Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

need help

Started by ao923 , Feb 05 2012 06:27 PM

  • Please log in to reply

#1
ao923
Posted 05 February 2012 - 06:27 PM

ao923

    New Member

  • Member
  • Pip
  • 4 posts
my internet is running slower and my disk space is full even though i have not a lot of things installed

OTL logfile created on: 2/5/2012 6:00:27 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 32.76% Memory free
8.12 Gb Paging File | 5.65 Gb Available in Paging File | 69.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.40 Gb Total Space | 20.39 Gb Free Space | 9.42% Space Free | Partition Type: NTFS

Computer Name: RUTH-PC | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/05 17:58:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2012/02/05 16:13:18 | 007,289,544 | ---- | M] () -- C:\Users\alex\Desktop\Full\ATSetupV31408.exe
PRC - [2011/12/23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\alex\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/11/28 09:26:21 | 003,082,320 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/11/09 13:41:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/15 16:56:16 | 002,589,808 | ---- | M] (GamersFirst) -- C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
PRC - [2011/07/26 10:24:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/03/26 21:38:38 | 000,305,448 | ---- | M] (EgisTec Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/03/25 03:33:40 | 003,353,600 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009/02/05 09:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/05 16:19:43 | 000,014,848 | ---- | M] () -- C:\Users\alex\AppData\Local\Temp\nsq11A3.tmp\InstallOptions.dll
MOD - [2012/02/05 16:13:18 | 007,289,544 | ---- | M] () -- C:\Users\alex\Desktop\Full\ATSetupV31408.exe
MOD - [2011/11/28 09:26:21 | 003,082,320 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/11/09 13:41:11 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/30 16:18:47 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/01/07 11:40:30 | 015,988,224 | ---- | M] () -- C:\Program Files (x86)\GamersFirst\LIVE!\libcef.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/06 03:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/04/15 17:17:48 | 000,794,656 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/01/20 23:03:00 | 000,016,896 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/30 13:28:54 | 003,342,112 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_e286960.dll -- (Akamai)
SRV - [2011/07/26 10:24:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/10 16:02:10 | 004,134,480 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/08/21 09:38:32 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/04/14 18:48:50 | 000,075,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2009/04/11 20:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/26 21:38:38 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/03/25 03:33:50 | 003,444,224 | ---- | M] (Egis Technology Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/02/05 09:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/18 03:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 03:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/03/18 02:59:52 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2010/03/18 02:59:44 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2009/11/07 12:14:22 | 000,330,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2009/06/15 14:01:06 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/05/16 20:59:30 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/05/15 18:50:26 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/04/07 14:04:00 | 000,056,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1C60x64.sys -- (L1C)
DRV:64bit: - [2009/03/26 21:40:16 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/03/26 21:40:16 | 000,022,064 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/03/26 21:40:16 | 000,020,528 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mwlPSDNServ.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/03/25 01:48:32 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/03/22 22:40:00 | 005,430,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/11 11:32:00 | 000,072,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/03/05 11:41:00 | 000,262,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/02/11 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/20 23:03:00 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/12/15 20:41:52 | 000,038,416 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2008/09/16 17:37:12 | 000,062,480 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2008/01/30 03:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/03/28 08:50:16 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\winbondcir.sys -- (winbondcir)
DRV - [2010/11/03 23:00:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\HtsysmNT.sys -- (Htsysm)
DRV - [2008/09/09 03:38:48 | 000,015,656 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2008/07/10 06:25:24 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2005/01/01 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_5739g
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_5739g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_5739g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_5739g

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_5739g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kongregate.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.463
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.67.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.53
FF - prefs.js..keyword.URL: "http://www.scanquery...ryPB&keywords="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\alex\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/16 13:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 13:41:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/17 16:54:09 | 000,000,000 | ---D | M]

[2011/10/28 07:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Extensions
[2011/08/25 10:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\woeaz1h7.default\extensions
[2011/03/27 21:22:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\woeaz1h7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/11 17:13:51 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\woeaz1h7.default\extensions\[email protected]
[2011/05/01 16:35:58 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\woeaz1h7.default\extensions\[email protected]
[2011/08/25 10:49:01 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\woeaz1h7.default\extensions\[email protected]
[2012/01/17 16:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/17 16:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/12/11 10:28:55 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/11/09 13:41:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/10/18 16:40:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 13:41:14 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\alex\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\alex\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A40A45A-9F86-4AA1-BBC8-AE4E1C8714F8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6127B9A4-4E13-491A-8F58-4E24EE08FF88}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\alex\Pictures\backround.jpg
O24 - Desktop BackupWallPaper: C:\Users\alex\Pictures\backround.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{855208d0-93e1-11de-8205-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{855208d0-93e1-11de-8205-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/05 18:03:08 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
[2012/02/05 17:58:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012/02/05 15:01:27 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\Full
[2012/02/03 16:10:38 | 000,000,000 | ---D | C] -- C:\Users\alex\Documents\The Lord of the Rings Online
[2012/02/03 11:11:03 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\LOTRO Standard Res Install Files EN
[2012/02/02 13:02:25 | 000,000,000 | ---D | C] -- C:\Users\alex\Runes_of_Magic_4_0_5_2467_us_full
[2012/02/02 13:02:25 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\FOG Downloader
[2012/01/30 18:43:15 | 2319,955,754 | ---- | C] (Perfect World Entertainment, Inc.) -- C:\Users\alex\Desktop\RustyHearts_PWE_Setup_20111107_v5.exe
[2012/01/30 11:17:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2012/01/30 11:17:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2012/01/30 11:17:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2012/01/30 11:17:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2012/01/30 11:17:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2012/01/30 11:17:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2012/01/30 11:06:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/01/29 16:09:58 | 000,000,000 | ---D | C] -- C:\Users\alex\Desktop\Downloads
[2012/01/24 21:09:52 | 000,000,000 | ---D | C] -- C:\Users\alex\Documents\Koei
[2012/01/23 19:29:16 | 000,000,000 | ---D | C] -- C:\Users\alex\oni
[2012/01/19 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2012/01/19 17:35:51 | 000,000,000 | ---D | C] -- C:\Users\alex\jagexcache
[2012/01/17 16:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/16 10:28:57 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Chromium
[2012/01/16 10:24:25 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\The Creative Assembly
[2012/01/14 15:35:31 | 000,000,000 | ---D | C] -- C:\Users\alex\jagexcache3
[2012/01/14 15:06:35 | 000,000,000 | ---D | C] -- C:\Users\alex\jagexcache2
[2012/01/14 14:35:33 | 000,000,000 | ---D | C] -- C:\Users\alex\jagexcache1
[2012/01/06 18:37:29 | 000,000,000 | ---D | C] -- C:\Users\alex\riotsGamesLogs
[2012/01/06 18:36:58 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\LolClient
[2011/07/24 16:46:08 | 078,078,224 | ---- | C] (K2 Network, Inc.) -- C:\Program Files (x86)\APB_Reloaded_Installer.exe
[2009/06/18 20:44:31 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/05 18:03:08 | 000,001,530 | ---- | M] () -- C:\Users\alex\Desktop\Atlantica Online.lnk
[2012/02/05 17:58:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/02/05 17:52:29 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/05 17:07:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 17:07:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 11:20:10 | 000,000,040 | ---- | M] () -- C:\Users\alex\jagex_cl_runescape_LIVE.dat
[2012/02/05 11:10:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/05 11:10:22 | 000,243,982 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/02/05 11:09:52 | 000,243,982 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/02/05 11:07:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/05 11:07:38 | 4258,193,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 20:26:24 | 000,000,044 | ---- | M] () -- C:\Users\alex\jagex_cl_runescape_LIVE1.dat
[2012/02/03 17:24:42 | 000,812,768 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/03 17:24:42 | 000,679,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/03 17:24:42 | 000,135,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/01 17:42:57 | 000,299,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/31 19:27:04 | 000,808,174 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/31 13:11:44 | 000,002,017 | ---- | M] () -- C:\Users\alex\Desktop\EverQuest II.lnk
[2012/01/30 19:44:31 | 2319,955,754 | ---- | M] (Perfect World Entertainment, Inc.) -- C:\Users\alex\Desktop\RustyHearts_PWE_Setup_20111107_v5.exe
[2012/01/27 16:36:46 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/01/26 17:50:03 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/21 18:55:00 | 000,000,044 | ---- | M] () -- C:\Users\alex\jagex_cl_runescape_LIVE2.dat
[2012/01/19 17:38:41 | 000,000,024 | ---- | M] () -- C:\Users\alex\jagexappletviewer.preferences
[2012/01/19 17:36:01 | 000,001,873 | ---- | M] () -- C:\Users\alex\Desktop\RuneScape.lnk
[2012/01/14 15:36:40 | 000,000,129 | ---- | M] () -- C:\Users\alex\jagex_runescape_preferences2.dat
[2012/01/14 15:35:31 | 000,000,044 | ---- | M] () -- C:\Users\alex\jagex_cl_runescape_LIVE3.dat
[2012/01/14 15:35:31 | 000,000,035 | ---- | M] () -- C:\Users\alex\jagex_runescape_preferences.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/05 18:03:08 | 000,001,530 | ---- | C] () -- C:\Users\alex\Desktop\Atlantica Online.lnk
[2012/01/31 12:53:16 | 000,002,045 | ---- | C] () -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverQuest II.lnk
[2012/01/31 12:53:16 | 000,002,017 | ---- | C] () -- C:\Users\alex\Desktop\EverQuest II.lnk
[2012/01/19 17:36:55 | 000,000,024 | ---- | C] () -- C:\Users\alex\jagexappletviewer.preferences
[2012/01/19 17:36:01 | 000,001,903 | ---- | C] () -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2012/01/19 17:36:01 | 000,001,873 | ---- | C] () -- C:\Users\alex\Desktop\RuneScape.lnk
[2012/01/14 15:35:31 | 000,000,044 | ---- | C] () -- C:\Users\alex\jagex_cl_runescape_LIVE3.dat
[2012/01/14 15:06:35 | 000,000,044 | ---- | C] () -- C:\Users\alex\jagex_cl_runescape_LIVE2.dat
[2012/01/14 14:35:33 | 000,000,044 | ---- | C] () -- C:\Users\alex\jagex_cl_runescape_LIVE1.dat
[2012/01/14 12:50:50 | 000,000,040 | ---- | C] () -- C:\Users\alex\jagex_cl_runescape_LIVE.dat
[2011/10/28 13:23:06 | 000,067,902 | ---- | C] () -- C:\Users\alex\AppData\Roaming\icarus-dxdiag.xml
[2011/08/25 10:48:53 | 000,352,648 | ---- | C] () -- C:\Windows\SysWow64\SysCheck2.dll
[2011/07/24 16:46:08 | 3816,745,337 | ---- | C] () -- C:\Program Files (x86)\Client1.5.1.565640.7z
[2011/06/16 13:51:22 | 000,208,755 | ---- | C] () -- C:\Windows\hpoins41.dat
[2011/06/16 13:51:22 | 000,001,112 | ---- | C] () -- C:\Windows\hpomdl41.dat
[2011/06/16 13:39:03 | 000,001,112 | ---- | C] () -- C:\Windows\hpomdl41.dat.temp
[2011/05/19 06:04:54 | 000,000,000 | ---- | C] () -- C:\Users\alex\AppData\Local\{AB3044B6-3B71-4CFD-961E-C7B4E6CC3B22}
[2011/05/03 15:29:26 | 000,000,680 | ---- | C] () -- C:\Users\alex\AppData\Local\d3d9caps.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/31 18:17:29 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/03/31 18:17:28 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2011/03/11 17:31:10 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/11 17:31:03 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/02/16 21:20:04 | 000,047,398 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2011/01/27 19:07:50 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/20 18:33:18 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\HtsysmNT.sys
[2011/01/17 17:43:08 | 000,000,092 | ---- | C] () -- C:\Users\alex\AppData\Local\fusioncache.dat
[2011/01/17 17:03:45 | 000,808,174 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/13 13:27:25 | 000,001,846 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010/12/10 14:50:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/30 00:33:50 | 000,008,704 | ---- | C] () -- C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/25 21:45:54 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/03/28 03:33:41 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/03/28 03:32:51 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/03/28 03:32:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/27 19:45:50 | 000,243,982 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/08 19:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/24 20:12:34 | 000,243,982 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/24 19:49:23 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/06/24 19:49:23 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/06/24 19:49:23 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/06/24 19:49:23 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/06/18 20:46:19 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/09/11 06:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\INT15.dll
[2008/09/09 03:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\INT15_64.dll
[2008/09/09 03:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\SysWow64\drivers\int15_64.sys
[2008/05/21 12:46:08 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\VMC3KAPI.dll
[2008/03/12 05:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\int15.sys
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/10/16 12:41:41 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\.minecraft
[2011/10/28 12:11:07 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Acer
[2009/06/18 22:55:39 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Acer GameZone Console
[2012/01/12 18:01:53 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\AlterAeon
[2011/03/31 19:52:36 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\BugTrap Console Test108
[2011/03/02 11:26:29 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\EA
[2011/05/07 07:08:02 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\FixCleaner
[2012/02/02 13:08:30 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\FOG Downloader
[2012/01/29 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\GetRightToGo
[2011/02/16 14:01:58 | 000,000,000 | -H-D | M] -- C:\Users\alex\AppData\Roaming\ijjigame
[2011/04/26 06:47:33 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Leader Technologies
[2010/12/05 19:53:59 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Leadertech
[2011/10/08 17:55:24 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Lionhead Studios
[2010/12/10 09:53:05 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Local
[2012/01/06 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\LolClient
[2010/11/29 10:57:32 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\LPECommon
[2011/11/22 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Mumble
[2011/03/28 18:39:01 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\NeopleLauncherDFO
[2011/09/22 19:32:49 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Orbit
[2010/11/27 22:07:37 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\PlayFirst
[2011/09/22 19:32:49 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\PowerCinema
[2010/11/26 19:42:41 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ProgSense
[2010/11/26 10:12:02 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\SoftDMA
[2012/02/05 14:59:35 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Sony Online Entertainment
[2012/01/16 10:24:25 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\The Creative Assembly
[2011/05/14 18:26:23 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Unity
[2011/09/22 19:32:49 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Xtranormal
[2012/02/04 21:09:28 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:41099CE9

< End of report >

Attached Files

  • Attached File  OTL.Txt   86.74KB   104 downloads
  • Attached File  Extras.Txt   106.69KB   108 downloads

  • 0

Advertisements

#2
WhiteHat
Posted 06 February 2012 - 05:37 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello ao923 and welcome to GeeksToGo :)

I'm GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
WhiteHat
Posted 07 February 2012 - 05:34 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
FF - prefs.js..keyword.URL: "http://www.scanquery.com/?tmp=nemo_results_removelink&prt=ScnqryPB&keywords="


:Commands
[purity]
[resethosts]
[EMPTYTEMP]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 2 #

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


# Step 3 #

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#4
ao923
Posted 08 February 2012 - 11:53 AM

ao923

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
otl.txt
All processes killed
========== OTL ==========
Prefs.js: "http://www.scanquery...ryPB&keywords=" removed from keyword.URL
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26138158 bytes
->Flash cache emptied: 7076 bytes

User: alex
->Temp folder emptied: 15554078 bytes
->Temporary Internet Files folder emptied: 472930979 bytes
->Java cache emptied: 84002167 bytes
->FireFox cache emptied: 208363518 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1137 bytes

User: alex2
->Temp folder emptied: 36722058 bytes
->Temporary Internet Files folder emptied: 48101894 bytes
->Java cache emptied: 374367 bytes
->Flash cache emptied: 9209 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Ruth
->Temp folder emptied: 2319247002 bytes
->Temporary Internet Files folder emptied: 149866156 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 9262 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1080408 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,207.00 mb


[EMPTYFLASH]

User: Adam
->Flash cache emptied: 0 bytes

User: alex
->Flash cache emptied: 0 bytes

User: alex2
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: Ruth
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02072012_192331

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000003BB94BA48A818EA195 not found!

Registry entries deleted on Reboot...
  • 0

#5
ao923
Posted 08 February 2012 - 11:54 AM

ao923

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
mbam.log
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.07.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19170
alex :: RUTH-PC [administrator]

Protection: Disabled

2/7/2012 7:41:54 PM
mbam-log-2012-02-07 (19-41-54).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 545869
Time elapsed: 4 hour(s), 9 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#6
ao923
Posted 08 February 2012 - 11:55 AM

ao923

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
aswmbr
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 11:50:11
-----------------------------
11:50:11.902 OS Version: Windows x64 6.0.6002 Service Pack 2
11:50:11.902 Number of processors: 2 586 0x170A
11:50:11.902 ComputerName: RUTH-PC UserName: alex
11:50:24.036 Initialize success
11:50:45.354 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:50:45.357 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
11:50:45.407 Disk 0 MBR read successfully
11:50:45.409 Disk 0 MBR scan
11:50:45.411 Disk 0 unknown MBR code
11:50:45.444 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
11:50:45.515 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 221593 MB offset 27265024
11:50:45.577 Disk 0 Partition 3 00 12 Compaq diag NTFS 3568 MB offset 481087488
11:50:45.580 Service scanning
11:50:52.401 Modules scanning
11:50:52.404 Disk 0 trace - called modules:
11:50:52.453 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
11:50:52.456 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066ff210]
11:50:52.460 3 CLASSPNP.SYS[fffffa60011d5c33] -> nt!IofCallDriver -> [0xfffffa8004bd1b30]
11:50:52.794 5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c2e050]
11:50:52.798 Scan finished successfully
11:51:23.159 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
11:51:23.169 The log file has been saved successfully to "C:\aswMBR.txt"
  • 0

#7
WhiteHat
Posted 09 February 2012 - 05:06 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Hi,

Your computer looks like cleaned. Look on your personal files/folders (like Music, movies and pictures). Probably, are these files who are taking much space on your Hard Drive.

WinDirStat can help you. This software tells you which files / folders are taking up more space on HD.

Disable your antivirus software
  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/...escan/index.php
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

Edited by GLeobas, 09 February 2012 - 05:07 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP