Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

New laptop is slow.

Started by istring , Aug 20 2011 07:05 AM

  • Please log in to reply

#1
istring
Posted 20 August 2011 - 07:05 AM

istring

    Member

  • Member
  • PipPip
  • 36 posts
Hi, I have a new laptop and it seems to be running slow.I have noticed that in the taskmanager the cpu usage is up around 45% is this normal?
Here is the OTL log

OTL logfile created on: 20/08/2011 8:52:31 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Ian\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.68 Gb Total Physical Memory | 4.59 Gb Available Physical Memory | 80.82% Memory free
11.36 Gb Paging File | 10.14 Gb Available in Paging File | 89.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 126.34 Gb Total Space | 87.40 Gb Free Space | 69.18% Space Free | Partition Type: NTFS

Computer Name: IAN-PC | User Name: Ian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/20 08:24:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe
PRC - [2011/08/15 08:39:18 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe
PRC - [2010/04/17 01:57:08 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/11 01:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/03/08 19:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 19:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/03 09:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 09:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 09:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 20:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/13 15:04:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011/08/13 15:04:21 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/13 15:04:13 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/13 15:03:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/13 15:03:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/13 15:03:46 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/08/13 15:03:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2010/03/08 20:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/01/13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/05/20 02:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/22 13:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2010/03/17 10:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2010/04/25 01:46:55 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/04/17 01:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/08 19:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 09:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/06 22:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/31 03:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/26 04:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/05 04:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/02 18:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/18 03:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/17 13:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 22:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 22:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 22:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/26 16:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2010/01/19 11:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/19 11:06:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...63z155t45n1k502
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...63z155t45n1k502
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...63z155t45n1k502
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...E-2784E8AF052B}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/19 08:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/19 08:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\Mozilla\Extensions
[2011/08/19 08:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/08/12 01:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BISA.exe] C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe (Bell)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/20 08:24:48 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe
[2011/08/19 08:16:46 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Mozilla
[2011/08/19 08:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/17 19:51:50 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\My Cheat Tables
[2011/08/17 19:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.1
[2011/08/17 19:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.1
[2011/08/14 09:20:36 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Template
[2011/08/13 14:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/08/13 14:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/08/13 13:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/13 13:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/08/13 12:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ares
[2011/08/13 09:35:30 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Mozilla
[2011/08/13 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\BellCanada
[2011/08/13 09:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BellCanada
[2011/08/13 09:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2011/08/13 09:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2011/08/13 09:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2011/08/13 08:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Bell
[2011/08/13 08:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint
[2011/08/13 08:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bell
[2011/08/13 08:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Bell
[2011/08/13 08:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bell
[2011/08/13 08:41:21 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Diagnostics
[2011/08/13 00:32:24 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2011/08/12 21:57:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Ares
[2011/08/12 21:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011/08/12 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/12 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/08/12 21:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/08/12 21:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/08/12 21:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/08/12 21:43:28 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Yahoo!
[2011/08/12 21:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011/08/12 21:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2011/08/12 21:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\BitTorrent
[2011/08/12 21:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer Platform Preview
[2011/08/12 21:28:47 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Adobe
[2011/08/12 21:28:45 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Google
[2011/08/12 21:28:45 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Google
[2011/08/12 21:09:37 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Macromedia
[2011/08/12 21:05:59 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Cyberlink
[2011/08/12 21:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2011/08/12 21:05:10 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2011/08/12 21:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2011/08/12 21:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/08/12 21:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011/08/12 21:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/08/12 21:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/08/12 21:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/08/12 21:00:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/08/12 21:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/08/12 21:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/08/12 21:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/08/12 20:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/08/12 20:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2011/08/12 20:55:55 | 001,664,248 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.exe
[2011/08/12 20:55:55 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2011/08/12 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2011/08/12 20:55:40 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\InstallShield
[2011/08/12 20:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/08/12 20:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2011/08/12 20:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2011/08/12 20:51:07 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Intel Corporation
[2011/08/12 20:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2011/08/12 20:50:58 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\EgisTec IPS
[2011/08/12 20:50:57 | 000,000,000 | ---D | C] -- C:\book
[2011/08/12 20:50:45 | 000,000,000 | R--D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/12 20:50:45 | 000,000,000 | R--D | C] -- C:\Users\Ian\Searches
[2011/08/12 20:50:45 | 000,000,000 | R--D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/08/12 20:50:45 | 000,000,000 | -H-D | C] -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/08/12 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Identities
[2011/08/12 20:50:34 | 000,000,000 | R--D | C] -- C:\Users\Ian\Contacts
[2011/08/12 20:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\VirtualStore
[2011/08/12 20:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2011/08/12 20:47:12 | 000,000,000 | --SD | C] -- C:\Users\Ian\AppData\Roaming\Microsoft
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Videos
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Saved Games
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Pictures
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Music
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Links
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Favorites
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Downloads
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Documents
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Desktop
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\AppData\Local\Temporary Internet Files
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Templates
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Start Menu
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\SendTo
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Recent
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\PrintHood
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\NetHood
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Documents\My Videos
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Documents\My Pictures
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Documents\My Music
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\My Documents
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Local Settings
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\AppData\Local\History
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Cookies
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Application Data
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\AppData\Local\Application Data
[2011/08/12 20:47:12 | 000,000,000 | -H-D | C] -- C:\Users\Ian\AppData
[2011/08/12 20:47:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Temp
[2011/08/12 20:47:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Microsoft
[2011/08/12 20:47:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Media Center Programs
[2011/08/12 20:46:56 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/08/12 20:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2011/08/12 20:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2011/08/12 20:38:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/08/12 20:34:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/20 08:52:20 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/20 08:52:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/20 08:24:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe
[2011/08/20 07:50:03 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 07:50:03 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 07:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/20 07:42:28 | 278,024,191 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/19 08:16:43 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/16 15:49:48 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/16 15:49:48 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/16 15:49:48 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/16 07:49:39 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdate.dll
[2011/08/14 09:20:10 | 000,000,000 | ---- | M] () -- C:\Users\Ian\AppData\Roaming\wklnhst.dat
[2011/08/13 14:56:19 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/13 13:36:43 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2011/08/13 12:03:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/08/13 00:32:24 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2011/08/12 21:46:15 | 000,001,441 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/12 21:43:23 | 000,000,991 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/08/12 21:35:45 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2011/08/12 20:55:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/08/12 20:51:36 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2011/08/12 20:47:35 | 000,015,754 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2011/08/12 20:45:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/08/12 20:45:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/08/12 20:41:23 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/19 08:16:43 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/14 09:20:10 | 000,000,000 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\wklnhst.dat
[2011/08/13 13:36:43 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2011/08/13 12:03:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/08/13 00:33:44 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2011/08/12 21:43:23 | 000,000,991 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/08/12 21:37:26 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/12 21:37:22 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/12 21:32:41 | 000,001,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer Platform Preview.lnk
[2011/08/12 21:28:41 | 000,001,441 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/12 21:03:50 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/08/12 21:03:39 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/08/12 20:55:55 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2011/08/12 20:55:55 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/08/12 20:55:55 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011/08/12 20:55:55 | 000,009,168 | ---- | C] () -- C:\Windows\Suyin.reg
[2011/08/12 20:55:55 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2011/08/12 20:55:55 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2011/08/12 20:55:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/08/12 20:51:36 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI
[2011/08/12 20:50:50 | 000,001,413 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/08/12 20:50:46 | 000,001,447 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/12 20:47:35 | 000,015,754 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2011/08/12 20:47:12 | 000,000,290 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/08/12 20:47:12 | 000,000,272 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/08/12 20:41:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2011/08/12 20:34:58 | 278,024,191 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/25 01:53:33 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/04/25 01:53:33 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/25 01:53:33 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/25 01:53:32 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/04/25 01:53:32 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/20 07:40:57 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Bell
[2011/08/13 12:28:37 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\BitTorrent
[2011/08/14 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Template
[2009/07/14 01:08:49 | 000,005,156 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Jintan
Posted 26 August 2011 - 06:09 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welcome to GeekstoGo istring,


No malware showing here, but this tells a lot:

PRC - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe

It would be unkind of me to call Radial Point the worst security software that ever existed, so let's call it the second worst. Pretty much a disaster on all systems. ISP provided security programs tend to be bottom-of-the-barrel stuff anyway. I had thought most ISP's have now realized this, and dropped Radial Point. Let's check what all is installed there, then maybe make a few changes to improve things. OTL should have created a second, Extras.Txt log, located in the same place as OTL.exe. Please post that log for review.
  • 0

#3
istring
Posted 29 August 2011 - 06:16 AM

istring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Sorry Jintan,but i cant fint the Extras Txt. file. I'm pretty new. :)
  • 0

#4
Jintan
Posted 29 August 2011 - 07:37 AM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
OTL does that periodically on different setups, and I am sure there is a legit reason why it occurs, though I don't happen to know it. Since we did not start here with some info to do these repairs, did you run OTL by right clicking/Run as administrator? When running OTL again, see if the Extras.txt log is created then.

For those preliminary instructions:

The system is Win 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

---------

Radial Point appears to be loading in Firefox, so let's remove that, then check after.

Open Firefox - Tools - Add-ons, and located and uninstall Internet Service Advisor.

Then reboot.

----------

To better verify the malware status of things there, go ahead and run some scans for that.

Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.46.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.

------------

Then try a new OTL run using the right click/Run as method. If no Extras.txt log is created, instead of OTL, Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If RSIT downloads/installs HijackThis be sure to agree to the install of that.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

Post those logs, along with the Malwarebytes and Eset logs please.
  • 0

#5
istring
Posted 29 August 2011 - 12:51 PM

istring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi I really appreciate your help.

Attached Files


  • 0

#6
istring
Posted 29 August 2011 - 12:52 PM

istring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
OOps forgot this :)

Attached Files

  • Attached File  info.txt   24.77KB   133 downloads

  • 0

#7
Jintan
Posted 29 August 2011 - 06:08 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
If you would, please post those here, in your thread. Not meaning to delay things, but it is near impossible to web search log info if the log is downloaded, instead of posted (or my methods sure don't support that).
  • 0

#8
istring
Posted 30 August 2011 - 05:40 AM

istring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Sorry Jintan.
info.txt logfile of random's system information tool 1.09 2011-08-29 14:49:56

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files (x86)\Acer Games\Web Link - Club Penguin\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}\setup.exe" -runfromtemp -l0x0409 -removeonly
-->"C:\Program Files (x86)\InstallShield Installation Information\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}\setup.exe" -runfromtemp -l0x0409 -removeonly
-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Acer Backup Manager-->C:\Program Files (x86)\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x0409
Acer Crystal Eye Webcam-->C:\Program Files (x86)\InstallShield Installation Information\{7760D94E-B1B5-40A0-9AA0-ABF942108755}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer ePower Management-->"C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer eRecovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x409 -removeonly
Acer ScreenSaver-->C:\Program Files (x86)\Acer\Screensaver\Uninstall.exe
Acer Updater-->"C:\Program Files (x86)\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe" -runfromtemp -l0x409 -removeonly
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe -maintain plugin
Adobe Reader 9.1 MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
Alcor Micro USB Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}\setup.exe -runfromtemp -l0x0409
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
avast! Pro Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Backup Manager Basic-->C:\Program Files (x86)\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x0409
Bell Internet Service Advisor 3.7.44-->"C:\Program Files (x86)\Bell\Internet Service Advisor\unins000.exe"
BitTorrent-->"C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /UNINSTALL
Cheat Engine 6.1-->"C:\Program Files (x86)\Cheat Engine 6.1\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
eBay Worldwide-->MsiExec.exe /I{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_4E7D715D860E20E1.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Haali Media Splitter-->"C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe"
Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel® Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall
Java™ 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Launch Manager-->C:\Windows\UNINSTLMv4.EXE LMv4.UNI
Malwarebytes' Anti-Malware version 1.51.1.1800-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}
Mozilla Firefox 6.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MyWinLocker Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}\setup.exe" -runfromtemp -l0x0409 -removeonly
MyWinLocker Suite-->MsiExec.exe /X{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}
MyWinLocker-->MsiExec.exe /X{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}
NTI Backup Now 5-->C:\Program Files (x86)\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0409
NTI Media Maker 8-->C:\Program Files (x86)\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0409
Optical Drive Power Management-->"C:\Program Files (x86)\InstallShield Installation Information\{AE09C972-EEB2-4DA5-8090-0FCF54576854}\setup.exe" -runfromtemp -l0x409 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RPS CRT-->MsiExec.exe /I{ECC69E86-3B0E-4010-AA37-414C5D71B7B9}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft Office 2007 System (KB2541012)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D}
Security Update for Microsoft Office Excel 2007 (KB2541007)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Shredder-->MsiExec.exe /I{C2695E83-CF1D-43D1-84FE-B3BEC561012A}
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Windows Internet Explorer Platform Preview-->MsiExec.exe /I{E3E30FF7-5EAE-4E0E-B394-78214222D60C}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Yahoo! Software Update-->C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE

======System event log======

Computer Name: Ian-PC
Event Code: 5
Message: The Bluetooth driver expected an HCI event with a certain size but did not receive it.
Record Number: 1449
Source Name: BTHUSB
Time Written: 20110813004223.440031-000
Event Type: Error
User:

Computer Name: Ian-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 1431
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110813004134.788329-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: WIN-4CU32VD8520
Event Code: 205
Message: The Program Compatibility Assistant service failed to perform the phase two initialization.
Record Number: 1356
Source Name: Microsoft-Windows-Application-Experience
Time Written: 20110813003732.956704-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: WIN-4CU32VD8520
Event Code: 10000
Message: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Record Number: 1221
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110813003541.541309-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: WIN-4CU32VD8520
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 1141
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100425060711.540620-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Ian-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-1744591163-1105217386-583749284-1001:
Process 640 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1744591163-1105217386-583749284-1001
Process 2280 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1744591163-1105217386-583749284-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2280 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1744591163-1105217386-583749284-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

Record Number: 1073
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110813011921.839645-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Ian-PC
Event Code: 1
Message: LMS Service cannot connect to Intel® MEI driver
Record Number: 880
Source Name: LMS
Time Written: 20110813005632.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Ian-PC
Event Code: 3036
Message: The content source <file:C:/ProgramData/Microsoft/Windows/Start Menu/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
Access is denied. Check that the Default Content Access Account in Windows Search Central Administration is correct, or follow the "Exclude and Include Content" link to add a rule to specify the proper crawling account to access this URL. (HRESULT : 0x80041205) (0x80041205)

Record Number: 853
Source Name: Microsoft-Windows-Search
Time Written: 20110813004910.000000-000
Event Type: Warning
User:

Computer Name: Ian-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 810
Source Name: Microsoft-Windows-Search
Time Written: 20110813004656.000000-000
Event Type: Warning
User:

Computer Name: Ian-PC
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 1264) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
Record Number: 805
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20110813004650.449907-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

=====Security event log=====

Computer Name: WIN-4CU32VD8520
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 501
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100425060618.063726-000
Event Type: Audit Success
User:

Computer Name: WIN-4CU32VD8520
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-4CU32VD8520$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x208
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 500
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100425060618.063726-000
Event Type: Audit Success
User:

Computer Name: WIN-4CU32VD8520
Event Code: 4738
Message: A user account was changed.

Subject:
Security ID: S-1-5-21-2330259384-1965934666-2881566118-500
Account Name: Administrator
Account Domain: WIN-4CU32VD8520
Logon ID: 0x23566

Target Account:
Security ID: S-1-5-21-2330259384-1965934666-2881566118-500
Account Name: Administrator
Account Domain: WIN-4CU32VD8520

Changed Attributes:
SAM Account Name: -
Display Name: -
User Principal Name: -
Home Directory: -
Home Drive: -
Script Path: -
Profile Path: -
User Workstations: -
Password Last Set: -
Account Expires: -
Primary Group ID: -
AllowedToDelegateTo: -
Old UAC Value: 0x210
New UAC Value: 0x211
User Account Control:
Account Disabled
User Parameters: -
SID History: -
Logon Hours: -

Additional Information:
Privileges: -
Record Number: 499
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100425060616.566124-000
Event Type: Audit Success
User:

Computer Name: WIN-4CU32VD8520
Event Code: 4725
Message: A user account was disabled.

Subject:
Security ID: S-1-5-21-2330259384-1965934666-2881566118-500
Account Name: Administrator
Account Domain: WIN-4CU32VD8520
Logon ID: 0x23566

Target Account:
Security ID: S-1-5-21-2330259384-1965934666-2881566118-500
Account Name: Administrator
Account Domain: WIN-4CU32VD8520
Record Number: 498
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100425060616.566124-000
Event Type: Audit Success
User:

Computer Name: WIN-4CU32VD8520
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-2330259384-1965934666-2881566118-500
Account Name: Administrator
Domain Name: WIN-4CU32VD8520
Logon ID: 0x23566
Record Number: 497
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100425060612.666117-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec MyWinLocker\x86;C:\Program Files (x86)\EgisTec MyWinLocker\x64
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=2502
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec MyWinLocker\x86;C:\Program Files (x86)\EgisTec MyWinLocker\x64
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec MyWinLocker\x86;C:\Program Files (x86)\EgisTec MyWinLocker\x64;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\;

-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7606

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29/08/2011 2:15:09 PM
mbam-log-2011-08-29 (14-15-09).txt

Scan type: Quick scan
Objects scanned: 171911
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Ian\AppData\Local\Temp\somoto_chrome.exe (Adware.BHO) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ian at 2011-08-29 14:49:50
Microsoft Windows 7 Home Premium
System drive C: has 92 GB (71%) free of 129 GB
Total RAM: 5815 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:49:54 PM, on 29/08/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Bell\Internet Service Advisor\BISAComHandler.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01X9MGKB\RSIT[1].exe
C:\Program Files (x86)\trend micro\Ian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/?fr=fp-yie9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...63z155t45n1k502
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...E-2784E8AF052B}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BISA.exe] "C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe" /AUTORUN
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11802 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\zdpjcctw.default

prefs.js - "browser.startup.homepage" - "http://www.yahoo.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Motive.com/NpMotive,version=1.0]
"Description"=Motive Plugin
"Path"=C:\Program Files (x86)\Common Files\Motive\npMotive.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@radialpoint.com/SPA,version=1]
"Description"=Radialpoint SPA
"Path"=C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-03-15 1392952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
Partner BHO Class - C:\ProgramData\Partner\Partner.dll [2010-04-25 433648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-19 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-08-12 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-12 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-03-15 163128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-03-15 1392952]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-19 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2009-12-23 284696]
"SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2010-04-17 337264]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-03-11 201584]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-03-11 407920]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2010-03-08 260608]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-03-03 1300560]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"BISA.exe"=C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe [2011-01-06 4318520]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ServicepointService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-29 14:49:50 ----D---- C:\rsit
2011-08-29 14:49:50 ----D---- C:\Program Files (x86)\trend micro
2011-08-29 14:21:25 ----D---- C:\Program Files (x86)\ESET
2011-08-29 14:11:40 ----D---- C:\Users\Ian\AppData\Roaming\Malwarebytes
2011-08-29 14:11:36 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2011-08-29 14:11:35 ----D---- C:\ProgramData\Malwarebytes
2011-08-29 14:11:32 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-24 16:14:28 ----A---- C:\Windows\SysWOW64\tzres.dll
2011-08-20 09:40:14 ----A---- C:\Windows\avastSS.scr
2011-08-20 09:40:13 ----A---- C:\Windows\SysWOW64\aswBoot.exe
2011-08-20 09:40:11 ----D---- C:\ProgramData\Alwil Software
2011-08-19 08:16:41 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-17 19:51:38 ----D---- C:\Program Files (x86)\Cheat Engine 6.1
2011-08-14 09:20:36 ----D---- C:\Users\Ian\AppData\Roaming\Template
2011-08-14 09:20:10 ----A---- C:\Users\Ian\AppData\Roaming\wklnhst.dat
2011-08-13 14:54:19 ----D---- C:\Windows\SysWOW64\Wat
2011-08-13 13:43:15 ----D---- C:\Program Files (x86)\MSXML 4.0
2011-08-13 13:41:01 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2011-08-13 13:41:01 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2011-08-13 13:41:01 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2011-08-13 13:41:01 ----A---- C:\Windows\SysWOW64\mscoree.dll
2011-08-13 13:41:01 ----A---- C:\Windows\SysWOW64\dfshim.dll
2011-08-13 12:22:52 ----D---- C:\Program Files (x86)\Ares
2011-08-13 09:35:30 ----D---- C:\Users\Ian\AppData\Roaming\Mozilla
2011-08-13 09:31:55 ----D---- C:\Program Files (x86)\BellCanada
2011-08-13 09:31:38 ----A---- C:\Windows\SysWOW64\vbscript.dll
2011-08-13 09:31:38 ----A---- C:\Windows\SysWOW64\jscript.dll
2011-08-13 09:31:29 ----A---- C:\Windows\SysWOW64\mshtml.dll
2011-08-13 09:31:26 ----A---- C:\Windows\SysWOW64\iertutil.dll
2011-08-13 09:31:26 ----A---- C:\Windows\SysWOW64\ieframe.dll
2011-08-13 09:31:24 ----A---- C:\Windows\SysWOW64\urlmon.dll
2011-08-13 09:31:24 ----A---- C:\Windows\SysWOW64\mstime.dll
2011-08-13 09:31:24 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2011-08-13 09:31:23 ----A---- C:\Windows\SysWOW64\wininet.dll
2011-08-13 09:31:23 ----A---- C:\Windows\SysWOW64\url.dll
2011-08-13 09:31:23 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2011-08-13 09:31:23 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2011-08-13 09:31:23 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2011-08-13 09:31:23 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2011-08-13 09:31:23 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2011-08-13 09:31:23 ----A---- C:\Windows\SysWOW64\ieui.dll
2011-08-13 09:31:23 ----A---- C:\Windows\SysWOW64\iepeers.dll
2011-08-13 09:31:23 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2011-08-13 09:05:53 ----D---- C:\ProgramData\Motive
2011-08-13 09:05:24 ----D---- C:\Program Files (x86)\Common Files\Motive
2011-08-13 08:59:23 ----D---- C:\Users\Ian\AppData\Roaming\Bell
2011-08-13 08:59:19 ----D---- C:\ProgramData\Radialpoint
2011-08-13 08:59:17 ----D---- C:\ProgramData\Bell
2011-08-13 08:59:17 ----D---- C:\Program Files (x86)\Bell
2011-08-13 07:49:29 ----A---- C:\Windows\SysWOW64\kerberos.dll
2011-08-13 07:49:28 ----A---- C:\Windows\SysWOW64\odbctrac.dll
2011-08-13 07:49:28 ----A---- C:\Windows\SysWOW64\odbcjt32.dll
2011-08-13 07:49:28 ----A---- C:\Windows\SysWOW64\odbccu32.dll
2011-08-13 07:49:28 ----A---- C:\Windows\SysWOW64\odbccr32.dll
2011-08-13 07:49:28 ----A---- C:\Windows\SysWOW64\odbccp32.dll
2011-08-13 07:49:27 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2011-08-13 07:49:20 ----A---- C:\Windows\SysWOW64\poqexec.exe
2011-08-13 07:49:19 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2011-08-13 07:49:18 ----A---- C:\Windows\SysWOW64\sbe.dll
2011-08-13 07:49:18 ----A---- C:\Windows\SysWOW64\EncDec.dll
2011-08-13 07:49:17 ----A---- C:\Windows\SysWOW64\t2embed.dll
2011-08-13 07:49:17 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll
2011-08-13 07:49:16 ----A---- C:\Windows\SysWOW64\taskschd.dll
2011-08-13 07:49:16 ----A---- C:\Windows\SysWOW64\taskeng.exe
2011-08-13 07:49:16 ----A---- C:\Windows\SysWOW64\taskcomp.dll
2011-08-13 07:49:16 ----A---- C:\Windows\SysWOW64\schtasks.exe
2011-08-13 07:49:13 ----A---- C:\Windows\SysWOW64\ole32.dll
2011-08-13 07:49:09 ----A---- C:\Windows\SysWOW64\shell32.dll
2011-08-13 07:49:05 ----A---- C:\Windows\SysWOW64\schannel.dll
2011-08-13 07:49:05 ----A---- C:\Windows\SysWOW64\comctl32.dll
2011-08-13 07:49:03 ----A---- C:\Windows\SysWOW64\rtutils.dll
2011-08-13 07:49:03 ----A---- C:\Windows\SysWOW64\mfc42u.dll
2011-08-13 07:49:03 ----A---- C:\Windows\SysWOW64\mfc42.dll
2011-08-13 07:48:59 ----A---- C:\Windows\SysWOW64\atmlib.dll
2011-08-13 07:48:59 ----A---- C:\Windows\SysWOW64\atmfd.dll
2011-08-13 07:48:58 ----A---- C:\Windows\SysWOW64\webio.dll
2011-08-13 07:48:57 ----A---- C:\Windows\SysWOW64\iccvid.dll
2011-08-13 07:48:46 ----A---- C:\Windows\SysWOW64\dnscacheugc.exe
2011-08-13 07:48:46 ----A---- C:\Windows\SysWOW64\dnsapi.dll
2011-08-13 07:48:41 ----A---- C:\Windows\SysWOW64\wmpmde.dll
2011-08-13 07:48:39 ----A---- C:\Windows\SysWOW64\ntdll.dll
2011-08-13 07:48:37 ----A---- C:\Windows\SysWOW64\msxml3.dll
2011-08-13 07:48:34 ----A---- C:\Windows\SysWOW64\sspicli.dll
2011-08-13 07:48:34 ----A---- C:\Windows\SysWOW64\secur32.dll
2011-08-13 07:48:31 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2011-08-13 07:48:31 ----A---- C:\Windows\SysWOW64\mfc40u.dll
2011-08-13 07:48:31 ----A---- C:\Windows\SysWOW64\mfc40.dll
2011-08-13 07:48:29 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2011-08-13 07:48:29 ----A---- C:\Windows\SysWOW64\kernel32.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-13 07:48:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-13 07:48:28 ----A---- C:\Windows\SysWOW64\wow32.dll
2011-08-13 07:48:28 ----A---- C:\Windows\SysWOW64\user.exe
2011-08-13 07:48:28 ----A---- C:\Windows\SysWOW64\setup16.exe
2011-08-13 07:48:28 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2011-08-13 07:48:28 ----A---- C:\Windows\SysWOW64\instnm.exe
2011-08-13 07:48:25 ----A---- C:\Windows\SysWOW64\mstscax.dll
2011-08-13 07:48:25 ----A---- C:\Windows\SysWOW64\mstsc.exe
2011-08-13 07:48:24 ----A---- C:\Windows\SysWOW64\drvinst.exe
2011-08-13 07:48:24 ----A---- C:\Windows\SysWOW64\devrtl.dll
2011-08-13 07:48:24 ----A---- C:\Windows\SysWOW64\devobj.dll
2011-08-13 07:48:24 ----A---- C:\Windows\SysWOW64\cfgmgr32.dll
2011-08-13 07:48:21 ----A---- C:\Windows\SysWOW64\wmp.dll
2011-08-13 07:48:20 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2011-08-13 07:48:17 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2011-08-13 07:48:16 ----A---- C:\Windows\SysWOW64\odbc32.dll
2011-08-13 07:48:15 ----A---- C:\Windows\SysWOW64\sscore.dll
2011-08-13 07:45:51 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2011-08-13 07:45:51 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2011-08-13 00:32:24 ----D---- C:\Windows\NAPP_Dism_Log
2011-08-12 21:53:52 ----D---- C:\ProgramData\Sun
2011-08-12 21:53:52 ----D---- C:\Program Files (x86)\Common Files\Java
2011-08-12 21:53:40 ----A---- C:\Windows\SysWOW64\javaws.exe
2011-08-12 21:53:40 ----A---- C:\Windows\SysWOW64\javaw.exe
2011-08-12 21:53:40 ----A---- C:\Windows\SysWOW64\java.exe
2011-08-12 21:53:40 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2011-08-12 21:53:33 ----D---- C:\Program Files (x86)\Java
2011-08-12 21:43:30 ----D---- C:\ProgramData\Yahoo!
2011-08-12 21:43:28 ----D---- C:\Users\Ian\AppData\Roaming\Yahoo!
2011-08-12 21:43:28 ----D---- C:\ProgramData\Yahoo! Companion
2011-08-12 21:43:27 ----D---- C:\Program Files (x86)\Yahoo!
2011-08-12 21:43:22 ----D---- C:\Program Files (x86)\BitTorrent
2011-08-12 21:42:41 ----D---- C:\Users\Ian\AppData\Roaming\BitTorrent
2011-08-12 21:40:18 ----HD---- C:\Windows\msdownld.tmp
2011-08-12 21:32:41 ----D---- C:\Program Files (x86)\Internet Explorer Platform Preview
2011-08-12 21:32:14 ----A---- C:\Windows\SysWOW64\mfreadwrite.dll
2011-08-12 21:32:14 ----A---- C:\Windows\SysWOW64\d3d10_1core.dll
2011-08-12 21:32:14 ----A---- C:\Windows\SysWOW64\d3d10_1.dll
2011-08-12 21:32:14 ----A---- C:\Windows\SysWOW64\d2d1.dll
2011-08-12 21:32:13 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL
2011-08-12 21:32:13 ----A---- C:\Windows\SysWOW64\ExplorerFrame.dll
2011-08-12 21:32:13 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2011-08-12 21:32:12 ----A---- C:\Windows\SysWOW64\XpsRasterService.dll
2011-08-12 21:32:12 ----A---- C:\Windows\SysWOW64\XpsPrint.dll
2011-08-12 21:32:12 ----A---- C:\Windows\SysWOW64\XpsGdiConverter.dll
2011-08-12 21:32:12 ----A---- C:\Windows\SysWOW64\mf.dll
2011-08-12 21:32:12 ----A---- C:\Windows\SysWOW64\DWrite.dll
2011-08-12 21:28:47 ----D---- C:\Users\Ian\AppData\Roaming\Adobe
2011-08-12 21:28:45 ----D---- C:\Users\Ian\AppData\Roaming\Google
2011-08-12 21:09:37 ----D---- C:\Users\Ian\AppData\Roaming\Macromedia
2011-08-12 21:07:42 ----N---- C:\Windows\SysWOW64\msxml4r.dll
2011-08-12 21:07:42 ----N---- C:\Windows\SysWOW64\msxml4a.dll
2011-08-12 21:05:10 ----D---- C:\Program Files (x86)\Haali
2011-08-12 21:04:52 ----D---- C:\ProgramData\CyberLink
2011-08-12 21:04:51 ----D---- C:\ProgramData\Temp
2011-08-12 21:01:59 ----N---- C:\Windows\SysWOW64\d3dx9_32.dll
2011-08-12 21:01:47 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-08-12 21:01:03 ----D---- C:\Program Files (x86)\Microsoft
2011-08-12 21:00:42 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2011-08-12 21:00:25 ----D---- C:\Program Files (x86)\Windows Live
2011-08-12 20:59:12 ----D---- C:\Program Files (x86)\Common Files\Windows Live
2011-08-12 20:57:19 ----A---- C:\Windows\devices.txt
2011-08-12 20:56:32 ----A---- C:\Windows\SysWOW64\log.txt
2011-08-12 20:56:14 ----D---- C:\Program Files (x86)\Common Files\postureAgent
2011-08-12 20:55:55 ----A---- C:\Windows\USB_VIDEO_REG.exe
2011-08-12 20:55:55 ----A---- C:\Windows\PLFSetI.exe
2011-08-12 20:55:55 ----A---- C:\Windows\PidList.ini
2011-08-12 20:55:55 ----A---- C:\Windows\Image.dll
2011-08-12 20:55:55 ----A---- C:\Windows\AutoSetFrequency.ini
2011-08-12 20:55:55 ----A---- C:\Windows\AutosetFrequency.exe
2011-08-12 20:55:55 ----A---- C:\Windows\Acer Crystal Eye webcam.exe
2011-08-12 20:55:40 ----D---- C:\Users\Ian\AppData\Roaming\InstallShield
2011-08-12 20:51:28 ----D---- C:\Program Files (x86)\Launch Manager
2011-08-12 20:51:07 ----D---- C:\Users\Ian\AppData\Roaming\Intel Corporation
2011-08-12 20:50:57 ----AD---- C:\book
2011-08-12 20:50:36 ----D---- C:\Users\Ian\AppData\Roaming\Identities
2011-08-12 20:49:23 ----A---- C:\Windows\SysWOW64\wintrust.dll
2011-08-12 20:49:22 ----A---- C:\Windows\SysWOW64\cabview.dll
2011-08-12 20:49:15 ----D---- C:\Program Files (x86)\OEM
2011-08-12 20:47:12 ----SD---- C:\Users\Ian\AppData\Roaming\Microsoft
2011-08-12 20:47:12 ----D---- C:\Users\Ian\AppData\Roaming\Media Center Programs
2011-08-12 20:46:56 ----SHD---- C:\Recovery
2011-08-12 20:38:14 ----D---- C:\Program Files (x86)\Common Files\Intel
2011-08-12 20:38:10 ----D---- C:\Windows\SoftwareDistribution
2011-08-12 20:34:58 ----SHD---- C:\System Volume Information
2011-08-12 20:34:58 ----ASH---- C:\pagefile.sys
2011-08-12 20:34:58 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2011-08-29 14:49:50 ----D---- C:\Program Files (x86)
2011-08-29 14:33:32 ----D---- C:\Windows\Temp
2011-08-29 14:11:36 ----D---- C:\Windows\SysWOW64\drivers
2011-08-29 14:11:35 ----HD---- C:\ProgramData
2011-08-25 06:46:33 ----D---- C:\Windows\winsxs
2011-08-25 06:46:25 ----D---- C:\Windows\SysWOW64\en-US
2011-08-25 06:46:25 ----D---- C:\Windows\SysWOW64
2011-08-25 06:46:25 ----D---- C:\Windows\System32
2011-08-22 15:18:29 ----D---- C:\Windows\Prefetch
2011-08-20 12:11:26 ----AD---- C:\Windows
2011-08-20 09:41:10 ----SHD---- C:\Windows\Installer
2011-08-20 09:40:11 ----RD---- C:\Program Files
2011-08-18 07:15:47 ----D---- C:\Windows\debug
2011-08-16 20:20:12 ----D---- C:\Windows\Microsoft.NET
2011-08-16 20:20:01 ----RSD---- C:\Windows\assembly
2011-08-16 15:49:48 ----D---- C:\Windows\inf
2011-08-16 08:11:57 ----D---- C:\Program Files (x86)\Acer Games
2011-08-16 08:10:00 ----D---- C:\ProgramData\WildTangent
2011-08-16 08:08:17 ----D---- C:\Program Files (x86)\Acer
2011-08-15 08:39:08 ----D---- C:\ProgramData\McAfee
2011-08-13 14:54:26 ----D---- C:\Program Files (x86)\Windows Mail
2011-08-13 14:54:14 ----D---- C:\Windows\AppPatch
2011-08-13 14:54:11 ----D---- C:\Program Files (x86)\Windows Media Player
2011-08-13 14:54:05 ----D---- C:\Windows\SysWOW64\migration
2011-08-13 14:54:05 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-13 13:54:34 ----D---- C:\ProgramData\Microsoft Help
2011-08-13 13:46:07 ----SD---- C:\ProgramData\Microsoft
2011-08-13 13:45:45 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-08-13 13:36:43 ----D---- C:\Program Files (x86)\Microsoft Works
2011-08-13 12:03:22 ----SHD---- C:\$Recycle.Bin
2011-08-13 09:29:27 ----RSD---- C:\Windows\Fonts
2011-08-13 09:27:59 ----D---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-13 09:23:25 ----D---- C:\Windows\PolicyDefinitions
2011-08-13 09:05:24 ----D---- C:\Program Files (x86)\Common Files
2011-08-12 21:43:24 ----D---- C:\Windows\Logs
2011-08-12 21:37:26 ----D---- C:\Windows\Tasks
2011-08-12 21:37:17 ----D---- C:\Program Files (x86)\Google
2011-08-12 21:32:54 ----D---- C:\Windows\SysWOW64\wbem
2011-08-12 21:19:12 ----HD---- C:\OEM
2011-08-12 21:19:12 ----HD---- C:\AcerSW
2011-08-12 21:14:45 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2011-08-12 21:10:12 ----D---- C:\Windows\Help
2011-08-12 21:03:17 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2011-08-12 20:57:58 ----D---- C:\ProgramData\OEM
2011-08-12 20:56:09 ----D---- C:\Program Files (x86)\Intel
2011-08-12 20:51:12 ----AD---- C:\Windows\DeployWinRE2
2011-08-12 20:50:58 ----D---- C:\ProgramData\EgisTec IPS
2011-08-12 20:47:09 ----RD---- C:\Users
2011-08-12 20:46:59 ----D---- C:\Windows\Panther
2011-08-12 20:45:53 ----D---- C:\Windows\rescache
2011-08-12 20:37:35 ----D---- C:\Intel

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys []
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys []
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys []
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [2010-01-19 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [2010-01-19 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-03-17 866336]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
R2 McciCMService;McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [2010-01-27 319488]
R2 McciCMService64;McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-01-27 517632]
OTL logfile created on: 29/08/2011 2:45:11 PM - Run 4
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Ian\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.68 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 75.34% Memory free
11.36 Gb Paging File | 9.83 Gb Available in Paging File | 86.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 126.34 Gb Total Space | 90.31 Gb Free Space | 71.48% Space Free | Partition Type: NTFS

Computer Name: IAN-PC | User Name: Ian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/29 08:03:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe
PRC - [2011/08/15 08:39:18 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011/08/12 21:41:18 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe
PRC - [2011/01/06 15:56:46 | 004,318,520 | ---- | M] (Bell) -- C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe
PRC - [2011/01/06 15:56:46 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Bell\Internet Service Advisor\BISAComHandler.exe
PRC - [2010/04/17 01:57:08 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/11 01:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 01:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/03/08 19:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 19:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/03 09:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 09:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 09:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 20:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/13 21:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/13 15:04:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011/08/13 15:04:21 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/13 15:04:13 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/13 15:03:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/13 15:03:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/13 15:03:46 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/08/13 15:03:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/01/06 15:47:38 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Bell\Internet Service Advisor\Windows7Features.dll
MOD - [2010/03/08 20:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/01/13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/05/20 02:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/04/22 13:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2010/03/17 10:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2010/04/25 01:46:55 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/04/17 01:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/08 19:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 09:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 07:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 07:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 07:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 07:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 07:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/04/06 22:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/31 03:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/26 04:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/05 04:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/02 18:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/18 03:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/17 13:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 22:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 22:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 22:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/26 16:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2010/01/19 11:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/19 11:06:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...63z155t45n1k502
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...63z155t45n1k502
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...63z155t45n1k502
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...E-2784E8AF052B}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/19 08:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/19 08:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\Mozilla\Extensions
[2011/08/19 08:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/12 01:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BISA.exe] C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe (Bell)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/29 14:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/08/29 14:11:40 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Malwarebytes
[2011/08/29 14:11:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/29 14:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/29 14:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/29 14:11:32 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/29 14:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/29 08:03:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe
[2011/08/23 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Adobe
[2011/08/20 09:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2011/08/20 09:41:17 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/08/20 09:41:17 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/20 09:41:16 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/08/20 09:41:15 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/08/20 09:41:14 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/08/20 09:41:11 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/08/20 09:41:11 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/08/20 09:40:14 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/20 09:40:13 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/20 09:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/08/20 09:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/08/19 08:16:46 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Mozilla
[2011/08/19 08:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/17 19:51:50 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\My Cheat Tables
[2011/08/17 19:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.1
[2011/08/17 19:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.1
[2011/08/14 09:32:41 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/14 09:20:36 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Template
[2011/08/13 14:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/08/13 14:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/08/13 13:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/13 13:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/08/13 13:41:01 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011/08/13 13:41:01 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011/08/13 13:41:01 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011/08/13 13:41:01 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011/08/13 13:41:01 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011/08/13 13:41:01 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011/08/13 13:41:01 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011/08/13 13:41:01 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011/08/13 12:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ares
[2011/08/13 09:35:30 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Mozilla
[2011/08/13 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\BellCanada
[2011/08/13 09:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BellCanada
[2011/08/13 09:31:38 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/13 09:31:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/13 09:31:38 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/08/13 09:31:24 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/13 09:31:23 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/13 09:31:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/13 09:31:23 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/13 09:31:23 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/13 09:31:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/13 09:31:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/13 09:31:23 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/13 09:31:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/13 09:31:23 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/13 09:31:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/13 09:31:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/13 09:31:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/13 09:31:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/13 09:31:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/13 09:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2011/08/13 09:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2011/08/13 09:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2011/08/13 08:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Bell
[2011/08/13 08:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint
[2011/08/13 08:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bell
[2011/08/13 08:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Bell
[2011/08/13 08:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bell
[2011/08/13 08:41:21 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Diagnostics
[2011/08/13 07:49:28 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/13 07:49:28 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/13 07:49:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/13 07:49:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/13 07:49:28 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/13 07:49:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/13 07:49:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/13 07:49:28 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/13 07:49:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/13 07:49:20 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/08/13 07:49:20 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/08/13 07:49:19 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/08/13 07:49:19 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/08/13 07:49:19 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/08/13 07:49:18 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/08/13 07:49:18 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/08/13 07:49:18 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/08/13 07:49:18 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/08/13 07:49:18 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/08/13 07:49:17 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2011/08/13 07:49:17 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2011/08/13 07:49:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2011/08/13 07:49:16 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011/08/13 07:49:16 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2011/08/13 07:49:16 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011/08/13 07:49:16 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011/08/13 07:49:16 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2011/08/13 07:49:16 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011/08/13 07:49:16 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2011/08/13 07:49:16 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2011/08/13 07:49:13 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2011/08/13 07:49:05 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2011/08/13 07:49:04 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/08/13 07:49:04 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/08/13 07:49:03 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/08/13 07:49:03 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/08/13 07:49:03 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2011/08/13 07:48:59 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/08/13 07:48:59 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/08/13 07:48:59 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/08/13 07:48:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/08/13 07:48:58 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011/08/13 07:48:58 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011/08/13 07:48:57 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2011/08/13 07:48:46 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/08/13 07:48:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/08/13 07:48:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/08/13 07:48:41 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2011/08/13 07:48:41 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2011/08/13 07:48:39 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/08/13 07:48:34 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2011/08/13 07:48:32 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/08/13 07:48:32 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/08/13 07:48:32 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/08/13 07:48:32 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/08/13 07:48:32 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/08/13 07:48:32 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/08/13 07:48:32 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/08/13 07:48:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2011/08/13 07:48:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2011/08/13 07:48:31 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/08/13 07:48:29 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/13 07:48:29 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/13 07:48:29 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/13 07:48:29 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/13 07:48:29 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/13 07:48:29 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/13 07:48:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/13 07:48:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/13 07:48:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/13 07:48:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/13 07:48:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/13 07:48:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/13 07:48:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/13 07:48:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/13 07:48:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/13 07:48:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/13 07:48:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/13 07:48:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/13 07:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/13 07:48:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/13 07:48:26 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/08/13 07:48:25 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/08/13 07:48:25 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/08/13 07:48:25 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/08/13 07:48:24 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/08/13 07:48:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/08/13 07:48:22 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2011/08/13 07:48:21 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2011/08/13 07:48:20 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2011/08/13 07:48:20 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2011/08/13 07:48:17 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011/08/13 07:48:16 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/08/13 07:48:16 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/08/13 07:48:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2011/08/13 07:45:52 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/13 07:45:51 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/13 07:45:51 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/13 00:32:24 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2011/08/12 21:57:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Ares
[2011/08/12 21:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011/08/12 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/12 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/08/12 21:53:40 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/08/12 21:53:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/08/12 21:53:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/08/12 21:53:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/08/12 21:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/08/12 21:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/08/12 21:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/08/12 21:43:28 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Yahoo!
[2011/08/12 21:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011/08/12 21:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2011/08/12 21:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\BitTorrent
[2011/08/12 21:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer Platform Preview
[2011/08/12 21:32:14 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/08/12 21:32:14 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/08/12 21:32:14 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/08/12 21:32:14 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/08/12 21:32:14 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/08/12 21:32:14 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/08/12 21:32:14 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/08/12 21:32:14 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/08/12 21:32:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/08/12 21:32:14 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/08/12 21:32:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/08/12 21:32:13 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/08/12 21:32:13 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/08/12 21:32:13 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/08/12 21:32:13 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/08/12 21:32:13 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/08/12 21:32:12 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/08/12 21:32:12 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/08/12 21:32:12 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/08/12 21:32:12 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/08/12 21:32:12 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/08/12 21:32:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/08/12 21:28:47 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Adobe
[2011/08/12 21:28:45 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Google
[2011/08/12 21:28:45 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Google
[2011/08/12 21:09:37 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Macromedia
[2011/08/12 21:07:42 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll
[2011/08/12 21:07:42 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2011/08/12 21:05:59 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Cyberlink
[2011/08/12 21:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2011/08/12 21:05:10 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2011/08/12 21:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2011/08/12 21:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/08/12 21:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011/08/12 21:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/08/12 21:01:59 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/08/12 21:01:59 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/08/12 21:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/08/12 21:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/08/12 21:00:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/08/12 21:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/08/12 21:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/08/12 21:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/08/12 20:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/08/12 20:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2011/08/12 20:56:03 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2011/08/12 20:55:55 | 001,664,248 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.exe
[2011/08/12 20:55:55 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2011/08/12 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2011/08/12 20:55:40 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\InstallShield
[2011/08/12 20:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/08/12 20:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2011/08/12 20:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2011/08/12 20:51:07 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Intel Corporation
[2011/08/12 20:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2011/08/12 20:50:58 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\EgisTec IPS
[2011/08/12 20:50:57 | 000,000,000 | ---D | C] -- C:\book
[2011/08/12 20:50:45 | 000,000,000 | R--D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/12 20:50:45 | 000,000,000 | R--D | C] -- C:\Users\Ian\Searches
[2011/08/12 20:50:45 | 000,000,000 | R--D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/08/12 20:50:45 | 000,000,000 | -H-D | C] -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/08/12 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Identities
[2011/08/12 20:50:34 | 000,000,000 | R--D | C] -- C:\Users\Ian\Contacts
[2011/08/12 20:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\VirtualStore
[2011/08/12 20:49:23 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2011/08/12 20:49:22 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2011/08/12 20:49:22 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2011/08/12 20:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2011/08/12 20:47:12 | 000,000,000 | --SD | C] -- C:\Users\Ian\AppData\Roaming\Microsoft
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Videos
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Saved Games
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Pictures
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Music
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Links
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Favorites
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Downloads
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Documents
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\Desktop
[2011/08/12 20:47:12 | 000,000,000 | R--D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\AppData\Local\Temporary Internet Files
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Templates
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Start Menu
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\SendTo
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Recent
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\PrintHood
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\NetHood
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Documents\My Videos
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Documents\My Pictures
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Documents\My Music
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\My Documents
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Local Settings
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\AppData\Local\History
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Cookies
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\Application Data
[2011/08/12 20:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Ian\AppData\Local\Application Data
[2011/08/12 20:47:12 | 000,000,000 | -H-D | C] -- C:\Users\Ian\AppData
[2011/08/12 20:47:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Temp
[2011/08/12 20:47:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Microsoft
[2011/08/12 20:47:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Media Center Programs
[2011/08/12 20:46:56 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/08/12 20:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2011/08/12 20:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2011/08/12 20:38:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/08/12 20:34:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/29 14:47:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/29 14:24:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/29 14:24:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/29 14:16:56 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/29 14:16:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/29 14:16:31 | 278,024,191 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/29 14:11:36 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 08:03:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe
[2011/08/20 12:11:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/20 09:41:18 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011/08/19 08:20:18 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/19 08:16:43 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/16 15:49:48 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/16 15:49:48 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/16 15:49:48 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/16 07:49:39 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdate.dll
[2011/08/14 09:20:10 | 000,000,000 | ---- | M] () -- C:\Users\Ian\AppData\Roaming\wklnhst.dat
[2011/08/13 14:56:19 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/13 13:36:43 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2011/08/13 12:03:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/08/13 00:32:24 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2011/08/12 21:53:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/08/12 21:53:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/08/12 21:53:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/08/12 21:53:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/08/12 21:46:15 | 000,001,441 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/12 21:43:23 | 000,000,991 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/08/12 21:35:45 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2011/08/12 20:55:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/08/12 20:51:36 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2011/08/12 20:47:35 | 000,015,754 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2011/08/12 20:45:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/08/12 20:45:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/08/12 20:41:23 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/29 14:11:36 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/20 09:41:18 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011/08/20 09:41:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/08/19 08:16:43 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/14 09:20:10 | 000,000,000 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\wklnhst.dat
[2011/08/13 13:36:43 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2011/08/13 12:03:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/08/13 00:33:44 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2011/08/12 21:43:23 | 000,000,991 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/08/12 21:37:26 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/12 21:37:22 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/12 21:32:41 | 000,001,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer Platform Preview.lnk
[2011/08/12 21:28:41 | 000,001,441 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/12 21:03:50 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/08/12 21:03:39 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/08/12 20:55:55 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2011/08/12 20:55:55 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/08/12 20:55:55 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011/08/12 20:55:55 | 000,009,168 | ---- | C] () -- C:\Windows\Suyin.reg
[2011/08/12 20:55:55 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2011/08/12 20:55:55 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2011/08/12 20:55:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/08/12 20:51:36 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI
[2011/08/12 20:50:50 | 000,001,413 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/08/12 20:50:46 | 000,001,447 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/12 20:47:35 | 000,015,754 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2011/08/12 20:47:12 | 000,000,290 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/08/12 20:47:12 | 000,000,272 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/08/12 20:41:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2011/08/12 20:34:58 | 278,024,191 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/25 01:53:33 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/04/25 01:53:33 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/25 01:53:33 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/25 01:53:32 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/04/25 01:53:32 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >
:unsure: :)

R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-05 144640]
R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
R2 ServicepointService;ServicepointService; C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [2011-01-06 689464]
R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-12 135664]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-12 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-25 182768]
S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-05 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Partner Service;Partner Service; C:\ProgramData\Partner\Partner.exe [2010-04-25 332272]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=41217
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=41217
esets_scanner_update returned -1 esets_gle=41217
esets_scanner_update returned -1 esets_gle=41217
esets_scanner_update returned -1 esets_gle=0

Edited by istring, 30 August 2011 - 05:45 AM.

  • 0

#9
Jintan
Posted 30 August 2011 - 07:17 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Did the Eset scan run OK. Kinda difficult to weed through, but the results seem to suggest the scan was incomplete. The logs show your more-vulnerable softwares, such as Java and Adobe, up to date, so congrats keeping up with things. Adobe Reader has a more current version, so when you have time, go here and update that.

Seems Internet Explorer has a bogus, search redirect bigseekpro.com start page. When you open IE does it open to this? If so, in IE, go to Tools - Internet Options - General tab, and change the Home Page to one of your choice (being sure to click Apply and OK after making changes).

Still looks like the biggest issue there remains:

Bell Internet Service Advisor 3.7.44-->"C:\Program Files (x86)\Bell\Internet Service Advisor\unins000.exe"

That includes Radial Point, which, as an antivirus product (and a not-so-good one to boot), it is in conflict with Avast. So when you have some time, go to Programs and Features in Control Panel, and uninstall that. It should not have any effect on your Internet access, but be sure to reboot after.

----------

When web searching this file, most of them seem to just lead back to Malwarebytes removing it:

c:\Users\Ian\AppData\Local\Temp\somoto_chrome.exe

If you would, open Malwarebytes - Quarantine tab, click that entry and allow Malwarebytes to Restore it. Then Just go here, press NEW TOPIC (right hand side, just at the top of the forum thread list), fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select the following files on your computer.

c:\Users\Ian\AppData\Local\Temp\somoto_chrome.exe

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.

Once you have done that just right click that somoto_chrome.exe files, and rename it to somoto_chrome.exe.bad, which will; serve to neutralize it from executing.
  • 0

#10
istring
Posted 31 August 2011 - 03:43 PM

istring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
OK i did as requested. Thanks
  • 0

Advertisements

#11
Jintan
Posted 31 August 2011 - 03:54 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Did you do the SpyKiller upload? I checked and don't see it there.
  • 0

#12
Jintan
Posted 31 August 2011 - 06:59 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I received the file, thanks. Some type of Chrome Kango adware, best quick assumption. Let's take a look for that, based on the info the uploaded file provided.

Click here and download the 64 bit version of jpshortstuff's SystemLook to your desktop, then click that file to open the scan display. In the open textbox, copy and paste the following (inside the Code box below):

:filefind
kango
Minibar
:folderfind
kango
Minibar
:regfind
kango
Minibar

Then click Look. Once the scan completes Notepad will open - copy/paste those contents back here please. That will also be saved as a log where you have the scan file, named SystemLook.txt.
  • 0

#13
istring
Posted 31 August 2011 - 07:45 PM

istring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 21:39 on 31/08/2011 by Ian
Administrator - Elevation successful

========== filefind ==========

Searching for "kango "
No files found.

Searching for "Minibar "
No files found.

========== folderfind ==========

Searching for "kango "
No folders found.

Searching for "Minibar "
No folders found.

========== regfind ==========

Searching for "kango "
No data found.

Searching for "Minibar"
No data found.

-= EOF =-

BTW i ununstalled the bisa and the laptop seems faster, I also diabled a desktop windows manager which i kinda liked but i can live without.I feel bad that you've devoted so much time to this.It is much appreciated.
  • 0

#14
Jintan
Posted 31 August 2011 - 08:18 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
SystemLook didn't pick up any of the signatures from that one file, so looks like it was a remnant. Good you have the improvements, and yes, that one program just isn't very beneficial on systems. No malware at this point, so before we start wrapping things up here, and problems we still need to address?
  • 0

#15
Jintan
Posted 31 August 2011 - 08:44 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
As an afterthought, I now see that SystemLook script wouldn't have checked everything. If you would, run SystemLook one more time, using the following:

:filefind
*kango*
*Minibar*
:folderfind
*kango*
*Minibar*

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP