Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Not Connecting


  • This topic is locked This topic is locked

#1
PC WiZ

PC WiZ

    Member

  • Member
  • PipPip
  • 20 posts
Hi i have i problem on my other computer the internet will not connect i get a error saying The connection to the server was reset while the page was loading. The computer is running windows 7 the only website it will connect to is gmail other wise nothing. but on certain programs that require internet some of them will connect.we have wireless internet and we have 3 computers connected to it the other two will connect no problem its just the one that's why i think its the computer not the wireless inter net its self. i have tried other ways to fix it but none have worked. :)
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, PC WiZ! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Please follow the steps bellow. If you cannot access this site from computer in question please use some USB removable drive to transfer our tools and logs between infected and clean computers.

Step 1

Please perform that step on both computers - clean and possible infected.

  • Please download Panda USB Vaccine here (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run it.
  • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.

Step 2

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 3

Posted Image GMER Rootkit Scanner

  • Download GMER from HERE.
  • Extract the contents of zipped file to your desktop.
  • Double click GMER.exe.

    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

Posted Image

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
  • Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

When completed the above, please post back the following in the order asked for:
  • OTL log
  • Extras log
  • GMER log

  • 0

#3
PC WiZ

PC WiZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL


OTL logfile created on: 18/05/2011 4:19:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,021.00 Mb Total Physical Memory | 339.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): c:\pagefile.sys 1531 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52.14 Gb Total Space | 7.92 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
Drive D: | 51.84 Gb Total Space | 17.01 Gb Free Space | 32.81% Space Free | Partition Type: NTFS
Drive E: | 607.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 963.70 Mb Total Space | 962.88 Mb Free Space | 99.91% Space Free | Partition Type: FAT

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 16:06:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/06 15:22:31 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2007/01/03 12:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/01/03 10:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/01/03 03:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006/12/29 14:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006/12/29 11:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/12/23 08:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/11/25 06:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/18 16:06:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2006/12/29 14:07:22 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WLSetupSvc)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/02/06 15:22:31 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/03 12:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/03 10:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/03 03:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 14:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/29 11:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/23 08:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/25 06:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/06 13:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2010/12/21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/04/12 18:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/03/05 00:03:14 | 000,077,824 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2008/02/06 15:22:33 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\amon.sys -- (AMON)
DRV - [2008/02/06 15:22:31 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/12/20 15:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/12/08 11:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/28 20:41:08 | 001,085,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Acer OrbiCam(UVC)
DRV - [2006/11/28 20:40:56 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/02 23:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 17:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 11:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/25 16:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 16:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 16:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/19 09:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/10/10 07:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/10/10 07:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/10/10 07:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/10/10 07:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2006/10/05 08:41:22 | 000,044,224 | ---- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/08/05 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.au.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.au.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3120148704-3928693752-2076781103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3120148704-3928693752-2076781103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3120148704-3928693752-2076781103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3120148704-3928693752-2076781103-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3120148704-3928693752-2076781103-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/12 13:28:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/12 13:28:30 | 000,000,000 | ---D | M]

[2008/09/16 07:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2011/05/15 18:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\7x8rgidh.default\extensions
[2008/03/25 22:25:41 | 000,000,276 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\7x8rgidh.default\searchplugins\search.xml
[2011/04/12 13:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/05/28 15:20:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/09 16:18:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/01/22 19:23:07 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
File not found (No name found) --
[2009/07/16 19:48:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/19 03:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/27 09:47:06 | 000,000,046 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.example.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - File not found
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - File not found
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Windows Live OneCare Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - File not found
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (e404mgr Class) - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - File not found
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - File not found
O3 - HKLM\..\Toolbar: (Internet Service) - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (IE Custom Tools) - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-3120148704-3928693752-2076781103-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-3120148704-3928693752-2076781103-1000\..\Toolbar\WebBrowser: (IE Custom Tools) - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [nod32kui] File not found
O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-3120148704-3928693752-2076781103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3120148704-3928693752-2076781103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3120148704-3928693752-2076781103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - File not found
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/08/18 06:29:09 | 001,049,968 | R--- | M] (Microsoft Corporation) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/20 06:58:38 | 000,000,225 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/05/18 16:17:22 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{8e32934b-05a2-11df-96b9-0016d4cf8bb9}\Shell - "" = AutoRun
O33 - MountPoints2\{8e32934b-05a2-11df-96b9-0016d4cf8bb9}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{8e32934b-05a2-11df-96b9-0016d4cf8bb9}\Shell\directx\command - "" = F:\DirectX9\dxsetup.exe
O33 - MountPoints2\{8e32934b-05a2-11df-96b9-0016d4cf8bb9}\Shell\setup\command - "" = F:\setup.exe
O33 - MountPoints2\{c39937e7-d827-11db-a0e1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c39937e7-d827-11db-a0e1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2007/08/18 06:29:09 | 001,049,968 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{c39937e7-d827-11db-a0e1-806e6f6e6963}\Shell\directx\command - "" = E:\directx9\DXSETUP.exe -- [2005/05/27 08:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{c39937e7-d827-11db-a0e1-806e6f6e6963}\Shell\setup\command - "" = E:\setup.exe -- [2007/09/26 06:56:03 | 000,311,296 | R--- | M] (Microsoft Game Studios )
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\G\Shell\setup\command - "" = G:\setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\_aom.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/18 16:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/05/18 16:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/05/18 16:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/05/18 16:15:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2011/05/17 18:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/05/17 18:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/05/17 18:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/05/16 17:26:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\MigWiz
[2011/04/27 22:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/01/20 20:13:59 | 000,094,208 | ---- | C] (VSO Software) -- C:\Users\Paul\AppData\Roaming\ezplay.sys
[2010/01/20 20:12:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Paul\AppData\Roaming\pcouffin.sys
[2007/05/28 07:30:04 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/01/18 20:43:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/18 16:24:59 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5DD49E1-0E90-44FA-A7A9-186A936E70CD}.job
[2011/05/18 16:17:34 | 002,578,140 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/18 16:17:34 | 001,149,462 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/18 16:16:27 | 000,012,978 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\nvModes.001
[2011/05/18 16:06:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2011/05/18 15:18:57 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/18 15:17:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 15:17:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 15:15:49 | 000,270,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/18 15:15:47 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\ErrorFix Startup.job
[2011/05/18 15:15:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/17 18:56:42 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2011/05/17 18:45:22 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/05/16 17:29:25 | 000,005,117 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2011/05/16 17:23:48 | 000,000,000 | -H-- | M] () -- C:\Users\Paul\Documents\Default.rdp
[2011/05/11 13:52:02 | 000,002,305 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/05/04 13:54:12 | 000,302,080 | ---- | M] () -- C:\Users\Paul\Desktop\gmer.exe
[2011/04/27 22:19:06 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/18 16:15:52 | 000,302,080 | ---- | C] () -- C:\Users\Paul\Desktop\gmer.exe
[2011/05/17 18:56:42 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2011/05/17 18:45:22 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/05/16 17:23:48 | 000,000,000 | -H-- | C] () -- C:\Users\Paul\Documents\Default.rdp
[2011/04/27 22:19:06 | 000,002,305 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/27 22:19:06 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/04/27 22:19:06 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/03/05 16:09:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/05 16:08:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/20 20:13:59 | 000,007,861 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\ezplay.cat
[2010/01/20 20:13:59 | 000,001,103 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\ezplay.inf
[2010/01/20 20:13:59 | 000,000,125 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\ezplay.ini
[2010/01/20 20:12:04 | 000,087,608 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\inst.exe
[2010/01/20 20:12:04 | 000,007,887 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\pcouffin.cat
[2010/01/20 20:12:04 | 000,001,144 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\pcouffin.inf
[2009/10/10 17:00:32 | 000,585,728 | ---- | C] () -- C:\Windows\System32\bsratswf.dll
[2009/10/10 17:00:32 | 000,147,456 | ---- | C] () -- C:\Windows\System32\bsratwmv.dll
[2009/10/09 21:04:58 | 000,692,224 | ---- | C] () -- C:\Windows\System32\bsrmgcv.dll
[2009/10/09 21:04:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\bsrmgps.dll
[2009/10/09 15:51:13 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/08/03 19:01:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/05 19:02:27 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009/07/05 19:02:27 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2009/06/18 17:49:53 | 000,146,989 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2009/06/18 17:49:53 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2009/02/20 17:51:52 | 000,000,632 | ---- | C] () -- C:\Windows\Edofma.INI
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\Windows\System32\OGAVerify.exe
[2008/11/04 07:14:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/18 19:11:05 | 000,000,579 | ---- | C] () -- C:\Windows\eReg.dat
[2008/05/18 08:05:22 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/04/03 21:40:05 | 000,001,114 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\NMM-MetaData.db
[2008/04/02 09:25:16 | 000,000,680 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
[2008/04/02 08:10:58 | 000,146,989 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/04/02 08:10:58 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/03/27 22:22:40 | 000,000,057 | ---- | C] () -- C:\Windows\System32\imon1.dat
[2008/02/06 15:24:39 | 000,015,424 | ---- | C] () -- C:\Windows\System32\drivers\nod32drv.sys
[2007/05/28 15:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/05/28 09:13:47 | 000,072,704 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/28 08:47:56 | 000,012,978 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\nvModes.001
[2007/05/28 08:47:51 | 000,012,978 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\nvModes.dat
[2007/05/28 07:30:04 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/05/28 07:24:45 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/03/22 13:59:23 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/03/22 13:51:59 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\Desktop_.ini
[2007/03/22 12:20:46 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/01/18 20:57:38 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2007/01/18 20:51:03 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/01/18 20:51:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/01/18 20:50:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/01/18 20:46:13 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/01/18 20:43:05 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/01/18 20:32:43 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/01/18 20:26:06 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/01/18 18:52:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/01/18 18:51:12 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/01/03 12:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/01/03 12:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/01/03 12:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/01/03 12:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll
[2007/01/03 12:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/01/03 12:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/01/03 12:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/26 09:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 23:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,270,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 002,578,140 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 001,149,462 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/30 01:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\besch.exe
[2006/10/30 01:00:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\besched.dll
[2006/03/01 04:23:00 | 000,000,626 | -H-- | C] () -- C:\Users\Paul\AppData\Roaming\Paullog.dat
[2005/12/07 10:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lockres.dll
[2001/12/27 09:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 16:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 09:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 15:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/07/10 16:51:13 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Audacity
[2008/05/24 08:23:24 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\PC Suite
[2011/03/11 13:42:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Acoustica
[2009/08/16 19:01:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Any Video Converter
[2008/01/02 14:50:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Azureus
[2010/11/08 14:08:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\BitTorrent
[2008/04/03 21:38:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Datalayer
[2010/09/29 14:01:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ErrorFix
[2009/10/13 20:58:54 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo
[2008/11/21 17:58:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GrabPro
[2009/07/30 12:22:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\IObit
[2007/06/03 08:26:00 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LG Electronics
[2008/10/03 07:51:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LimeWire
[2010/04/24 12:35:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MyVirtualHome
[2011/03/27 07:47:45 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\NCH Swift Sound
[2008/04/03 21:45:50 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia
[2008/04/03 21:43:34 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia Multimedia Player
[2009/06/29 12:57:09 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Orbit
[2008/04/17 20:21:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite
[2011/03/05 18:01:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Publish Providers
[2008/07/01 08:58:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ROUTE 66 Sync
[2009/08/25 21:57:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\SmartDraw
[2011/03/05 17:25:15 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Sony
[2011/03/06 17:03:14 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Sony Creative Software Inc
[2011/03/11 13:44:17 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\SynthMaker
[2010/04/24 08:43:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\SystemRequirementsLab
[2009/08/22 18:45:31 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Thinstall
[2008/07/30 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Uniblue
[2010/01/20 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Vso
[2011/03/26 11:35:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WindSolutions
[2008/01/30 15:50:31 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/05/18 15:15:47 | 000,000,360 | ---- | M] () -- C:\Windows\Tasks\ErrorFix Startup.job
[2011/05/17 18:45:49 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/18 16:24:59 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E5DD49E1-0E90-44FA-A7A9-186A936E70CD}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 13:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/19 04:22:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/19 04:22:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 12:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 19:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 17:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 19:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2011/03/16 17:06:34 | 000,019,968 | -H-- | M] () MD5=2EB53F1D6DAA30B74998F1FDF15774CD -- C:\Users\Paul\AppData\Local\Microsoft\svchost.exe
[2008/01/19 17:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 17:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 17:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 17:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 19:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 19:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 17:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/19 03:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/19 03:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/19 03:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/19 03:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/19 03:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/19 03:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/10 22:27:46 | 000,636,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/19 03:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/19 03:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/19 03:53:26 | 000,711,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/19 03:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/19 03:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/19 03:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/10 22:27:46 | 000,636,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E60C72DB
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >
  • 0

#4
PC WiZ

PC WiZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Extras



OTL Extras logfile created on: 18/05/2011 4:19:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,021.00 Mb Total Physical Memory | 339.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): c:\pagefile.sys 1531 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52.14 Gb Total Space | 7.92 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
Drive D: | 51.84 Gb Total Space | 17.01 Gb Free Space | 32.81% Space Free | Partition Type: NTFS
Drive E: | 607.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 963.70 Mb Total Space | 962.88 Mb Free Space | 99.91% Space Free | Partition Type: FAT

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3120148704-3928693752-2076781103-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Orbitdownloader\orbitdm.exe" = F:\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"F:\Orbitdownloader\orbitnet.exe" = F:\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0634143A-E469-45BE-8E22-D0AEE6132980}" = rport=139 | protocol=6 | dir=out | app=system |
"{091B0B1E-A16C-4799-84F7-9866128BFA0A}" = lport=137 | protocol=17 | dir=in | app=system |
"{22A61D17-7E1D-4B2B-95FB-08F9B3B632A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{56F76549-F0CC-41C3-BACE-4CD410AD1195}" = lport=138 | protocol=17 | dir=in | app=system |
"{6FCA3BF2-C83D-41B9-B8E8-037DC463BEDC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{782ADE58-266E-404B-B895-629E9E891DA5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7DCCDA7D-6394-43E6-BF6B-BCE8FCEC663B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{827BBBE9-60FC-48DF-986E-6993FFE3F570}" = rport=445 | protocol=6 | dir=out | app=system |
"{862C6E12-257D-416F-AB12-6446216C13F7}" = rport=138 | protocol=17 | dir=out | app=system |
"{91C3F8B1-C5F7-4E0B-A25D-215739498BDC}" = rport=137 | protocol=17 | dir=out | app=system |
"{969BD5BC-F812-402E-8F3E-23BFEC0645B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9C9D1AD1-6154-43DE-A120-9AB53768596B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A00984FE-4CBD-429C-AEB2-3ABCA40D93CE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A2BF8367-0CF0-402A-AABB-04E7F2808C0F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7028DC0-24BA-4FFC-9D8E-1C9D1014B559}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA9D00E8-D078-4E4E-987C-13BE497F0D8D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E65B7BD1-7389-4C3B-B218-478A3217BF19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EAEF0142-F055-4BFA-86C5-2A1B4F05D264}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0515BA52-95B0-4687-BB16-B7A45E6A3087}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0AE6DEE6-7035-4CCC-8AA9-285413055C68}" = protocol=58 | dir=out | [email protected],-28546 |
"{427F4656-C96D-43BE-846F-EE3F3A828970}" = protocol=58 | dir=in | [email protected],-28545 |
"{4638F81C-677F-46D0-B39E-D2EC5589265F}" = protocol=1 | dir=out | [email protected],-28544 |
"{4C5189E9-282B-4A2E-A829-4138B1B6845C}" = protocol=1 | dir=in | [email protected],-28543 |
"{97CD3F13-BBC5-43CC-B245-11604697FFD8}" = protocol=58 | dir=in | [email protected],-148 |
"{A6F5792D-DEF5-4AA0-8D0A-7AFCCC59836E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1E2F8094-9DCD-4B87-ADB3-25CC5A0442FF}" = Roxio Backup MyPC
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3403CB31-D7C1-43F4-9D2F-579758C0CF09}" = Windows Live OneCare Family Safety
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEF84D8-A2B5-4A6F-A11B-4E9F70290682}" = MyVirtualHome
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{68E9B173-BC4D-4FFF-812D-32D79BE370AD}" = Nokia PC Suite
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F8A6D44-5ABC-4C5A-9BD8-D6312EA1E9F8}" = BigPond Broadband ADSL
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{98F837F9-A1B4-4155-AABC-4C80637165B5}" = Nokia Connectivity Cable Driver
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BAFFEF7F-08B3-45b3-B215-418175C4E9DD}" = c5200_Help
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1E03284-66FD-4292-8239-504CEC5B0CC3}" = C5200_doccd
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"3B7076EB3C51070DE9D6902E9696507D9B471345" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Age of Mythology 1.0" = Age of Mythology
"Any Video Converter_is1" = Any Video Converter 2.7.6
"AudibleManager" = AudibleManager
"AVerMedia M103 MiniPCI Hybrid DVB-T" = AVerMedia M103 MiniPCI Hybrid DVB-T 3.5.0.47
"AVerMedia M104 mini-PCI Analog TV" = AVerMedia M104 mini-PCI Analog TV 2.2.0.15
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BearShare" = BearShare
"BitTorrent" = BitTorrent
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"D050D7362D214723AD585B541FFB6C11" = DivX Content Uploader
"DeltaCad" = DeltaCad
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDx_is1" = DVDx
"e-tax 2008" = e-tax 2008
"Family Feud 2_is1" = Family Feud 2
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"NOD32" = NOD32 antivirus system
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMPlayer_is1" = SMPlayer 0.5.51
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"Zen V Series Media Explorer" = ZEN V Series Media Explorer
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3120148704-3928693752-2076781103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"b996e812c4b1deb0" = ROUTE 66 Sync
"Dulux MyColour4" = Dulux MyColour4

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#5
PC WiZ

PC WiZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Gamer



GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-18 17:02:31
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1234GSX rev.AH001J
Running: gmer.exe; Driver: C:\Users\Paul\AppData\Local\Temp\kgldapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B207340, 0x2932D7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2044] kernel32.dll!SetUnhandledExceptionFilter 76EAA84F 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp fssfltr.sys (Family Safety Filter Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

How long have you been suffering from this problem, do you have an approximate date when it started?

How strong is the Wi-Fi signal on that computer?

Are you getting exactly that error message: "The connection with the server was reset" ?

Step 1

  • Double click on the Posted Image icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on None button at the top.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    ping 10.0.0.138 /c
    ping www.google.com /c
    ipconfig /all /c
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

Step 2

Download fresh AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

We will run a virus scan only
  • On the first tab select all elements down to including Computer and then select start scan (1)
  • Once it has finished select report (2) and post that.

Posted Image

  • Please be patient as this scan could take a long time to complete.
  • Click on Exit to uninstall AVP tool. You may need to restart your computer after that.

When completed the above, please post back the following in the order asked for:
  • OTL scan log
  • AVP Tool report

  • 0

#7
PC WiZ

PC WiZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi

I have had the problem for about 3 to 4 mounts now and the wifi-signal is very good
  • 0

#8
PC WiZ

PC WiZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL SCAN



ping 10.0.0.138 /c
ping www.google.com /c
ipconfig /all /c
  • 0

#9
PC WiZ

PC WiZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Kaspersky Virus Removal Tool Scan



Autoscan: completed 7 hours ago (events: 8, objects: 887842, time: 05:13:10)
19/05/2011 11:16:41 PM Task completed
19/05/2011 6:30:59 PM Deleted: Exploit.Java.CVE-2010-0840.d C:\Documents and Settings\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\4878b189-43817399/lang_driver/restore.class
19/05/2011 6:30:51 PM Detected: Exploit.Java.CVE-2010-0840.d C:\Documents and Settings\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\4878b189-43817399/lang_driver/restore.class
19/05/2011 6:30:11 PM Deleted: Trojan-Downloader.MSIL.Agent.afw C:\Documents and Settings\Paul\AppData\Local\Temp\Microsoftlog.exe
19/05/2011 6:30:11 PM Deleted: Trojan.Win32.Agent.hsow C:\Documents and Settings\Paul\AppData\Local\Microsoft\svchost.exe
19/05/2011 6:29:23 PM Detected: Trojan-Downloader.MSIL.Agent.afw C:\Documents and Settings\Paul\AppData\Local\Temp\Microsoftlog.exe
19/05/2011 6:28:01 PM Detected: Trojan.Win32.Agent.hsow C:\Documents and Settings\Paul\AppData\Local\Microsoft\svchost.exe/UPX
19/05/2011 6:03:30 PM Task started
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please repeat step 1 from my previous post here.
  • 0

Advertisements


#11
PC WiZ

PC WiZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
sorry i put up the wrong one her the right one



OTL logfile created on: 20/05/2011 8:38:46 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,021.00 Mb Total Physical Memory | 369.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): c:\pagefile.sys 1531 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52.14 Gb Total Space | 6.29 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
Drive D: | 51.84 Gb Total Space | 17.01 Gb Free Space | 32.81% Space Free | Partition Type: NTFS
Drive I: | 963.70 Mb Total Space | 845.25 Mb Free Space | 87.71% Space Free | Partition Type: FAT

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Modules (SafeList) ==========

MOD - [2011/05/18 16:06:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/10 22:28:24 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
MOD - [2006/12/29 14:07:22 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll


========== Custom Scans ==========


< ping 10.0.0.138 /c >
Pinging 10.0.0.138 with 32 bytes of data:
Reply from 10.0.0.138: bytes=32 time=1ms TTL=64
Reply from 10.0.0.138: bytes=32 time=1ms TTL=64
Reply from 10.0.0.138: bytes=32 time=1ms TTL=64
Reply from 10.0.0.138: bytes=32 time=1ms TTL=64
Ping statistics for 10.0.0.138:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

< ping www.google.com /c >
Pinging www.l.GOOGLE.COM [74.125.237.80] with 32 bytes of data:
Reply from 74.125.237.80: bytes=32 time=40ms TTL=53
Reply from 74.125.237.80: bytes=32 time=40ms TTL=52
Reply from 74.125.237.80: bytes=32 time=40ms TTL=53
Reply from 74.125.237.80: bytes=32 time=43ms TTL=53
Ping statistics for 74.125.237.80:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 43ms, Average = 40ms

< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : Paul-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : BigPond
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : BigPond
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-19-D2-AD-40-5B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::483c:ee:d2c5:e6ca%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.36(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, 20 May 2011 7:01:40 AM
Lease Expires . . . . . . . . . . : Saturday, 21 May 2011 7:01:39 PM
Default Gateway . . . . . . . . . : 10.0.0.138
DHCP Server . . . . . . . . . . . : 10.0.0.138
DHCPv6 IAID . . . . . . . . . . . : 251664850
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0D-41-0E-B0-00-16-D4-14-02-AD
DNS Servers . . . . . . . . . . . : 10.0.0.138
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-16-D4-CF-8B-B9
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 10:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1078:1e1a:f5ff:ffdb(Preferred)
Link-local IPv6 Address . . . . . : fe80::1078:1e1a:f5ff:ffdb%8(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : BigPond
Description . . . . . . . . . . . : isatap.BigPond
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 22:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{253FB32F-D246-48C7-B1A2-9351EDFCEAC5}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

< End of report >
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Please do the following:

Step 1

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL

    :Files
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

OTL Extras Scan

  • Double click on the Posted Image icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on None button at the top.
  • Under the Extra Registry section, check Use SafeList
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of Extras.txt and post it.

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • Extras log

  • 0

#13
PC WiZ

PC WiZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL fix log




All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Paul\Desktop\cmd.bat deleted successfully.
C:\Users\Paul\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Kyle

User: Megan
->Temp folder emptied: 108785291 bytes
->Temporary Internet Files folder emptied: 57873230 bytes
->Java cache emptied: 30045207 bytes
->FireFox cache emptied: 104024920 bytes
->Flash cache emptied: 45902 bytes

User: Paul
->Temp folder emptied: 88769143 bytes
->Temporary Internet Files folder emptied: 13614875 bytes
->Java cache emptied: 43583723 bytes
->FireFox cache emptied: 7563912 bytes
->Google Chrome cache emptied: 8993705 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 25239 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 199611 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53748681 bytes
RecycleBin emptied: 36824255 bytes

Total Files Cleaned = 528.00 mb


[EMPTYFLASH]

User: Default

User: Kyle

User: Megan
->Flash cache emptied: 0 bytes

User: Paul
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 05222011_110245

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#14
PC WiZ

PC WiZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Extras log




OTL Extras logfile created on: 22/05/2011 11:15:17 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,021.00 Mb Total Physical Memory | 400.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 1531 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52.14 Gb Total Space | 5.40 Gb Free Space | 10.37% Space Free | Partition Type: NTFS
Drive D: | 51.84 Gb Total Space | 17.01 Gb Free Space | 32.81% Space Free | Partition Type: NTFS
Drive I: | 963.70 Mb Total Space | 845.31 Mb Free Space | 87.72% Space Free | Partition Type: FAT

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Orbitdownloader\orbitdm.exe" = F:\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"F:\Orbitdownloader\orbitnet.exe" = F:\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0634143A-E469-45BE-8E22-D0AEE6132980}" = rport=139 | protocol=6 | dir=out | app=system |
"{091B0B1E-A16C-4799-84F7-9866128BFA0A}" = lport=137 | protocol=17 | dir=in | app=system |
"{22A61D17-7E1D-4B2B-95FB-08F9B3B632A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{56F76549-F0CC-41C3-BACE-4CD410AD1195}" = lport=138 | protocol=17 | dir=in | app=system |
"{6FCA3BF2-C83D-41B9-B8E8-037DC463BEDC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{782ADE58-266E-404B-B895-629E9E891DA5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7DCCDA7D-6394-43E6-BF6B-BCE8FCEC663B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{827BBBE9-60FC-48DF-986E-6993FFE3F570}" = rport=445 | protocol=6 | dir=out | app=system |
"{862C6E12-257D-416F-AB12-6446216C13F7}" = rport=138 | protocol=17 | dir=out | app=system |
"{91C3F8B1-C5F7-4E0B-A25D-215739498BDC}" = rport=137 | protocol=17 | dir=out | app=system |
"{969BD5BC-F812-402E-8F3E-23BFEC0645B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9C9D1AD1-6154-43DE-A120-9AB53768596B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A00984FE-4CBD-429C-AEB2-3ABCA40D93CE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A2BF8367-0CF0-402A-AABB-04E7F2808C0F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7028DC0-24BA-4FFC-9D8E-1C9D1014B559}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA9D00E8-D078-4E4E-987C-13BE497F0D8D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E65B7BD1-7389-4C3B-B218-478A3217BF19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EAEF0142-F055-4BFA-86C5-2A1B4F05D264}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0515BA52-95B0-4687-BB16-B7A45E6A3087}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0AE6DEE6-7035-4CCC-8AA9-285413055C68}" = protocol=58 | dir=out | [email protected],-28546 |
"{427F4656-C96D-43BE-846F-EE3F3A828970}" = protocol=58 | dir=in | [email protected],-28545 |
"{4638F81C-677F-46D0-B39E-D2EC5589265F}" = protocol=1 | dir=out | [email protected],-28544 |
"{4C5189E9-282B-4A2E-A829-4138B1B6845C}" = protocol=1 | dir=in | [email protected],-28543 |
"{97CD3F13-BBC5-43CC-B245-11604697FFD8}" = protocol=58 | dir=in | [email protected],-148 |
"{A6F5792D-DEF5-4AA0-8D0A-7AFCCC59836E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1E2F8094-9DCD-4B87-ADB3-25CC5A0442FF}" = Roxio Backup MyPC
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3403CB31-D7C1-43F4-9D2F-579758C0CF09}" = Windows Live OneCare Family Safety
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEF84D8-A2B5-4A6F-A11B-4E9F70290682}" = MyVirtualHome
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{68E9B173-BC4D-4FFF-812D-32D79BE370AD}" = Nokia PC Suite
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F8A6D44-5ABC-4C5A-9BD8-D6312EA1E9F8}" = BigPond Broadband ADSL
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{98F837F9-A1B4-4155-AABC-4C80637165B5}" = Nokia Connectivity Cable Driver
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BAFFEF7F-08B3-45b3-B215-418175C4E9DD}" = c5200_Help
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1E03284-66FD-4292-8239-504CEC5B0CC3}" = C5200_doccd
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"3B7076EB3C51070DE9D6902E9696507D9B471345" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Age of Mythology 1.0" = Age of Mythology
"Any Video Converter_is1" = Any Video Converter 2.7.6
"AudibleManager" = AudibleManager
"AVerMedia M103 MiniPCI Hybrid DVB-T" = AVerMedia M103 MiniPCI Hybrid DVB-T 3.5.0.47
"AVerMedia M104 mini-PCI Analog TV" = AVerMedia M104 mini-PCI Analog TV 2.2.0.15
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BearShare" = BearShare
"BitTorrent" = BitTorrent
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"D050D7362D214723AD585B541FFB6C11" = DivX Content Uploader
"DeltaCad" = DeltaCad
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDx_is1" = DVDx
"e-tax 2008" = e-tax 2008
"Family Feud 2_is1" = Family Feud 2
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"NOD32" = NOD32 antivirus system
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMPlayer_is1" = SMPlayer 0.5.51
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"Zen V Series Media Explorer" = ZEN V Series Media Explorer
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"b996e812c4b1deb0" = ROUTE 66 Sync
"Dulux MyColour4" = Dulux MyColour4

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#15
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

  • Click Start and in Search programs and files search box type:

    compmgmt.msc
  • Computer Management window will open
  • Under Computer Management (Local) click on Services and Applications
  • Click on Services
  • Find Windows Event log service and check if status of this service is Started.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP