OTL logfile created on: 02/12/2011 10:36:52 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sharon\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.93 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 62.10% Memory free 6.08 Gb Paging File | 5.05 Gb Available in Paging File | 83.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223.12 Gb Total Space | 186.45 Gb Free Space | 83.56% Space Free | Partition Type: NTFS Drive D: | 83.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: SHARON-PC | User Name: Sharon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/12/02 03:26:47 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/12/01 21:49:27 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Sharon\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe PRC - [2011/12/01 20:06:58 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Sharon\AppData\Local\Temp\RtkBtMnt.exe PRC - [2011/11/21 11:51:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2009/04/01 21:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009/03/11 02:09:28 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009/03/11 02:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009/02/19 03:42:48 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2009/02/01 06:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008/01/21 02:24:23 | 001,792,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/12/01 21:09:10 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ba71341e41687591124f9a5680cb0981\System.ServiceProcess.ni.dll MOD - [2011/12/01 21:08:08 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll MOD - [2011/12/01 21:07:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll MOD - [2011/12/01 21:07:44 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll MOD - [2011/12/01 21:07:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll MOD - [2011/12/01 21:07:20 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll MOD - [2011/12/01 21:07:02 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll MOD - [2009/02/02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2008/01/21 02:24:39 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll MOD - [2008/01/21 02:24:17 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll MOD - [2008/01/21 02:24:06 | 003,371,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MIGUIControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll MOD - [2008/01/21 02:24:06 | 000,163,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll MOD - [2008/01/21 02:23:49 | 000,188,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll MOD - [2006/11/02 09:47:03 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll MOD - [2003/06/07 21:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service) SRV - [2011/12/01 19:46:51 | 000,110,576 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009/03/11 02:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011/12/02 10:06:24 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C1A7E83-4D4E-44AF-A8DE-B5CF7DF30FEF}\MpKsl5f127e49.sys -- (MpKsl5f127e49) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE) DRV - [2009/02/23 02:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/12/29 22:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/09/22 13:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2008/09/04 04:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2008/02/29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1211&m=aspire_5738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1211&m=aspire_5738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sharon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sharon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sharon\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sharon\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sharon\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Sharon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2011/12/01 22:14:46 | 000,000,726 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/12/02 10:36:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe [2011/12/02 09:56:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/12/02 09:56:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/12/02 09:56:43 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2011/12/02 09:56:22 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Adobe [2011/12/02 08:30:52 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/12/02 03:30:26 | 000,380,928 | ---- | C] (Acer Incorporated) -- C:\Windows\AcerStore.exe [2011/12/02 03:30:26 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2011/12/02 03:30:12 | 000,199,176 | ---- | C] (Dritek System Inc.) -- C:\Windows\GVUni.exe [2011/12/02 03:25:05 | 000,207,368 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE [2011/12/02 03:24:51 | 000,952,832 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys [2011/12/02 03:24:25 | 001,202,560 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys [2011/12/02 03:24:25 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe [2011/12/02 03:24:25 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe [2011/12/02 03:24:25 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrscoin.dll [2011/12/02 03:23:54 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\PATCHFUL.EXE [2011/12/02 03:23:52 | 000,000,000 | ---D | C] -- C:\Windows\Lan [2011/12/01 23:23:50 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Spyware Remover Pro [2011/12/01 23:23:38 | 005,077,776 | ---- | C] (Spyware Remover Pro) -- C:\Windows\uninst.exe [2011/12/01 23:23:38 | 001,332,560 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbte.dll [2011/12/01 23:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Remover Pro [2011/12/01 23:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SP1Data [2011/12/01 22:42:45 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011/12/01 22:42:45 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe [2011/12/01 22:42:28 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE [2011/12/01 22:12:27 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Desktop\RK_Quarantine [2011/12/01 21:51:57 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011/12/01 21:49:02 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Deployment [2011/12/01 21:49:02 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Apps [2011/12/01 21:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011/12/01 21:06:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer [2011/12/01 21:02:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011/12/01 20:58:35 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\CyberLink [2011/12/01 20:58:30 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\SoftDMA [2011/12/01 20:58:20 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\CyberLink [2011/12/01 20:07:24 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Adobe [2011/12/01 20:06:29 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\EgisTec [2011/12/01 20:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec [2011/12/01 20:06:08 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Google [2011/12/01 20:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista [2011/12/01 20:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc [2011/12/01 20:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\eSobi [2011/12/01 20:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\eSobi [2011/12/01 20:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer [2011/12/01 20:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\EgisTec [2011/12/01 19:59:47 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Acer ePower Management V4 [2011/12/01 19:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Acer [2011/12/01 19:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager [2011/12/01 19:54:04 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Macromedia [2011/12/01 19:54:03 | 000,000,000 | ---D | C] -- C:\Windows\Screensavers [2011/12/01 19:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager [2011/12/01 19:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K [2011/12/01 19:52:33 | 001,380,352 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE [2011/12/01 19:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam [2011/12/01 19:52:08 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\InstallShield [2011/12/01 19:51:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2011/12/01 19:50:46 | 001,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2011/12/01 19:50:46 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2011/12/01 19:50:46 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2011/12/01 19:50:45 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2011/12/01 19:50:45 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2011/12/01 19:50:43 | 000,282,112 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\RTPCEE32.dll [2011/12/01 19:50:40 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2011/12/01 19:50:40 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2011/12/01 19:50:40 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2011/12/01 19:50:39 | 000,159,232 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll [2011/12/01 19:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Temp [2011/12/01 19:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2011/12/01 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Google [2011/12/01 19:47:26 | 000,000,000 | R--D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/12/01 19:47:26 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Searches [2011/12/01 19:47:26 | 000,000,000 | R--D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011/12/01 19:47:08 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Identities [2011/12/01 19:47:01 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Contacts [2011/12/01 19:46:56 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\VirtualStore [2011/12/01 19:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner [2011/12/01 19:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011/12/01 19:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\AppData\Local\Temporary Internet Files [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Templates [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Start Menu [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\SendTo [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Recent [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\PrintHood [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\NetHood [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Documents\My Videos [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Documents\My Pictures [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Documents\My Music [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\My Documents [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Local Settings [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\AppData\Local\History [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Cookies [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Application Data [2011/12/01 19:45:01 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\AppData\Local\Application Data [2011/12/01 19:45:00 | 000,000,000 | --SD | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft [2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Videos [2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Saved Games [2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Pictures [2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Music [2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Links [2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Favorites [2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Downloads [2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Documents [2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Desktop [2011/12/01 19:45:00 | 000,000,000 | R--D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011/12/01 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Temp [2011/12/01 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Microsoft [2011/12/01 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Media Center Programs [2011/12/01 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData [2011/12/01 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Acer GameZone Console [2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates [2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu [2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos [2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures [2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music [2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites [2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings [2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents [2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2011/12/01 19:41:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data [2011/12/01 19:35:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64 [2011/12/01 19:35:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang [2011/12/01 19:34:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011/12/01 19:33:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/12/02 10:38:44 | 000,000,162 | -H-- | M] () -- C:\Users\Sharon\Documents\~$virus.rtf [2011/12/02 10:13:18 | 000,602,478 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/12/02 10:13:18 | 000,106,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/12/02 10:05:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/02 10:05:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/02 10:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/02 10:05:38 | 3144,552,448 | -HS- | M] () -- C:\hiberfil.sys [2011/12/02 09:54:10 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495262056-2048674864-3694758281-1000UA.job [2011/12/02 08:24:14 | 006,459,513 | ---- | M] () -- C:\Users\Sharon\Documents\virus.rtf [2011/12/01 23:23:38 | 001,332,560 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\sbte.dll [2011/12/01 23:23:38 | 000,308,560 | ---- | M] () -- C:\Windows\System32\vipre.dll [2011/12/01 23:23:38 | 000,160,768 | ---- | M] () -- C:\Windows\System32\unrar.dll [2011/12/01 22:42:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011/12/01 22:33:24 | 005,077,776 | ---- | M] (Spyware Remover Pro) -- C:\Windows\uninst.exe [2011/12/01 21:54:35 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495262056-2048674864-3694758281-1000Core.job [2011/12/01 21:52:00 | 000,002,051 | ---- | M] () -- C:\Users\Sharon\Desktop\Google Chrome.lnk [2011/12/01 21:52:00 | 000,002,013 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/01 21:51:07 | 000,000,378 | ---- | M] () -- C:\Users\Sharon\Desktop\Documents.lnk [2011/12/01 21:36:42 | 000,000,866 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/12/01 21:36:07 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2011/12/01 21:04:57 | 000,297,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/12/01 20:07:47 | 000,000,193 | ---- | M] () -- C:\Windows\USER.XML [2011/12/01 20:06:07 | 000,000,947 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/12/01 20:04:10 | 000,000,206 | ---- | M] () -- C:\Windows\Factory.xml [2011/12/01 20:04:01 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI [2011/12/01 20:04:01 | 000,000,000 | ---- | M] () -- C:\Windows\setup.INI [2011/12/01 19:58:29 | 000,000,855 | ---- | M] () -- C:\Windows\regfile_I.cmd [2011/12/01 19:58:29 | 000,000,255 | ---- | M] () -- C:\Windows\regfile_E.cmd [2011/12/01 19:53:40 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI [2011/12/01 19:53:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf [2011/12/01 19:38:30 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf [2011/11/21 11:51:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/12/02 10:38:44 | 000,000,162 | -H-- | C] () -- C:\Users\Sharon\Documents\~$virus.rtf [2011/12/02 08:24:14 | 006,459,513 | ---- | C] () -- C:\Users\Sharon\Documents\virus.rtf [2011/12/02 03:30:29 | 000,005,029 | --S- | C] () -- C:\Patch.rev [2011/12/02 03:24:06 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2011/12/02 03:24:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll [2011/12/02 03:24:06 | 000,036,064 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp [2011/12/02 03:24:06 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2011/12/02 03:24:06 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp [2011/12/02 03:24:06 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp [2011/12/02 03:24:05 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2011/12/02 03:24:05 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2011/12/01 23:23:38 | 000,308,560 | ---- | C] () -- C:\Windows\System32\vipre.dll [2011/12/01 23:23:38 | 000,160,768 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011/12/01 22:42:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011/12/01 22:16:45 | 3144,552,448 | -HS- | C] () -- C:\hiberfil.sys [2011/12/01 21:52:00 | 000,002,051 | ---- | C] () -- C:\Users\Sharon\Desktop\Google Chrome.lnk [2011/12/01 21:52:00 | 000,002,013 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/01 21:51:07 | 000,000,378 | ---- | C] () -- C:\Users\Sharon\Desktop\Documents.lnk [2011/12/01 21:49:33 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495262056-2048674864-3694758281-1000UA.job [2011/12/01 21:49:32 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495262056-2048674864-3694758281-1000Core.job [2011/12/01 21:36:40 | 000,000,866 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/12/01 21:36:07 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif [2011/12/01 21:24:59 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011/12/01 20:24:33 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011/12/01 20:24:33 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011/12/01 20:24:33 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011/12/01 20:19:44 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2011/12/01 20:06:07 | 000,000,947 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/12/01 20:04:01 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI [2011/12/01 20:04:01 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI [2011/12/01 19:58:45 | 000,000,855 | ---- | C] () -- C:\Windows\regfile_I.cmd [2011/12/01 19:58:45 | 000,000,255 | ---- | C] () -- C:\Windows\regfile_E.cmd [2011/12/01 19:53:40 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI [2011/12/01 19:53:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf [2011/12/01 19:52:33 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2011/12/01 19:52:33 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011/12/01 19:52:33 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2011/12/01 19:52:33 | 000,006,318 | ---- | C] () -- C:\Windows\Suyin.reg [2011/12/01 19:52:33 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2011/12/01 19:50:48 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2011/12/01 19:50:48 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011/12/01 19:50:48 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011/12/01 19:47:28 | 000,000,953 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/12/01 19:47:25 | 000,000,948 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011/12/01 19:47:00 | 000,000,919 | ---- | C] () -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2011/12/01 19:45:00 | 000,000,258 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2011/12/01 19:45:00 | 000,000,240 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2009/02/18 18:48:55 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009/02/18 11:20:22 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/02/18 11:20:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/02/11 20:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009/02/11 20:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009/02/11 20:03:57 | 000,000,057 | ---- | C] () -- C:\Windows\Prelaunch.ini [2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 12:47:37 | 000,297,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 10:33:01 | 000,602,478 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 10:33:01 | 000,106,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [color=#E56717]========== LOP Check ==========[/color] [2009/02/18 12:08:05 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Acer GameZone Console [2011/12/01 20:58:38 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\SoftDMA [2011/12/01 23:23:50 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Spyware Remover Pro [2011/12/02 09:57:59 | 000,016,942 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >