Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is acting...

Started by Lovltn848 , Sep 06 2010 10:22 PM

  • Please log in to reply

#1
Lovltn848
Posted 06 September 2010 - 10:22 PM

Lovltn848

    Member

  • Member
  • PipPipPip
  • 237 posts
Whenever I plug my SDcard into my card reader, if I have a quicktime video file on the card from my camera, Windows Explorer freaks out. I thought I solved this problem by reinstalling the card reader. It was okay for a while until I tried to put some videos into a folder tonight. If I try to open up a new Windows Explorer window (My Computer, etc) I just get a blank window.

Also something new that has been happening is I get 2 DLL errors whenever I reboot. One is a strange name tewaqu...something, and the other is TS150...something or other....

I got an error when I tried to do a Hijack This! scan and log but after clicking Okay on some things, I got this:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:53 PM, on 8/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...9&m=aspire_5335
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...9&m=aspire_5335
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1240710197830
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1240710240003
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca030e4e71d970) (gupdate1ca030e4e71d970) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 12070 bytes
  • 0

Advertisements

#2
azarl
Posted 18 September 2010 - 12:43 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

We no longer use HJT as it does not show enough information to deal with current infections.

» Step 1«
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

» Step 2 «
Download GMER Rootkit Scanner. Note the files name and unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

» Step 3«

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
Lovltn848
Posted 18 September 2010 - 05:32 PM

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4647

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/18/2010 1:34:50 PM
mbam-log-2010-09-18 (13-34-50).txt

Scan type: Quick scan
Objects scanned: 157613
Time elapsed: 13 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fdobiwogi (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jgeleki (Trojan.Agent.U) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Lauren\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.






GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-18 17:04:18
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Lauren\AppData\Local\Temp\kgryrpob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E037BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E0379D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E037B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 82BB5DF0 7 Bytes JMP 8E037B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C2128F 5 Bytes JMP 8E0335D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82C7A063 5 Bytes JMP 8E034FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82C7B905 7 Bytes JMP 8E0379D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CDB90A 7 Bytes JMP 8E037BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\drivers\jrjgvnb.sys The system cannot find the path specified. !
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xAAFCD41C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xAAFCE000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1632] kernel32.dll!SetUnhandledExceptionFilter 7677A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\Explorer.EXE[3316] SHELL32.dll!SHFileOperationW 75B268E8 5 Bytes JMP 03191102 C:\Program Files\Unlocker\UnlockerHook.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




OTL logfile created on: 9/18/2010 5:17:10 PM - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Lauren\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 19.43 Gb Free Space | 17.41% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 17.68 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAUREN-PC
Current User Name: Lauren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Lauren\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - C:\Users\Lauren\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\SiteAdvisor\6172\SAService.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Lauren\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll (Egis Incorporated.)
MOD - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\dbghelp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SiteAdvisor Service) -- C:\Program Files\SiteAdvisor\6172\SAService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (dvd43llh) -- C:\Windows\System32\drivers\dvd43llh.sys (RIF)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (w64smdm) -- C:\Windows\System32\drivers\w64smdm.sys (MCCI)
DRV - (w64sdiag) au W64S Serial Port (WDM) -- C:\Windows\System32\drivers\w64sdiag.sys (MCCI)
DRV - (w64sbus) au W64S USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\w64sbus.sys (MCCI)
DRV - (w64smdfl) -- C:\Windows\System32\drivers\w64smdfl.sys (MCCI Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (XBCD+) -- C:\Windows\System32\drivers\xbcd.sys (Redcl0ud)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...9&m=aspire_5335

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...9&m=aspire_5335
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.4.118
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: {89c9e067-2605-4f75-a608-f6ea31c9d087}:1.4.2a
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6
FF - prefs.js..extensions.enabledItems: {D12C8446-3DB9-4448-8189-C705EA4A5D01}:1.9.1
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.6
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.1
FF - prefs.js..keyword.URL: "http://websearch.ask...1&apn_dtid=&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 00:55:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 12:19:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\PROGRAM FILES\Mozilla Firefox\components [2010/08/20 09:22:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\PROGRAM FILES\Mozilla Firefox\plugins [2010/09/02 19:09:50 | 000,000,000 | ---D | M]

[2009/07/11 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions
[2009/07/11 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/04/23 00:22:59 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/09/18 11:38:57 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions
[2010/04/18 19:52:45 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/08/16 02:07:23 | 000,000,000 | ---D | M] (BlackX 2) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2009/11/20 05:54:07 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/08/14 09:19:27 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/06/03 20:50:28 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/09/14 17:50:14 | 000,000,000 | ---D | M] (FFXI Helper) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d087}
[2010/08/14 09:19:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/14 09:19:27 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/11/20 06:04:52 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2009/09/14 17:50:13 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]
[2010/08/14 09:19:27 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]
[2010/08/14 01:33:43 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]
[2010/08/01 23:12:14 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]
[2010/08/14 09:19:26 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]\__MACOSX
[2010/08/14 09:19:26 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]\chrome
[2010/08/14 09:19:26 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\[email protected]\defaults
[2010/08/14 09:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/08/14 09:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/09/18 11:34:51 | 000,002,556 | ---- | M] () -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1saxoinm.default\searchplugins\askcom.xml
[2010/03/27 08:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/27 08:11:18 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2009/05/17 16:52:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [certPost] C:\Users\Lauren\AppData\Local\Temp\DpiShost.DLL ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1262601964481 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1240710240003 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} Reg Error: Key error. (SG_CAppAtx Control)
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} Reg Error: Key error. (EwsLoader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Lauren\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lauren\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/18 17:15:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
[2010/09/18 13:20:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/18 13:19:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/18 13:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/18 11:23:30 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Apps
[2010/09/06 21:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/09/05 01:29:56 | 000,000,000 | -H-D | C] -- C:\Users\Lauren\AppData\Local\Adobe
[2010/09/03 09:13:02 | 000,000,000 | -H-D | C] -- C:\Users\Lauren\AppData\Local\Apple
[2010/09/01 22:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Qwest
[2010/09/01 22:48:10 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Xenocode
[2010/09/01 22:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/09/01 22:48:09 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2010/08/30 21:20:09 | 000,000,000 | -H-D | C] -- C:\Users\Lauren\AppData\Local\Apple Computer
[2010/08/28 23:15:03 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\{D12C8446-3DB9-4448-8189-C705EA4A5D01}
[2010/08/23 19:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/08/20 09:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/16 18:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/08/16 18:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/08/16 18:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/16 18:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/08/01 13:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 12:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/07/27 09:51:51 | 000,000,000 | ---D | C] -- C:\Users\Lauren\Desktop\Word Documents
[2010/07/27 09:51:15 | 000,000,000 | ---D | C] -- C:\Users\Lauren\Office Genuine Advantage
[2010/07/27 09:24:57 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll
[2010/07/27 09:24:57 | 000,454,656 | ---- | C] (FoxBurner Ltd.) -- C:\Windows\System32\FoxDVDImager.ocx
[2010/07/27 09:24:56 | 001,228,800 | ---- | C] (FoxBurner Ltd.) -- C:\Windows\System32\FoxBurner.ocx
[2010/07/27 09:24:56 | 001,208,320 | ---- | C] (Plasmatech Software Design) -- C:\Windows\System32\PTxSCP.ocx
[2010/07/27 09:24:56 | 000,856,064 | ---- | C] (Essien Research & Development) -- C:\Windows\System32\mpgfiltr.ax
[2010/07/27 09:24:56 | 000,380,928 | ---- | C] (NUGROOVZ) -- C:\Windows\System32\CDRipperX.ocx
[2010/07/27 09:24:56 | 000,196,608 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\System32\VideoEdit.ocx
[2010/07/27 09:24:56 | 000,081,920 | ---- | C] (Viscom Software) -- C:\Windows\System32\viscomwave.dll
[2010/07/27 00:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/24 19:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/07/02 07:51:49 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/06/30 02:21:55 | 001,974,377 | ---- | C] (한국정보인증(주)) -- C:\Windows\System32\sg_api.dll
[2010/06/30 02:21:55 | 001,585,152 | ---- | C] ((주)드림시큐리티) -- C:\Windows\System32\gpkiapi.dll
[2010/06/30 02:21:55 | 000,737,385 | ---- | C] (Korea Information Certificate Authority Inc.) -- C:\Windows\System32\sg_dlg.dll
[2010/06/30 02:21:55 | 000,443,968 | ---- | C] (Korea Information Certificate Authority Inc.) -- C:\Windows\System32\sg_cappatx.ocx
[2010/06/30 02:21:55 | 000,307,200 | ---- | C] (Korea Information Certificate Authority Inc.) -- C:\Windows\System32\ewshandler.dll
[2010/06/30 02:21:55 | 000,167,936 | ---- | C] (Korea Infomation Certificate Authority Inc.) -- C:\Windows\System32\securityloader.dll
[2010/06/30 02:21:55 | 000,137,120 | ---- | C] (Korea Information Certificate Authority Inc.) -- C:\Windows\System32\signgate_ioc.dll
[2010/06/30 02:21:55 | 000,094,208 | ---- | C] (Internet Security Co., Ltd.) -- C:\Windows\System32\sgkey.dll
[2010/06/30 02:21:55 | 000,074,240 | ---- | C] (Netscape Communications Corporation) -- C:\Windows\System32\nsldap32v11.dll
[2010/06/30 02:21:55 | 000,073,728 | ---- | C] (Internet Security Co., Ltd.) -- C:\Windows\System32\securek08.dll
[2010/06/30 02:21:55 | 000,061,440 | ---- | C] (한국정보인증) -- C:\Windows\System32\sgcard.dll
[2010/06/30 02:21:55 | 000,049,152 | ---- | C] (N-LINE SYSTEM Co., Ltd.) -- C:\Windows\System32\sgmagerkey.dll
[2010/06/30 02:21:55 | 000,036,864 | ---- | C] (INFOVINE) -- C:\Windows\System32\UbikeyInit.dll
[2010/06/30 02:21:55 | 000,021,990 | ---- | C] (Internet Security Co., Ltd.) -- C:\Windows\System32\drivers\securkey.sys
[2010/06/30 02:21:55 | 000,020,780 | ---- | C] (anchor chips) -- C:\Windows\System32\drivers\MagerKey.sys
[2010/06/30 02:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\SignGATE
[2010/06/22 11:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2009/01/06 19:43:08 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[5 C:\Users\Lauren\Desktop\*.tmp files -> C:\Users\Lauren\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/18 17:21:03 | 005,242,880 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat
[2010/09/18 17:13:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
[2010/09/18 17:10:51 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/18 17:10:51 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/18 17:10:51 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/18 17:09:39 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/09/18 17:07:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/09/18 17:05:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/18 17:05:27 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/18 17:05:24 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2010/09/18 17:05:22 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/18 17:05:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/18 17:05:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/18 17:05:02 | 2072,899,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/18 17:02:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/18 16:57:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3761143489-4144888808-3294341120-1000UA.job
[2010/09/18 13:40:17 | 000,002,255 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/09/18 13:35:56 | 000,524,288 | -HS- | M] () -- C:\Users\Lauren\NTUSER.DAT{2eac69d9-4241-11de-837e-001d72f0e0e1}.TMContainer00000000000000000001.regtrans-ms
[2010/09/18 13:35:56 | 000,065,536 | -HS- | M] () -- C:\Users\Lauren\NTUSER.DAT{2eac69d9-4241-11de-837e-001d72f0e0e1}.TM.blf
[2010/09/18 13:35:50 | 003,829,619 | -H-- | M] () -- C:\Users\Lauren\AppData\Local\IconCache.db
[2010/09/18 10:51:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/18 08:57:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3761143489-4144888808-3294341120-1000Core.job
[2010/09/18 00:57:58 | 000,002,077 | ---- | M] () -- C:\Users\Lauren\Desktop\Google Chrome.lnk
[2010/09/18 00:57:58 | 000,002,013 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/16 03:04:06 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010/09/15 22:00:30 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/09/07 09:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 09:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 08:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 08:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 08:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 08:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 08:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/06 21:34:47 | 000,065,024 | -H-- | M] () -- C:\Users\Lauren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 01:02:28 | 000,169,372 | ---- | M] () -- C:\Users\Lauren\Desktop\narnia_map.jpg
[2010/08/31 09:16:51 | 000,002,053 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2010/08/31 09:03:26 | 000,000,120 | -H-- | M] () -- C:\Users\Lauren\AppData\Local\Glezeqo.dat
[2010/08/31 09:03:26 | 000,000,000 | -H-- | M] () -- C:\Users\Lauren\AppData\Local\Rsagikufevori.bin
[2010/08/29 08:51:22 | 000,000,953 | ---- | M] () -- C:\Users\Lauren\Desktop\Internet Explorer.lnk
[2010/08/29 08:51:22 | 000,000,947 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/28 23:13:02 | 000,000,024 | ---- | M] () -- C:\Users\Lauren\AppData\Roaming\hngmfc.dat
[2010/08/22 00:27:34 | 002,228,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/16 18:31:51 | 000,073,008 | -H-- | M] () -- C:\Users\Lauren\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/16 18:15:37 | 000,001,006 | ---- | M] () -- C:\Users\Lauren\Desktop\Adobe Photoshop CS4.lnk
[2010/08/06 13:08:45 | 000,000,942 | ---- | M] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/08/01 13:03:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/01 13:03:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/27 00:25:02 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/01 01:32:23 | 000,000,162 | -H-- | M] () -- C:\Users\Lauren\Desktop\~$SSO revised.doc
[2010/07/01 01:32:22 | 000,000,162 | -H-- | M] () -- C:\Users\Lauren\Desktop\~$w pow chicken.doc
[5 C:\Users\Lauren\Desktop\*.tmp files -> C:\Users\Lauren\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/05 01:02:25 | 000,169,372 | ---- | C] () -- C:\Users\Lauren\Desktop\narnia_map.jpg
[2010/08/29 10:08:07 | 000,002,053 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2010/08/29 08:55:29 | 000,002,077 | ---- | C] () -- C:\Users\Lauren\Desktop\Google Chrome.lnk
[2010/08/29 08:55:29 | 000,002,013 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/29 08:52:46 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3761143489-4144888808-3294341120-1000UA.job
[2010/08/29 08:52:44 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3761143489-4144888808-3294341120-1000Core.job
[2010/08/29 08:51:22 | 000,000,953 | ---- | C] () -- C:\Users\Lauren\Desktop\Internet Explorer.lnk
[2010/08/29 08:51:22 | 000,000,947 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/28 23:15:05 | 000,000,120 | -H-- | C] () -- C:\Users\Lauren\AppData\Local\Glezeqo.dat
[2010/08/28 23:15:05 | 000,000,000 | -H-- | C] () -- C:\Users\Lauren\AppData\Local\Rsagikufevori.bin
[2010/08/28 23:13:02 | 000,000,024 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\hngmfc.dat
[2010/08/16 18:15:37 | 000,001,006 | ---- | C] () -- C:\Users\Lauren\Desktop\Adobe Photoshop CS4.lnk
[2010/08/10 15:57:16 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2010/08/09 11:16:54 | 000,038,660 | ---- | C] () -- C:\Windows\System\sd.ico
[2010/08/09 11:16:54 | 000,037,300 | ---- | C] () -- C:\Windows\System\cf.ico
[2010/08/09 11:16:54 | 000,037,041 | ---- | C] () -- C:\Windows\System\sm.ico
[2010/08/09 11:16:54 | 000,034,530 | ---- | C] () -- C:\Windows\System\ms.ico
[2010/08/06 13:08:45 | 000,000,942 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/08/01 13:03:27 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/08/01 13:03:27 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/07/27 09:52:18 | 000,002,255 | ---- | C] () -- C:\Users\Lauren\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/27 09:24:54 | 000,323,584 | ---- | C] () -- C:\Windows\System32\FoxImager.dll
[2010/07/27 00:25:02 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/01 01:32:23 | 000,000,162 | -H-- | C] () -- C:\Users\Lauren\Desktop\~$SSO revised.doc
[2010/07/01 01:32:22 | 000,000,162 | -H-- | C] () -- C:\Users\Lauren\Desktop\~$w pow chicken.doc
[2009/11/20 08:09:12 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/10/15 23:58:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/07 19:21:12 | 000,015,235 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\UserTile.png
[2009/09/11 02:18:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/22 21:17:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/10 15:41:55 | 000,003,534 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/02 18:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/17 17:16:21 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/07 02:58:50 | 000,006,648 | -H-- | C] () -- C:\Users\Lauren\AppData\Local\d3d9caps.dat
[2009/03/31 19:39:07 | 000,002,413 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/31 19:02:45 | 000,065,024 | -H-- | C] () -- C:\Users\Lauren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/30 20:15:48 | 000,000,031 | ---- | C] () -- C:\Windows\wininit.ini
[2009/01/06 19:28:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009/01/06 19:02:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2009/01/06 18:59:59 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/01/06 18:59:59 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/01/06 18:58:24 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/14 23:50:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/14 23:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/14 23:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/05/14 06:48:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/14 06:48:14 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/05/14 06:48:14 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/05/14 06:48:13 | 000,000,045 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/03/30 21:36:50 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Acer
[2008/05/14 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Acer GameZone Console
[2010/03/07 11:24:01 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Auslogics
[2009/12/19 02:59:55 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\BitTorrent
[2009/11/13 22:29:35 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Canneverbe_Limited
[2009/04/19 14:11:12 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\FloodLightGames
[2009/07/20 00:21:22 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\IMVU
[2009/07/11 01:53:00 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\IMVUClient
[2009/04/17 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\IObit
[2009/03/30 21:36:44 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Leadertech
[2009/12/18 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\LimeWire
[2009/09/01 01:50:13 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Opera
[2009/10/07 19:21:11 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\PeerNetworking
[2009/08/10 16:37:50 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\PowerCinema
[2009/07/01 22:10:30 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Red Rune Software
[2009/07/15 21:12:20 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\SecondLife
[2009/10/07 18:27:01 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Trillian
[2010/09/09 22:56:34 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\uTorrent
[2009/08/11 00:39:55 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\VistaCodecs
[2010/09/18 17:05:24 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\AutoSmartDefrag.job
[2010/09/18 13:36:22 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/15 22:00:30 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/09/03 22:57:13 | 000,003,356 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/10 17:06:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/04/22 12:01:57 | 000,039,372 | ---- | M] () -- C:\comic layout.pptx
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/18 17:05:02 | 2072,899,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/01 13:03:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/01 03:17:07 | 006,869,389 | ---- | M] () -- C:\ituneslib.itl
[2010/08/01 13:03:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/18 17:05:00 | 2386,690,048 | -HS- | M] () -- C:\pagefile.sys
[2008/12/15 18:25:26 | 000,004,132 | -HS- | M] () -- C:\Patch.rev
[2008/08/29 02:03:23 | 000,000,149 | RHS- | M] () -- C:\preload.rev
[2009/05/17 14:03:53 | 000,000,091 | ---- | M] () -- C:\PS.log
[2009/04/21 21:40:50 | 000,241,554 | ---- | M] () -- C:\Pugna Diem.htm
[2009/04/11 02:58:20 | 007,471,329 | ---- | M] () -- C:\TigerThames.log
[2009/08/20 07:07:22 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 06:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/11 20:31:08 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 09:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/04/10 02:49:10 | 000,001,674 | -H-- | M] () -- C:\Users\Lauren\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2008/01/20 20:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 21:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 21:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 21:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/08/29 08:51:22 | 000,000,574 | -HS- | M] () -- C:\Users\Lauren\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/18 17:13:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
[5 C:\Users\Lauren\Desktop\*.tmp files -> C:\Users\Lauren\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/09/11 21:03:43 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/09/11 21:03:14 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/01/06 18:49:24 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/01/06 18:49:24 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/09/11 21:03:14 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/14 18:25:35 | 000,000,402 | -HS- | M] () -- C:\Users\Lauren\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/11/30 18:03:36 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2009/08/10 15:45:48 | 000,003,534 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe2.log
[2010/01/11 00:56:37 | 000,002,413 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/06/11 03:19:09 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Acer Crystal Eye webcam.EXE

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/09/18 15:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\System32\acwizard.ico

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/08/01 12:20:32 | 000,057,350 | ---- | M] () -- C:\Windows\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/09/18 17:23:31 | 005,242,880 | -HS- | M] () -- C:\Users\Lauren\ntuser.dat

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-16 09:05:52

========== Files - Unicode (All) ==========
[2009/08/23 11:52:29 | 000,000,000 | ---D | M](C:\Users\Lauren\Favorites\?Ssorted Bookmarks) -- C:\Users\Lauren\Favorites\ﷀSsorted Bookmarks

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:193426B4
< End of report >




I did not get the "extras.txt" from OTL.
  • 0

#4
azarl
Posted 19 September 2010 - 03:53 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Before we do anything else, you seem to be running two anti-viruses - McAffee and Avast. Unfortunately, this does not give you any more protection than just running one, and will slow your ssytem down and cause other problems. Can you remove one please.

Click Start and choose Control Panel
In Control Panel double click on the "Programs and Features" icon
Click on the program you want to uninstall and then on Uninstall/Change and follow the prompts.

Extras
  • Run OTL again please, setting
  • Extra Registry - Use SafeList
  • Then click Run Scan and you'll get OTL.txt and extras.txt

Please post these in your next response
  • 0

#5
Lovltn848
Posted 19 September 2010 - 08:02 PM

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 237 posts
I don't have McAfee on my system, I deleted it a long time ago and it doesn't show up in any searches on my computer. I tried OTL again and did what you said but it's still not giving me the 2nd txt file.
  • 0

#6
azarl
Posted 20 September 2010 - 10:44 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
McAfee has left some drivers installed, we can clean them by running their removal tool

1. Download the removal tool from: http://download.mcaf...atches/MCPR.exe
2. Click Save and save the file to a folder on your computer.
3. Navigate to the folder where the file was saved.
4. Make sure all McAfee windows are closed.
5. Double-click MCPR.exe to run the removal tool.

NOTE: Windows Vista/Windows 7 users must right-click MCPR.exe and select Run as Administrator.

6. Restart your computer after receiving the message CleanUp Successful.
Your McAfee product will not be fully removed until the system is restarted.

Have a look on your desktop, or wherever you ran OTL from, thers should be a file extras.txt
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP