990 Start Time: 01cb39086c4973b3 Termination Time: 441
[ OSession Events ]
Error - 12/7/2009 8:39:17 AM | Computer Name = Ak3yMs | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5132
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 5/20/2011 5:39:58 AM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/20/2011 5:51:09 AM | Computer Name = Ak3yMs | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 5/20/2011 4:38:24 PM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/20/2011 11:05:28 PM | Computer Name = Ak3yMs | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:29:59 PM on 5/20/2011 was unexpected.
Error - 5/20/2011 11:05:57 PM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/21/2011 2:10:27 AM | Computer Name = Ak3yMs | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:32:29 PM on 5/20/2011 was unexpected.
Error - 5/21/2011 2:11:09 AM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/21/2011 12:34:56 PM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/22/2011 9:25:33 AM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
Error - 5/23/2011 7:09:55 AM | Computer Name = Ak3yMs | Source = Service Control Manager | ID = 7000
Description =
< End of report >
gmer.txt log will be in the next post