Hi CompCav,
Thanks for replying sooner. Whew, that was a long wait but I am glad you did sooner. Thank you so much. Ok i have done what you have requested me to do. So I am pasting, OTL and EXTRA right now. I couldnt run the aswMBR.exe. I managed to download it but as soon as I ran it, the computer just shut down and hence couldnt save its log.
OTL text :
OTL logfile created on: 05/03/2012 5:46:30 PM - Run 6
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Allen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.52% Memory free
6.90 Gb Paging File | 5.14 Gb Available in Paging File | 74.40% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 176.36 Gb Free Space | 75.73% Space Free | Partition Type: NTFS
Computer Name: ALLEN-PC | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\Allen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Allen\AppData\Local\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Windows\BR040286.exe (Bison Inc.)
========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\eLock\eLockCTL.dll ()
MOD - C:\Acer\Empowering Technology\eNet\eNetPlugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()
MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()
========== Win32 Services (SafeList) ========== SRV - (SiteAdvisor Service) -- File not found
SRV - (MSK80Service) -- File not found
SRV - (mcmscsvc) -- File not found
SRV - (0040661221704724mcinstcleanup) -- File not found
SRV - (0031881221704455mcinstcleanup) -- File not found
SRV - (0015221221703945mcinstcleanup) -- File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (IpInIp) -- File not found
DRV - (catchme) -- File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://en.ca.acer.yahoo.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?}IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
http://search.condui...&ctid=CT1142338 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://global.acer.com [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://global.acer.com [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
http://search.condui...&ctid=CT1142338IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" =
http://ca.search.yah...ms}&fr=chr-acerIE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\SearchScopes\{E6F8E096-4836-47C0-8883-6A99317FB847}: "URL" =
http://search.yahoo....=utf-8&fr=b1ie7IE - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Allen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Allen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Allen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\ProgramData\CodecCheck\firefox [2011/11/25 10:55:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010/09/07 01:55:19 | 000,000,000 | ---D | M]
[2009/02/04 06:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions
[2009/02/04 06:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions\
[email protected] ========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: No name found = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\
CHR - Extension: No name found = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2012/03/02 23:31:18 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BisonInst0402] C:\Windows\BR040286.exe (Bison Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003..\Run: [Logitech Vid HD] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode File not found
O4 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 142.177.2.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39C7CE13-FD2A-4C69-A839-A7F82396DA33}: DhcpNameServer = 192.168.2.1 142.177.2.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFF6B887-1F9F-42C1-9C3E-0E7E44A7B879}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/03/05 17:41:55 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2012/03/05 17:22:18 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012/03/03 03:39:40 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{0FE57A8F-A310-422C-86E8-B935E03A4440}
[2012/03/02 23:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/02 23:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/02 23:39:08 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{DCE13918-5AE1-4DCC-A7A1-044AA8F5B837}
[2012/03/02 23:31:12 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/02/20 10:30:08 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{58A1ECC0-9594-450B-9543-F357ECA19FE6}
[2012/02/18 21:06:00 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{141B05EF-DBE2-4182-87D9-1E0E0AE300E7}
[2012/02/18 20:54:55 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{5ED6909C-5FF5-4DEF-80AF-2C210E0F01AD}
[2012/02/16 14:49:16 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/16 14:39:59 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/02/16 14:39:59 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/16 14:39:59 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/16 14:39:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/16 14:39:59 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 14:39:58 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 14:39:58 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/16 14:39:58 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 14:39:58 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 08:40:54 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{798D1B8A-16BF-44B8-AA5C-8721A4A2D29F}
[2012/02/16 08:39:41 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\{3C31ECFE-3B41-4C01-BDFD-EBC221EA577F}
========== Files - Modified Within 30 Days ========== [2012/03/05 17:42:08 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2012/03/05 17:36:22 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003UA.job
[2012/03/05 17:15:38 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 17:15:37 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 17:15:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 23:32:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-534116950-1332898044-2559044525-1003Core.job
[2012/03/02 23:31:18 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/02/19 19:43:14 | 000,000,680 | ---- | M] () -- C:\Users\Allen\AppData\Local\d3d9caps.dat
[2012/02/18 22:09:51 | 000,039,936 | ---- | M] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/17 09:21:05 | 000,391,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/17 03:40:02 | 000,681,508 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/17 03:40:02 | 000,137,886 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ========== [2012/02/19 19:43:14 | 000,000,680 | ---- | C] () -- C:\Users\Allen\AppData\Local\d3d9caps.dat
[2011/04/10 14:23:30 | 000,000,052 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\G1000Trainer_preferences.xml
[2011/04/10 14:23:29 | 000,006,733 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\G1000Trainer_student_record.xml
[2010/07/21 01:59:37 | 000,039,936 | ---- | C] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/11 22:23:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== LOP Check ========== [2008/09/17 20:04:49 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Acer
[2008/11/02 02:02:48 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\EPSON
[2008/09/17 20:04:47 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Leadertech
[2008/10/15 02:25:34 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\OpenOffice.org
[2012/03/05 17:13:06 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/14 22:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{81269CAB-AB40-4890-B356-37C309F68D20}.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = TdxtcpipMPFP [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{39C7CE13-FD2A-4C69-A839-A7F82396DA33}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{CFF6B887-1F9F-42C1-9C3E-0E7E44A7B879}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/20 22:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 03 01 01 01 05 01 06 01 08 01 00 01 04 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 05:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)
< C:\Windows\assembly\tmp\U\*.* /s > < C:\Program Files\Common Files\ComObjects\*.* /s > < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > < >< End of report >
Extra text :
OTL Extras logfile created on: 05/03/2012 5:46:30 PM - Run 6
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Allen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.52% Memory free
6.90 Gb Paging File | 5.14 Gb Available in Paging File | 74.40% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 176.36 Gb Free Space | 75.73% Space Free | Partition Type: NTFS
Computer Name: ALLEN-PC | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E27E1CE-38EB-4CFE-85A0-630709EECF46}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{11D42298-7727-4F30-804B-E830907C5CCC}" = rport=137 | protocol=17 | dir=out | app=system |
"{2EB0DF03-1FF5-4EA7-8755-B8A52F08B1CF}" = rport=445 | protocol=6 | dir=out | app=system |
"{36DBB8EF-D1C3-4852-A487-1C2691BB3BAE}" = lport=137 | protocol=17 | dir=in | app=system |
"{396CE697-5AD3-422F-8E81-719CE1A61410}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3A215933-F5D8-4AD2-BFCF-2D55C1FD6B1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{4C76D121-C306-41BD-A695-84DCCFF0828A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{565C2526-5AF3-4BAA-BB89-C0E7479B45CE}" = lport=139 | protocol=6 | dir=in | app=system |
"{581284EE-40F3-40E5-85F8-A7F947B023CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{8BFBCC3E-4A42-4403-843C-79246C61B077}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F04E194-ED65-4FA1-9EDC-E55A40D944F4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D582F14-2EC3-4EAA-A0BD-FADFC481177D}" = lport=445 | protocol=6 | dir=in | app=system |
"{B3539A97-27AC-4A72-90FC-BB272FA7609C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BD673127-28AE-4D20-A67C-D13822D08483}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CF11BFC7-3987-4E5D-A071-E0694B212765}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080449F2-E158-4A47-BA11-C698081F0D1E}" = protocol=1 | dir=in |
[email protected],-28543 |
"{1F6FB2C1-A96F-4795-AF8A-3CE9022EEA30}" = protocol=58 | dir=in |
[email protected],-28545 |
"{2D9A4E11-29E6-424F-8021-38DF244E922C}" = protocol=58 | dir=out |
[email protected],-28546 |
"{390E7292-8F7E-443E-8784-B7F50965A7B1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{3947B629-6FBA-4962-8A79-545551BA0E0E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{47620D60-F3FA-4BF0-A495-1D203C176DA8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{48617D48-7F68-434D-8342-547FE235771E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{53880D86-5D05-4392-BBCB-350E43C52505}" = protocol=1 | dir=out |
[email protected],-28544 |
"{6BDC7595-0823-450D-B246-90610F59F8B5}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{74D7467A-EEFF-44B9-A907-702E9A129F00}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7D48202A-539A-4356-A2FE-88E5F9372552}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A43D41CC-946D-4BF5-9DEE-9B49A12FF698}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A619DE9B-E9A6-4B30-BFF3-E5BC3B852692}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A8123CDB-6339-4EDC-B3BE-4B0AB039EA18}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{C9E71106-7B3B-4CFD-8DA6-D011E8B77B56}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C9EF5EDA-50C2-4BE3-97E4-588F170D901D}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{E01BE071-B00A-491D-BB6A-556CA52ABD35}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{EF7CD1E1-272B-4F16-BBBD-B26D7FE38820}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2DDA02E-CD32-4E79-9071-6112EE455060}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FB6B0841-AEE2-4FC5-AF28-34DA925E84AC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{5C24DAE7-542C-4D56-B1A4-78BB24E21C26}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{ABA9C176-A253-44C7-8ED1-33F62868C50B}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{C17E2344-6137-465B-AAD7-44082193412C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F10592A5-F603-4E2C-820C-146E3AF4244A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1D334044-58D8-40A6-8171-FA7A85505F92}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{725C063C-259C-4DC9-B60C-A56B6230D1FF}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{AA4C98B2-CBED-4F05-BD2A-9B1555A857B1}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{BE179C4E-9D59-4E72-AC3B-3B90A91F09D7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 29
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crossrider" = Crossrider Web Apps
"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
"GARMIN 400 Series Trainer" = GARMIN 400 Series Trainer
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"PROHYBRIDR" = 2007 Microsoft Office system
"QuickTime" = QuickTime
"Softonic_English Toolbar" = Softonic_English Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 0.9.2
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-534116950-1332898044-2559044525-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 05/03/2012 4:43:20 PM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05/03/2012 4:43:31 PM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05/03/2012 4:43:32 PM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05/03/2012 4:43:49 PM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05/03/2012 4:43:50 PM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05/03/2012 4:43:57 PM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05/03/2012 4:43:58 PM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05/03/2012 4:44:00 PM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05/03/2012 4:44:01 PM | Computer Name = Allen-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 05/03/2012 5:15:36 PM | Computer Name = Allen-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 28/10/2008 3:37:29 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 06/11/2008 12:54:27 AM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 12/01/2009 2:48:58 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 13/02/2009 4:20:53 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 01/04/2009 12:40:50 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 29/04/2009 10:19:53 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 07/05/2009 1:28:56 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 05/03/2012 4:41:06 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05/03/2012 4:41:06 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05/03/2012 4:43:57 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05/03/2012 5:10:19 PM | Computer Name = Allen-PC | Source = DCOM | ID = 10010
Description =
Error - 05/03/2012 5:11:47 PM | Computer Name = Allen-PC | Source = DCOM | ID = 10010
Description =
Error - 05/03/2012 5:12:47 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 05/03/2012 5:15:36 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05/03/2012 5:15:36 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05/03/2012 5:18:55 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05/03/2012 5:51:11 PM | Computer Name = Allen-PC | Source = volsnap | ID = 393236
Description = The shadow copies of volume C: were aborted because of a failed free
space computation.
< End of report >
I am going to try and rename the third program as Iexplorer. Strangely it is also downloaded a desktop.ini file and a word file. Really weird.