Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Running Extremely Slow

Started by Loganbiz , Sep 21 2011 09:41 AM

  • Please log in to reply

#1
Loganbiz
Posted 21 September 2011 - 09:41 AM

Loganbiz

    Member

  • Member
  • PipPip
  • 24 posts
I am trying to help my mother-in-law with her computer. It suddenly began running very slowly. Programs take a long time to start. I did a little clean-up of old files and checked the disk fragmentation. Her virus definitions were out of date and the Kapersky antivirus had apparently been turned off. I updated and did a scan. No threats were found, but the scan took two days to finish. I suspect there could be a malware problem, but I don't know. I am not getting errors, just very poor performance. Any assistance would be appreciated.

OTL logfile created on: 9/21/2011 7:55:10 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Wicked Queen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 59.43% Memory free
5.49 Gb Paging File | 4.20 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 97.88 Gb Free Space | 71.48% Space Free | Partition Type: NTFS

Computer Name: WICKEDQUEEN-PC | User Name: Wicked Queen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/20 22:47:39 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Wicked Queen\Desktop\OTL.exe
PRC - [2011/09/02 23:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/02 23:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2010/08/19 16:13:22 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/10/29 04:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/21 19:53:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/09/10 06:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 02:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/03 22:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/02 23:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/01/26 18:07:32 | 003,884,312 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/29 12:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 05:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/02 23:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/08/19 16:13:22 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/10 06:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/19 17:11:03 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/11/11 18:35:24 | 000,225,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/05 21:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/07/29 15:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 00:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/15 03:03:40 | 000,245,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 07:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...64z175t44k2x291
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...64z175t44k2x291
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...64z175t44k2x291
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...64z175t44k2x291

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.net
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wicked Queen\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wicked Queen\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/18 08:21:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/21 07:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/18 08:21:42 | 000,000,000 | ---D | M]

[2011/09/21 07:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wicked Queen\AppData\Roaming\Mozilla\Extensions
[2011/09/21 07:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/02 23:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/02 16:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wicked Queen\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wicked Queen\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wicked Queen\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.att.obe...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0194D2F0-1FEF-498B-91D7-267CF91FDD00}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/21 07:48:14 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Roaming\Mozilla
[2011/09/21 07:48:14 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\Mozilla
[2011/09/21 07:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/09/21 07:33:21 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{0725704A-9E19-480F-AB6D-254BE2E30E75}
[2011/09/21 07:32:57 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{91CC1C2A-6D08-4A32-87F0-B8F2353F3C13}
[2011/09/20 23:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/20 22:47:29 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Wicked Queen\Desktop\OTL.exe
[2011/09/19 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{7E4507AD-ACBB-4609-809B-5DC9EE24AC38}
[2011/09/16 20:41:14 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{E5CDAE54-7ADE-4E1C-B78B-5C5B79D26A8A}
[2011/09/16 08:37:15 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{CFBBBCF8-3D87-43F3-B194-B5945B4608E4}
[2011/09/16 08:34:37 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{C2CFFE84-534B-4B6E-B383-5611613D2F59}
[2011/09/15 17:25:04 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{F9684B15-7F94-4295-83F9-B8401AD84D02}
[2011/09/15 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{0C3B537B-C4CD-4081-B44D-4711244D9187}
[2011/09/14 20:25:55 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{48BB95CE-F959-4A23-9630-783716900B9E}
[2011/09/14 08:23:43 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{B6D9827F-DE5A-4698-81A6-0D255D77B9BA}
[2011/09/14 08:23:18 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{C869065E-72B4-45B0-9BE0-2B4CCD74068D}
[2011/09/13 20:22:34 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{7030CF4D-B45A-419E-AAE8-5FFD887CE4D7}
[2011/09/13 08:15:11 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{54551F83-5EB1-49C3-B763-926C59CB2A30}
[2011/09/13 08:11:03 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{4A7DA964-CC2B-4B8B-AC40-4F8E2C5D7C7A}
[2011/09/12 09:50:44 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{CAA837BB-F6B0-432A-8202-67230BEC3984}
[2011/09/12 09:46:36 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{EC6DF60F-0FB4-4552-B6CA-1B03D5F080AB}
[2011/09/10 09:42:20 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{26038C23-EC03-4B56-97EB-7E320341AA56}
[2011/09/10 09:41:56 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{C73446AB-8415-40FB-90AC-5FFE27FF7D56}
[2011/09/09 21:41:01 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{DF3429C6-7FC5-4757-8910-5419BAC4E6B6}
[2011/09/09 09:38:53 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{EA8416C4-179E-4100-8F2A-08B17A898E85}
[2011/09/09 09:37:23 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{FC47CC78-4E69-44D7-9D68-4E9EAADF4488}
[2011/09/08 21:32:42 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{910E2E88-17C9-4A96-8B10-6C479EF7E408}
[2011/09/08 08:21:57 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{C29C939F-C54B-4AEA-B123-6E6936819541}
[2011/09/08 08:21:20 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{93516EDA-42E6-4B6C-AEAD-80CFF4DB0A75}
[2011/09/07 09:24:12 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{E3411D7A-A8FD-41C9-B97F-2D24333D2425}
[2011/09/07 09:19:52 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{311C0876-9C2E-4C5C-BA20-915ADA5087D4}
[2011/09/06 10:47:02 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{61BD8AD1-A2FB-4EA3-9B6D-FA4DC042A705}
[2011/09/06 10:46:16 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{8982A027-0F8C-483B-9A69-97C39FCE6D16}
[2011/09/05 10:35:11 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{4B8FC6B6-A134-4BA3-888A-F4F34719C460}
[2011/09/05 10:33:20 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{B5C0FED4-1DC6-48DC-95C7-9C2670626620}
[2011/09/04 11:29:12 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{88F67A2B-241A-4A88-A563-E85A3FACBD31}
[2011/09/04 11:27:28 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{2647864C-DCDC-4BAC-A886-0ECF8F837471}
[2011/09/03 12:39:02 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{9710FE32-0D12-4A45-B985-9413B581EDE9}
[2011/09/03 12:37:09 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{977ECF06-8873-4D62-87F1-E1437B5E4997}
[2011/09/02 09:16:32 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{255EE463-0B8C-4670-8636-243059021692}
[2011/09/02 09:13:56 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{486618C7-A182-4EE9-BF03-F2B84DB66AE1}
[2011/09/01 10:44:50 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{C5967F84-4C7F-4273-A543-4FF8DC7671FC}
[2011/09/01 10:43:45 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{2CE4828C-E158-48D1-BC1B-68575BC563C3}
[2011/08/31 22:05:35 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{41EB46C5-3997-498B-8052-F3B7BFFE8809}
[2011/08/31 22:05:10 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{77B6C15C-0C70-4640-B08B-A3C29FD31141}
[2011/08/31 10:03:37 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{35E41889-B2AF-4008-88A8-65839FA30EBD}
[2011/08/31 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{FF1744ED-CDE3-41E6-B8E3-ED91C80C0628}
[2011/08/30 22:02:15 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{BB736B89-3C34-4253-9E39-B3DFC785A76E}
[2011/08/30 09:41:17 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{19D4168E-FBC2-4BC5-B067-5B629914B3AA}
[2011/08/30 09:40:45 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{997C67F8-9FD4-4447-A91D-F64A7CB0505D}
[2011/08/29 08:58:28 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{37464940-7593-418A-A42F-6CA853F4D756}
[2011/08/29 08:56:53 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{D5AE149C-71C7-4B95-8993-92FD2565105E}
[2011/08/28 11:11:53 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{F74C8164-5C19-43C2-802F-3A9399273305}
[2011/08/28 11:10:14 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{96349D39-1DBB-4DB7-BC9C-1B3B111901E4}
[2011/08/27 23:03:42 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{D4648DEF-09CC-42B1-B94D-352C35781E26}
[2011/08/27 09:52:49 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{AA76D881-A6DA-489B-AF86-7D89D91E9624}
[2011/08/27 09:48:49 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{8541D916-4CCC-42E8-A667-B5AE01158213}
[2011/08/26 19:29:31 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{9F4E112D-C30A-45BA-9750-85BA1F118D62}
[2011/08/26 19:29:06 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{432B0C9D-2C4C-415C-A485-606ABA6D1064}
[2011/08/26 07:28:08 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{BDF64AC6-D1AB-4519-B12D-26EC2A3EC3E8}
[2011/08/26 07:26:40 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{83DB5406-D0AE-46A4-82B4-B70777374590}
[2011/08/25 08:34:55 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{717FC268-59F9-4F79-A2AC-66FD9450F911}
[2011/08/25 08:33:58 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{61021241-BBF6-4959-B65E-27B1CE268867}
[2011/08/24 20:26:52 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{23FDCF44-2851-4528-89D8-B65FAD91EDCA}
[2011/08/24 08:24:34 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{0093DBBB-9119-4F42-9E74-A421901F6E98}
[2011/08/24 08:24:09 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{B864593B-224F-4E3D-A7CD-D1FAE2E55D68}
[2011/08/23 20:17:32 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{3787DA58-9E88-4689-8693-1B94B128FC1D}
[2011/08/23 08:15:16 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{F1F1A331-A7F5-477A-98AB-CF966C5FD2E9}
[2011/08/23 08:13:43 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{3D452459-0734-41EF-AAF1-846D4E6AD8A5}
[2011/08/22 08:21:41 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{513AE2A3-E0C1-4EC6-B593-2743667551AA}
[2011/08/22 08:21:08 | 000,000,000 | ---D | C] -- C:\Users\Wicked Queen\AppData\Local\{F4894120-0F31-4E5F-AD4C-A359700538B8}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/21 08:04:18 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1995318332-2577941345-1383801643-1000UA.job
[2011/09/21 07:47:26 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/21 07:41:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/21 07:41:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/21 07:32:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/21 07:31:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/21 07:31:52 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/20 23:55:36 | 000,746,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/20 23:55:36 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/20 23:55:36 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/20 23:37:06 | 000,000,064 | ---- | M] () -- C:\Users\Wicked Queen\Desktop\more.url
[2011/09/20 23:31:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/20 22:47:39 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Wicked Queen\Desktop\OTL.exe
[2011/09/20 22:13:40 | 000,002,402 | ---- | M] () -- C:\Users\Wicked Queen\Desktop\Google Chrome.lnk
[2011/09/20 16:05:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1995318332-2577941345-1383801643-1000Core.job
[2011/09/16 21:09:31 | 000,000,798 | ---- | M] () -- C:\Users\Wicked Queen\AppData\Roaming\wklnhst.dat
[2011/09/13 16:18:37 | 000,014,336 | ---- | M] () -- C:\Users\Wicked Queen\Documents\rec.xlr
[2011/09/12 10:10:41 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/09/12 10:10:41 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/09/07 09:52:58 | 000,010,752 | ---- | M] () -- C:\Users\Wicked Queen\Documents\DiscRec.xlr
[2011/08/24 10:04:17 | 000,000,329 | ---- | M] () -- C:\Users\Wicked Queen\Desktop\HP Printer Diagnostic Tools.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/21 07:47:24 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/21 07:47:22 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/20 23:37:06 | 000,000,064 | ---- | C] () -- C:\Users\Wicked Queen\Desktop\more.url
[2011/08/24 10:04:17 | 000,000,329 | ---- | C] () -- C:\Users\Wicked Queen\Desktop\HP Printer Diagnostic Tools.url
[2011/02/26 20:17:38 | 000,007,604 | ---- | C] () -- C:\Users\Wicked Queen\AppData\Local\Resmon.ResmonCfg
[2010/10/26 15:44:32 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/18 08:20:52 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/26 16:32:20 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/04/22 11:49:50 | 000,201,678 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/04/21 08:16:02 | 000,000,798 | ---- | C] () -- C:\Users\Wicked Queen\AppData\Roaming\wklnhst.dat
[2009/11/05 12:49:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 03:34:22 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/04/19 16:32:33 | 000,000,000 | ---D | M] -- C:\Users\Wicked Queen\AppData\Roaming\Acer
[2010/04/19 16:32:31 | 000,000,000 | ---D | M] -- C:\Users\Wicked Queen\AppData\Roaming\Leadertech
[2010/04/29 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\Wicked Queen\AppData\Roaming\PowerCinema
[2011/08/21 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Wicked Queen\AppData\Roaming\SoftDMA
[2010/04/26 14:09:25 | 000,000,000 | ---D | M] -- C:\Users\Wicked Queen\AppData\Roaming\Template
[2010/04/26 14:45:39 | 000,000,000 | ---D | M] -- C:\Users\Wicked Queen\AppData\Roaming\WildTangent
[2011/01/01 22:40:49 | 000,000,000 | ---D | M] -- C:\Users\Wicked Queen\AppData\Roaming\Windows Live Writer
[2011/08/02 20:56:31 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP