OTL logfile created on: 03/03/2014 14:27:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.38 Mb Total Physical Memory | 268.05 Mb Available Physical Memory | 26.45% Memory free
2.24 Gb Paging File | 1.15 Gb Available in Paging File | 51.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 10.55 Gb Free Space | 14.90% Space Free | Partition Type: NTFS
Drive D: | 70.47 Gb Total Space | 52.24 Gb Free Space | 74.13% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 91.90 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
Computer Name: ACERLAPTOP | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2014/02/28 21:46:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
PRC - [2014/02/14 19:09:20 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/18 19:39:58 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012/12/01 21:04:36 | 000,157,696 | ---- | M] () -- C:\Program Files\Coingeek\nssm.exe
PRC - [2010/10/27 17:24:42 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010/10/27 17:23:16 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 07:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2006/12/01 05:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
========== Modules (No Company Name) ========== MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/09/24 19:05:46 | 000,625,152 | ---- | M] () -- C:\Program Files\Magnus Brading Software\Mp3-Tag Studio 3.5\Mp3tsshx.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/04/11 06:28:24 | 000,094,208 | ---- | M] () -- C:\Windows\System32\scesrvv.dll
MOD - [2009/04/11 06:28:17 | 000,208,896 | ---- | M] () -- C:\Windows\System32\accessibillitycpl.dll
MOD - [2007/12/11 19:44:20 | 000,077,824 | ---- | M] () -- C:\Windows\System32\dpu100.dll
MOD - [2007/05/18 20:59:06 | 000,356,928 | ---- | M] () -- C:\Program Files\Spare Backup\sqlite3.dll
========== Services (SafeList) ========== SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/04 10:36:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/01 21:04:36 | 000,157,696 | ---- | M] () [Auto | Running] -- C:\Program Files\Coingeek\nssm.exe -- (Coingeek)
SRV - [2010/10/27 17:23:16 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/10/27 17:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/10/16 16:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 15:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/03 02:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/03 00:46:52 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/02 17:33:24 | 000,135,168 | ---- | M] (acer) [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 04:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/22 22:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 20:57:54 | 000,107,008 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/02/26 00:13:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/07 12:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/11/17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007/10/19 11:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2007/09/13 17:14:02 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/09/01 18:49:22 | 000,040,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Usbkey.sys -- (usbkey)
DRV - [2007/04/18 16:30:20 | 000,473,728 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2006/12/07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 07:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 01:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/25 06:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 06:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 06:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/04 09:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/09/27 07:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://en.uk.acer.yahoo.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://start.facemoo...earchTerms}&f=4IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{2D0E4A14-683B-B425-A88A-71163059FA62}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://start.funmood...B&cr=1382187686IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
http://search.condui...&ctid=CT2399412IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" =
http://websearch.the...&cc=GB&unqvl=35IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" =
http://mysearch.swee...D-0016D4AFB13D} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page =
http://uk.yahoo.com/?fr=fp-yie8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://uk.yahoo.com/?fr=fp-yie8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE =
http://uk.rd.yahoo.c...://uk.yahoo.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.yahoo....=utf-8&fr=b1ie7IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://virginmedia.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" =
http://search.condui...rchTerms}&SSPV=IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...rchTerms}&r=401IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" =
http://start.facemoo...earchTerms}&f=4IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" =
http://www2.delta-se...913_m3&tsp=5009IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" =
http://tbsearch.ask....s}&locale=en_UKIE - HKCU\..\SearchScopes\{1C443CF3-5E54-4DFD-BED1-705F455BCC76}: "URL" =
http://search.condui...1551478532&UM=1IE - HKCU\..\SearchScopes\{2D0E4A14-683B-B425-A88A-71163059FA62}: "URL" =
http://www.google.co...z=1I7GGLL_en-GBIE - HKCU\..\SearchScopes\{69661322-D413-4638-9652-71A6CC63B7A5}: "URL" =
http://www.flickr.co...q={searchTerms}IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://start.funmood...B&cr=1382187686IE - HKCU\..\SearchScopes\{D0FCB2C7-D26E-4336-8212-C97848FBE1C9}: "URL" =
http://search.yahoo....=utf-8&fr=b1ie7IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" =
http://mysearch.swee...006.10050&st=23IE - HKCU\..\SearchScopes\{F9D92CBA-E2C9-42D7-9B43-1419241F8F80}: "URL" =
http://rover.ebay.co...e={searchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/21 09:55:10 | 000,000,000 | ---D | M]
[2013/05/21 18:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions
[2013/05/21 20:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/05/01 07:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions\
[email protected][2013/09/18 16:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/08/27 08:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions
[2013/06/30 08:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\
[email protected]File not found (No name found) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF
O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {12DB2EA6-0BB3-01EB-26E9-41BB5AF16DF1} - C:\Windows\System32\scesrvv.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7}
http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{439D2219-93AD-495A-AD91-5D24CD231645}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB53BFB9-F153-4DF6-97CB-34571712C65B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5174a272-fc1d-11dd-bceb-0016d4afb13d}\Shell - "" = AutoRun
O33 - MountPoints2\{5174a272-fc1d-11dd-bceb-0016d4afb13d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d87e84bb-0880-11dd-a5a5-0016d4afb13d}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2014/03/03 12:57:07 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Malware Programs
[2014/03/03 12:49:12 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Phil\Desktop\TDSSKiller.exe
[2014/03/03 12:47:52 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\GooredFix Backups
[2014/03/03 12:33:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/03/03 12:29:35 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTM.exe
[2014/03/03 12:25:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/03/03 12:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/03/03 12:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/03/01 14:05:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Phil\Desktop\GooredFix.exe
[2014/03/01 13:51:40 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Phil\Desktop\erunt-setup.exe
[2014/03/01 13:39:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Phil\Desktop\HiJackThis.exe
[2014/03/01 13:34:55 | 018,122,912 | ---- | C] (SUPERAntiSpyware) -- C:\Users\Phil\Desktop\SUPERAntiSpyware.exe
[2014/03/01 13:26:06 | 003,420,288 | ---- | C] (CompuClever Systems Inc.) -- C:\Users\Phil\Desktop\pctuneupmaestro_setup.exe
[2014/02/28 21:46:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2014/02/26 03:21:08 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/25 23:40:08 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/02/23 09:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/23 09:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/23 09:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/02/22 23:29:29 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
[2014/02/22 23:05:01 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\.minecraft
[2014/02/21 20:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2014/02/21 20:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Coingeek
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2014/03/03 14:31:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/03 14:16:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/03 12:55:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 12:55:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 12:55:04 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/03 12:54:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/03 12:29:37 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTM.exe
[2014/03/03 12:25:26 | 000,000,917 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/03/03 12:25:08 | 000,000,737 | ---- | M] () -- C:\Users\Phil\Desktop\NTREGOPT.lnk
[2014/03/03 12:25:08 | 000,000,718 | ---- | M] () -- C:\Users\Phil\Desktop\ERUNT.lnk
[2014/03/01 14:05:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Phil\Desktop\GooredFix.exe
[2014/03/01 13:51:40 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Phil\Desktop\erunt-setup.exe
[2014/03/01 13:39:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Phil\Desktop\HiJackThis.exe
[2014/03/01 13:34:55 | 018,122,912 | ---- | M] (SUPERAntiSpyware) -- C:\Users\Phil\Desktop\SUPERAntiSpyware.exe
[2014/03/01 13:26:07 | 003,420,288 | ---- | M] (CompuClever Systems Inc.) -- C:\Users\Phil\Desktop\pctuneupmaestro_setup.exe
[2014/03/01 13:10:25 | 001,714,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/28 21:46:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2014/02/27 03:03:59 | 000,634,468 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/27 03:03:59 | 000,120,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/26 00:13:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/02/24 23:17:33 | 001,649,778 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\ccn.exe
[2014/02/24 23:17:18 | 000,002,613 | ---- | M] () -- C:\Users\Phil\Desktop\Microsoft Word 2010.lnk
[2014/02/23 13:25:15 | 001,375,744 | ---- | M] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS.pub
[2014/02/21 20:52:36 | 000,000,000 | ---- | M] () -- C:\END
[2014/02/21 16:31:31 | 037,331,907 | -HS- | M] () -- C:\Users\Phil\Desktop\ROZwkWQyhzn
[2014/02/21 16:31:28 | 000,674,312 | -HS- | M] () -- C:\Users\Phil\Desktop\spYyz.KXZ
[2014/02/21 16:31:26 | 000,000,058 | -HS- | M] () -- C:\Users\Phil\Desktop\VUgVVYSCcHfL.BSA
[2014/02/21 14:32:12 | 000,002,571 | ---- | M] () -- C:\Users\Phil\Desktop\Microsoft Excel 2010.lnk
[2014/02/20 20:40:11 | 000,294,912 | ---- | M] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS 2.pub
[2014/02/20 11:32:39 | 000,000,709 | ---- | M] () -- C:\Users\Phil\Desktop\Zip Contents Renamer - Shortcut.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2014/03/03 12:25:26 | 000,000,917 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/03/03 12:25:08 | 000,000,737 | ---- | C] () -- C:\Users\Phil\Desktop\NTREGOPT.lnk
[2014/03/03 12:25:08 | 000,000,718 | ---- | C] () -- C:\Users\Phil\Desktop\ERUNT.lnk
[2014/02/24 23:16:29 | 000,000,058 | -HS- | C] () -- C:\Users\Phil\Desktop\VUgVVYSCcHfL.BSA
[2014/02/24 23:16:27 | 037,331,907 | -HS- | C] () -- C:\Users\Phil\Desktop\ROZwkWQyhzn
[2014/02/24 23:16:23 | 000,674,312 | -HS- | C] () -- C:\Users\Phil\Desktop\spYyz.KXZ
[2014/02/24 23:14:22 | 001,649,778 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\ccn.exe
[2014/02/21 20:52:36 | 000,000,000 | ---- | C] () -- C:\END
[2014/02/20 20:35:05 | 000,294,912 | ---- | C] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS 2.pub
[2014/02/20 16:34:30 | 001,375,744 | ---- | C] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS.pub
[2014/01/06 21:36:55 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2014/01/06 18:00:04 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2013/10/29 21:02:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/06/18 07:53:04 | 000,625,152 | ---- | C] () -- C:\Windows\System32\mp3tsshx.dll
[2013/06/12 12:10:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/05/21 15:47:48 | 000,171,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/08/11 19:29:27 | 000,384,844 | ---- | C] () -- C:\Users\Phil\AppData\Local\funmoods-speeddial.crx
[2011/07/17 11:18:39 | 000,001,940 | ---- | C] () -- C:\Users\Phil\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/17 15:31:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2008/02/15 19:18:06 | 000,690,513 | ---- | C] () -- C:\Users\Phil\fgh.pmcl
[2008/01/12 14:22:56 | 000,338,032 | ---- | C] () -- C:\Users\Phil\jan 08.pmcl
[2007/10/01 21:19:52 | 000,026,340 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\UserTile.png
[2007/09/29 13:14:48 | 000,002,032 | ---- | C] () -- C:\Users\Phil\AppData\Local\d3d9caps.dat
[2007/09/02 18:24:43 | 000,081,408 | ---- | C] () -- C:\Users\Phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ========== [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2014/02/23 09:52:58 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\.minecraft
[2013/09/11 07:39:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\2monkeys
[2013/09/23 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\AlawarEntertainment
[2013/09/20 20:51:38 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Amulet_of_time
[2013/12/10 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Any File To Audio Converter
[2013/06/09 17:21:02 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Artifex Mundi
[2014/01/06 18:00:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\BITS
[2013/09/24 20:25:46 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Boomzap
[2013/08/26 19:41:51 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\calibre
[2014/02/26 11:03:22 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DC++
[2013/12/29 13:18:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Dropbox
[2007/12/21 13:36:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DxO Labs
[2013/08/13 22:01:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Elephant Games
[2013/07/26 13:21:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ERS G-Studio
[2013/06/27 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ERS Game Studios
[2014/01/06 17:57:24 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FlashGetBHO
[2014/01/06 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FlashgetSetup
[2013/06/30 23:08:42 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\flashInstall
[2013/06/24 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Floodlight Games
[2014/01/12 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Funmoods
[2013/06/08 21:22:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GameInvest
[2013/06/02 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GigantGames
[2013/06/29 21:04:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GoldenBough Games
[2009/12/17 16:16:09 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Imagenomic
[2013/08/05 14:01:29 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Karaoke Builder
[2013/06/06 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MagicIndie
[2013/07/09 22:00:45 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MediaArt
[2014/01/09 18:04:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Mipony
[2013/09/17 13:24:35 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MumboJumbo
[2013/09/22 22:14:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Natural Threat.Ominous Shores
[2007/12/21 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PACE Anti-Piracy
[2007/10/01 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PeerNetworking
[2013/05/29 07:25:39 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\player
[2013/05/23 14:00:36 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PlayFirst
[2007/12/08 13:16:16 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ppstream
[2014/02/23 14:14:55 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Spare Backup
[2013/08/26 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\SulusGames
[2013/06/01 16:56:00 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Systweak
[2010/05/10 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Tific
[2008/04/12 12:32:27 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TomTom
[2013/05/29 07:43:57 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TuneUp Software
[2014/02/26 12:43:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\uTorrent
[2013/07/18 20:54:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Vast Studios
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/19 13:01:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/19 13:01:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 07:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: RPCSS.DLL >[2009/03/03 04:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=301AE00E12408650BADDC04DBC832830 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2008/01/19 07:36:17 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2009/04/11 06:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\System32\rpcss.dll
[2009/04/11 06:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009/03/03 04:32:23 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=4DFCBDEF3CCAA98F99038DED78945253 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009/03/03 04:19:41 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=7B981222A257D076885BFFB66F19B7CE -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009/03/03 04:17:45 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=B1BB45E24717A7F790B4411C4446EF5E -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[2006/11/02 09:46:12 | 000,545,792 | ---- | M] (Microsoft Corporation) MD5=B46D8EA6DD30BAA49F674DACDC4C491F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll
< MD5 for: SERVICES >[2006/09/18 21:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 21:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
< MD5 for: SERVICES.CFG >[2013/12/18 18:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >[2008/01/19 07:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 09:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 06:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 06:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SERVICES.EXE.MUI >[2006/11/02 12:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 12:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
< MD5 for: SERVICES.LNK >[2008/06/12 15:02:07 | 000,001,688 | ---- | M] () MD5=7C51576CAA76454D75589D9F3AB44F67 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/06/12 15:02:07 | 000,001,688 | ---- | M] () MD5=7C51576CAA76454D75589D9F3AB44F67 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
< MD5 for: SERVICES.MSC >[2006/11/02 12:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 21:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 12:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 21:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 21:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
< MD5 for: SERVICES.TICO >[2009/09/25 13:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files\TuneUp Utilities 2011\data\services.tico
< MD5 for: SVCHOST.EXE >[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 07:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< dir "%systemdrive%\*" /S /A:L /C > Volume in drive C is ACER
Volume Serial Number is 0CA0-4AB3
Directory of C:\
02/11/2006 13:02 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 13:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 13:02 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 13:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:02 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:02 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:02 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:02 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:02 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:02 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:02 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 13:02 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Phil
01/09/2007 15:45 <JUNCTION> Application Data [C:\Users\Phil\AppData\Roaming]
01/09/2007 15:45 <JUNCTION> Cookies [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies]
01/09/2007 15:45 <JUNCTION> Local Settings [C:\Users\Phil\AppData\Local]
01/09/2007 15:45 <JUNCTION> My Documents [C:\Users\Phil\Documents]
01/09/2007 15:45 <JUNCTION> NetHood [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/09/2007 15:45 <JUNCTION> PrintHood [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/09/2007 15:45 <JUNCTION> Recent [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Recent]
01/09/2007 15:45 <JUNCTION> SendTo [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\SendTo]
01/09/2007 15:45 <JUNCTION> Start Menu [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu]
01/09/2007 15:45 <JUNCTION> Templates [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Phil\AppData\Local
01/09/2007 15:45 <JUNCTION> Application Data [C:\Users\Phil\AppData\Local]
01/09/2007 15:45 <JUNCTION> History [C:\Users\Phil\AppData\Local\Microsoft\Windows\History]
01/09/2007 15:45 <JUNCTION> Temporary Internet Files [C:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Phil\Documents
01/09/2007 15:45 <JUNCTION> My Music [C:\Users\Phil\Music]
01/09/2007 15:45 <JUNCTION> My Pictures [C:\Users\Phil\Pictures]
01/09/2007 15:45 <JUNCTION> My Videos [C:\Users\Phil\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 13:02 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
17/12/2009 15:31 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
17/12/2009 15:31 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
17/12/2009 15:31 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
17/12/2009 15:31 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
17/12/2009 15:31 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
17/12/2009 15:31 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
17/12/2009 15:31 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
17/12/2009 15:31 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
17/12/2009 15:31 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
17/12/2009 15:31 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
17/12/2009 15:31 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
17/12/2009 15:31 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
17/12/2009 15:31 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
17/12/2009 15:31 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
17/12/2009 15:31 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
17/12/2009 15:31 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 11,317,452,800 bytes free
========== Alternate Data Streams ========== @Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:012BC84F
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:F610C203
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:C69EAC3C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:CE3AADB7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D47B19A6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4EE323A4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 03/03/2014 14:27:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.38 Mb Total Physical Memory | 268.05 Mb Available Physical Memory | 26.45% Memory free
2.24 Gb Paging File | 1.15 Gb Available in Paging File | 51.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 10.55 Gb Free Space | 14.90% Space Free | Partition Type: NTFS
Drive D: | 70.47 Gb Total Space | 52.24 Gb Free Space | 74.13% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 91.90 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
Computer Name: ACERLAPTOP | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OtsPlay.exe" "%1" /play /surf ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2240448931-1470480704-4230414400-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
"C:\FlashGet Network\Flashget\FlashGet.exe" = C:\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:Flashget2
"C:\FlashGet Network\Flashget\LiveUpdate.exe" = C:\FlashGet Network\Flashget\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\FlashGet Network\Flashget\LiveUpdateEx.exe" = C:\FlashGet Network\Flashget\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19EC62FE-29C6-448C-82BA-9AD05C20E472}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DBED632-F457-4EAA-B6E6-D4FE72840E3D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F2AF431-BDCD-467F-BAE5-5FC9249D4C0B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4AB93408-039E-4F98-9DFC-B95CBAB32320}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4E79A8CC-93AD-4A36-A46B-B60B8E77DD1A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58959523-A892-45D0-8694-D83B5F02654D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5975C3F6-8667-4BF3-B289-7CA31336E311}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6200BD29-3BCF-44C3-96D2-F2029C29C872}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C0EF3E4-F97C-447B-A3D9-7491983E147E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7963D6E1-8986-414D-B402-38ABF51E2555}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{82AD63ED-F8AE-4ED3-8CAE-22D5729CDA1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8534583F-3CF8-4712-9617-D83E6D4D4FBA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8843C7FC-1012-4F7A-A22A-8ED4522C103C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A5DF7895-510B-4E75-AD12-9890FB6C913D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6B89DB9-8802-49CE-8854-D93D09CB9906}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B498ED18-4209-4B08-8F12-1A5F1FEA9CE7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B89033F6-41DE-45C6-8E86-DA41728B13FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CB66FE70-72AC-44F1-ACF9-D36E940A1B84}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D362164F-4B74-4441-B547-2AC34504AAA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D831B075-FA35-4316-A912-AAE66AAC7C02}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DE71D6F5-7721-4284-841A-7C8640F6E8C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBCA99D2-C715-429A-8EF1-3313D1D58032}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007BEFFB-888A-4301-A22E-84F7EBC8A9BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0576F734-C46C-4A10-8CFB-197650D6C63E}" = protocol=6 | dir=out | app=system |
"{215AD7E4-0C72-4B48-B18C-6CC90AF35A54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2420B3C4-0914-4A8E-95ED-EC71B2BBBB00}" = protocol=17 | dir=in | app=c:\program files\coingeek\cg.exe |
"{2578DBF2-80EA-4FAE-B499-2435BA3132E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{293C9887-15D0-42CB-9519-C273FD4BC647}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"{29BD8509-2A52-4A3C-B6EB-32BFA1469087}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{32ABA795-0646-433A-AC99-B56DF2BEA246}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{39ECF3AC-12CF-49F7-90CC-AB15E8FA39BC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3AA9E4E4-66EE-4F50-8E5A-D9C54C02DD08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F12BEE2-A261-4991-A2C5-4602FB0D8DBE}" = protocol=17 | dir=in | app=c:\program files\mp3gain\mp3gaingui.exe |
"{4640CD59-80C8-4BFD-83A7-37058F4F7C89}" = protocol=17 | dir=in | app=c:\users\phil\appdata\roaming\utorrent\utorrent.exe |
"{4C17EF64-0E27-4D97-9B27-9EEC9B60FAB8}" = protocol=6 | dir=in | app=c:\program files\coingeek\cg.exe |
"{54582F54-D0B9-4A38-9D71-F678835B5315}" = protocol=6 | dir=out | app=system |
"{60E5A5D2-438C-4CCB-9FB8-45D1BC83108F}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"{684C313E-E0A3-44D6-9A3E-DF9D70E2C3BE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{779820A0-8CEE-4C6B-B190-1974A0110F98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{826A030A-A73D-4772-9C5C-E6B1510415F8}" = protocol=6 | dir=in | app=c:\program files\ac3filter\ac3config.exe |
"{88BA7C42-5FDD-414B-B5D7-FD8B2E2743F6}" = protocol=6 | dir=in | app=c:\program files\mp3gain\mp3gaingui.exe |
"{9970B7BB-4D40-4E8B-A8A2-A748699C34EF}" = protocol=6 | dir=in | app=c:\users\phil\appdata\roaming\utorrent\utorrent.exe |
"{9D4503CB-C1B5-4878-AF35-5392A2F337C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DD875FE-78F0-4301-A80C-729BFF3F3125}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{9F020BB9-B913-4738-A706-AD0C707049FD}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{A42FC4AB-BF0B-40EF-B3FF-A7C3793E4E4D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A4E02A17-2751-4C54-B233-258D788E7675}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B537F915-73C6-44D2-8DDA-0E895E6BF0D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA923F8A-65E9-490D-8401-E64F0459A0B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCFC43F5-A382-4D61-B2B8-A2BD83533172}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BFA39F73-2C62-4518-91CC-18DD3A2D494B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2E1C2CD-719A-4482-98F8-682413E8D4E5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C97A6417-4793-4BF1-8EB5-F784645A0CAB}" = protocol=17 | dir=in | app=c:\program files\ac3filter\ac3config.exe |
"{D1AA1BC4-5477-44EA-A194-D63B4DDF7C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D889881C-2F8A-46CD-89FF-820D08F25743}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{E074ABA5-42F8-45D3-9C77-9E3FC9675C11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7FD9DD1-D031-4A00-BFD2-44BB3CD893AB}" = protocol=17 | dir=in | app=c:\program files\pfconfig\pfconfiglauncher.exe |
"{EEEE4EBE-2958-4A30-9541-FA194EE0D90E}" = protocol=6 | dir=in | app=c:\program files\pfconfig\pfconfiglauncher.exe |
"{F180E196-93D4-4053-9B7C-D11BC3584072}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F2DECD43-E2A9-4418-A008-8BBAFFBF3987}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD866F7D-8724-4DD4-A125-7147B58912E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEF39F4D-29EA-43F6-BF75-4646ED93C4C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4411C71C-45CF-491B-872B-E1FB38292DD0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{960DB8E5-0095-4D8F-87DE-0D68C79EFC79}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{8E89DD44-2C96-497E-82FF-6F6E6896485C}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{A191242F-B557-4D69-A8B9-84846DED1E2C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{24ECABA9-D5E2-4AD5-8801-2C70CF025EAE}" = Mp3/Tag Studio 3.5 (beta 22)
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F413B69D-4AD6-42ab-AEA5-0548989FAD50}" = Norton 360
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.4
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DC++" = DC++ 0.802
"ERUNT_is1" = ERUNT 1.1j
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Lightspark" = Lightspark 0.5.3-git
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MiPony" = MiPony 2.1.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OtsAV DJ" = OtsAV DJ 1.90.000
"OtsAV Pro" = OtsAV Pro 1.77.001
"PFConfig" = PFConfig 1.0.296
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TriKaraoke" = TriKaraoke Free Player 1.03 and Manager 1.1
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.8.7
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 03/03/2014 10:45:53 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3b18, application start time
0x01cf36ef46c8d01d.
Error - 03/03/2014 10:45:59 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3b4c, application start time
0x01cf36ef4ab2183d.
Error - 03/03/2014 10:46:05 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3b88, application start time
0x01cf36ef4dfc613d.
Error - 03/03/2014 10:46:11 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3bbc, application start time
0x01cf36ef51a8794d.
Error - 03/03/2014 10:46:23 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3c08, application start time
0x01cf36ef591c47bd.
Error - 03/03/2014 10:46:33 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3c54, application start time
0x01cf36ef5f2f4dad.
Error - 03/03/2014 10:46:39 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3c80, application start time
0x01cf36ef6276b07d.
Error - 03/03/2014 10:46:44 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3cb8, application start time
0x01cf36ef65a92bbd.
Error - 03/03/2014 10:46:52 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3cf4, application start time
0x01cf36ef6a5eeb9d.
Error - 03/03/2014 10:47:05 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3d3c, application start time
0x01cf36ef71a3459d.
[ Media Center Events ]
Error - 17/04/2008 03:37:29 | Computer Name = AcerLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 27/05/2008 18:30:07 | Computer Name = AcerLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
[ System Events ]
Error - 28/02/2014 11:17:43 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7009
Description =
Error - 28/02/2014 11:18:13 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7009
Description =
Error - 28/02/2014 11:18:13 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7000
Description =
Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 28/02/2014 14:19:14 | Computer Name = AcerLaptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838
Error - 03/03/2014 08:36:15 | Computer Name = AcerLaptop | Source = Print | ID = 19
Description = The print spooler failed to share printer HP DeskJet 840C/841C/842C/843C
with shared resource name HP DeskJet 840C841C842C843C. Error 2114. The printer
cannot be used by others on the network.
Error - 03/03/2014 08:45:33 | Computer Name = AcerLaptop | Source = Print | ID = 19
Description = The print spooler failed to share printer HP DeskJet 840C/841C/842C/843C
with shared resource name HP DeskJet 840C841C842C843C. Error 2114. The printer
cannot be used by others on the network.
[ TuneUp Events ]
Error - 16/09/2013 14:14:50 | Computer Name = AcerLaptop | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >