Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Slow PC with bad sound issues

(In Progress)
(!)

Johny5's Avatar
Johny5 Johny5 is offline
Computer Specs
Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
04-Sep-2012, 09:17 AM #1
Slow PC with bad sound issues
Hi,

For about a week now I've had troubles with my PC (laptop). First of all it takes ages for windows to start up, after it finally does, the PC freezes quite often and I cant play videos because the audio sounds like its in slow mo.

I'm used to watching videos and listening to music on my PC so this is doing my head in.

Hope you can help. Thanks!

I've ran Hijackthis. Here's the log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:15:22 PM, on 9/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\Codec\Codec.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\AcerOrbiCam.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\My Documents\Downloads\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112...000016cfa38d9d
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Codecv - {6D769EC4-61D3-FDCF-8668-904481C97908} - C:\Documents and Settings\All Users\Application Data\Codecv\bhoclass.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Acer OrbiCam] C:\WINDOWS\AcerOrbiCam.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\software tmn.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
O4 - HKCU\..\Run: [hallskut] C:\WINDOWS\system32\dllhostc.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...w&n=2010101613
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\user\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\user\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\gelarijo.dll c:\windows\system32\mopiseje.dll cqlqdb.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BasicScan Service - Unknown owner - C:\Program Files\BasicScan\basicscan.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

--
End of file - 14834 bytes
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
05-Sep-2012, 05:23 AM #2
Hello Johny5 and Welcome to Tech Support Guy!
My name is Gizzy and I'll be glad to help you with your malware problems.

Please note the following while we work:
  • The fixes are specific to your problem and should only be used for this issue on this computer.
  • Perform all actions in the order given.
  • If you don't know or understand something stop and ask! Don't keep going on.
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please DO NOT run any tools or scans unless I ask you to.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
  • The process is not instant, Please continue to respond to this thread until I give you the All Clean!. Absence of symptoms does not mean that everything is clear.
  • Topics not replied to within 3 days will be removed from my Subscribed Threads List.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - XP


Uninstall List
  1. Open HijackThis.
  2. Click the Open the Misc Tools section button. (If you don't see that button click the Main Menu button first)
  3. Click the Open Uninstall Manager... button and then click the Save list... button.
  4. Save the uninstall_list.txt file to your HijackThis folder.
  5. Copy and Paste the contents of uninstall_list.txt in your next reply.


Please reply with:
  • Uninstall list
Johny5's Avatar
Johny5 Johny5 is offline
Computer Specs
Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
05-Sep-2012, 06:49 AM #3
Hi Tech Guy,
Thanks for helping me!
I did what you asked, here is the list:

Acer Camera Driver
Acer eDataSecurity Management
Acer eDataSecurity Management 2.0.3079
Acer eLock Management
Acer Empowering Technology
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam Application
Acer OrbiCam Utility Bar
Acer Screensaver
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
ATI Parental Control & Encoder
Auto Click 2.1
AVG Free 8.5
BasicScan 1.0 build 115
BS.Player FREE
BS_Player Toolbar
Bubble Bobble TNA
Codec Updater
Codecv
Contextual Tool Precisead
Creative Media Lite
Creative ZEN Stone Plus User's Guide
DealPly
DivX Setup
GamesBar 1.1.0.5
GemMaster Mystic
Google Update Helper
Hamsterball
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Ice Cream Tycoon
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 35
Junk Mail filter update
Launch Manager
Logitech Video Enumerator
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Professional Edio 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
My Web Search (IWON)
NTI Backup NOW! 4.5
Option GT HSDPA driver suite
Option PC Cards driver package
Otto
Peggle Deluxe
Peggle Deluxe 1.0
PKR
PokerStars
PowerDVD
Puppy Luv (remove only)
QuickTime
Realtek High Definition Audio Driver
RON Too1 Precisead
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype 5.10
software tmn
Sonic Encoders
SopCast 3.2.9
Synaptics Pointing Device Driver
TVUPlayer 2.5.3.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.6195
Water Bugs 1.0
Wheel of Fortune 2
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Xilisoft AVI to DVD Converter 6
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
06-Sep-2012, 05:57 AM #4
Hi Johny5,


Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove the following programs by clicking Remove
  • BasicScan 1.0 build 115
  • BS_Player Toolbar
  • Codecv
  • Contextual Tool Precisead
  • DealPly
  • GamesBar 1.1.0.5
  • J2SE Runtime Environment 5.0 Update 3
  • My Web Search (IWON)
  • RON Too1 Precisead

If some programs listed are not present, please do not panic.


I see you have Malwarebytes' installed, Please update it, run a scan and post a log using the instructions below.

Malwarebytes Anti-Malware
  1. Launch Malwarebytes Anti-Malware.
  2. Click the Update tab.
  3. Click Check for Updates and wait for it to finish updating.
  4. Click the Scanner tab, Select Perform quick scan, Then click Scan.
  5. When the scan is complete, click OK, then Show Results to view the results.
  6. Check all items except items in the C:\System Volume Information folder, then click on Remove Selected.
  7. When completed, a log will open in Notepad. Please post that log in your next reply.

The log is automatically saved and can be viewed by clicking the Logs tab in Malwarebytes' Anti-Malware. It can also be found here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download and run OTL
  1. Download OTL to your desktop.
  2. Double-click on OTL.exe to run it. Make sure all other windows are closed and let it run uninterrupted.
  3. Check the box beside Scan All Users
  4. Ensure Use SafeList is selected under Extra Registry
  5. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  7. Please copy (Edit > Select All -- Edit > Copy) the contents of these files, one at a time, and post them with your next reply.


Please reply with:
  • Malwarebytes' Anti-Malware log
  • OTL logs (OTL.txt and Extras.txt)
Johny5's Avatar
Johny5 Johny5 is offline
Computer Specs
Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
06-Sep-2012, 12:45 PM #5
Hi Gizzy,
I did everything that you instructed. Here's the log's:


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.06.08

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
user :: ACER-1424F82190 [administrator]

Protection: Disabled

9/6/2012 3:20:28 PM
mbam-log-2012-09-06 (15-20-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250686
Time elapsed: 1 hour(s), 35 minute(s), 15 second(s)

Memory Processes Detected: 1
C:\Documents and Settings\All Users\Application Data\Codec\Codec.exe (Trojan.Dropper) -> 204 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 23
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Codec (Trojan.Dropper) -> Quarantined and deleted successfully.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BASICSCAN SERVICE (Adware.Zwangi) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: a+߬H:›; -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbar...w&n=2010101613 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hallskut (Trojan.Banker) -> Data: C:\WINDOWS\system32\dllhostc.exe -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\BasicScan Service|ImagePath (Adware.Zwangi) -> Data: "C:\Program Files\BasicScan\basicscan.exe" "C:\Program Files\BasicScan\basicscan.dll" iquyakis utopesejuk -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 4
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences (Adware.Zwangi) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Documents and Settings\All Users\Application Data\Codec\Codec.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\user\My Documents\Downloads\pcmegarapido.exe (Trojan.RepackSMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\My Documents\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\My Documents\Downloads\XvidSetup.exe (Adware.AdBundle) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome\basicscan.jar (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js (Adware.Zwangi) -> Quarantined and deleted successfully.

(end)



OTL logfile created on: 9/6/2012 6:00:07 PM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.10 Mb Total Physical Memory | 564.80 Mb Available Physical Memory | 63.17% Memory free
2.11 Gb Paging File | 1.58 Gb Available in Paging File | 74.96% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.20 Gb Total Space | 10.42 Gb Free Space | 19.60% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 46.63 Gb Free Space | 86.86% Space Free | Partition Type: FAT32

Computer Name: ACER-1424F82190 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/06 17:57:10 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2011/10/15 01:48:52 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/08/16 09:28:02 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/16 09:28:00 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/16 09:27:56 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/16 09:27:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/16 09:27:32 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/08 18:11:00 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\user\Local Settings\Temp\RtkBtMnt.exe
PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/18 14:20:00 | 000,401,408 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
PRC - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2006/11/28 18:43:36 | 000,754,712 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
PRC - [2006/11/28 18:38:18 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/10/31 01:06:20 | 000,304,664 | ---- | M] (Acer Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
PRC - [2006/10/16 17:36:14 | 000,434,176 | ---- | M] () -- C:\WINDOWS\AcerOrbiCam.exe
PRC - [2006/09/07 19:52:52 | 000,479,232 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2006/08/30 09:57:34 | 000,442,368 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006/08/29 17:56:22 | 000,020,480 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/08/10 15:00:50 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/08/09 16:18:14 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2006/08/03 15:34:04 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2006/07/31 21:02:46 | 000,346,112 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006/07/28 10:40:06 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2006/06/01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/29 03:08:30 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f 5f7f11d50a3a_1ba7e3ec\system.drawing.dll
MOD - [2012/07/29 03:08:12 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0 __b77a5c561934e089_56a096ce\system.windows.forms.dll
MOD - [2012/07/29 03:07:54 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system. drawing.dll
MOD - [2012/01/29 20:59:26 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c5619 34e089_5196b641\mscorlib.dll
MOD - [2012/01/29 20:58:50 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c56 1934e089_725da67b\system.xml.dll
MOD - [2012/01/29 20:57:52 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934 e089_131e434c\system.dll
MOD - [2012/01/29 20:57:28 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/29 20:57:24 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\s ystem.windows.forms.dll
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/14 01:12:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 01:12:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/28 18:43:36 | 000,754,712 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
MOD - [2006/11/28 12:24:42 | 001,058,328 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\LAppRes.DLL
MOD - [2006/10/31 01:06:30 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll
MOD - [2006/10/16 17:36:14 | 000,434,176 | ---- | M] () -- C:\WINDOWS\AcerOrbiCam.exe
MOD - [2006/09/22 16:27:02 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\ system.serviceprocess.dll
MOD - [2006/09/22 16:27:00 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml. dll
MOD - [2006/09/22 16:27:00 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\syst em.management.dll
MOD - [2006/09/22 16:27:00 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e08 9\system.runtime.remoting.dll
MOD - [2006/08/30 09:57:34 | 000,442,368 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2006/08/03 10:20:52 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
MOD - [2006/08/02 02:50:10 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll
MOD - [2006/07/28 17:55:04 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006/01/12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll
MOD - [2005/10/20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll


========== Services (SafeList) ==========

SRV - [2012/08/31 13:31:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 01:24:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/08/16 09:27:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/16 09:27:32 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2006/11/28 18:41:54 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/08/29 17:56:22 | 000,020,480 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/08/10 15:00:50 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | Boot | Stopped] -- -- (wjusk)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/08/16 09:28:02 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/16 09:28:02 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/19 10:14:28 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2007/07/05 16:58:24 | 000,100,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/24 09:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt)
DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus)
DRV - [2006/11/28 18:39:14 | 001,962,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/09/26 06:50:06 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/26 00:11:18 | 000,061,568 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/21 19:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/08/16 11:32:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/16 11:22:00 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/16 11:21:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/08/11 17:52:50 | 011,985,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2006/08/03 10:19:04 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006/08/03 10:19:02 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/08/03 10:19:02 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006/07/12 19:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/20 16:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 16:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 16:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/01 16:54:26 | 000,032,000 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS)
DRV - [2005/09/01 16:54:12 | 000,007,936 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2005/08/29 14:45:24 | 000,018,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtscser.sys -- (GTSCSER)
DRV - [2004/09/03 16:38:16 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.pt/ [binary data]
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110...000016cfa38d9d
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=040912_mnt_3612_3&babsrc=SP_ss&mntrId=575e 4ffd0000000000000016cfa38d9d
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{2E5EBC27-450A-482C-9930-E728DFB5F320}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{628A09EC-DDA8-4236-ADE9-A03857C32687}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{81255F7E-53BA-4797-AAC1-08DB83382637}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{C2CF0540-CCA4-49FD-8934-EEC447BADC95}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=HP_ss&mntrId=575e4ffd000000000000 0016cfa38d9d"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34
FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=KW_ss&mntrId=575e4ffd000000000000 0016cfa38d9d&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/18 14:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/02/06 18:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/02/06 18:02:54 | 000,000,000 | ---D | M]

[2009/02/06 18:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2009/02/06 21:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/02/06 18:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions
[2010/10/02 15:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2012/08/04 01:02:22 | 000,000,000 | ---D | M] (Codecv) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\501c6615c3fa0@501 c6615c3fd9.info
[2012/09/06 15:22:34 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om
[2009/02/26 13:22:28 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\conduit.xml
[2010/01/23 14:26:32 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\sweetim.xml
[2011/11/03 17:16:24 | 000,009,924 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\mywebsearch.xm l
[2012/08/23 20:59:14 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\Search_Results .xml
[2009/02/06 18:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/15 22:26:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/09/01 04:24:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/08/15 22:25:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/08/31 13:32:46 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/06 13:30:02 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/08/23 20:59:14 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/31 13:29:28 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/08/31 13:29:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/03/08 18:07:46 | 000,000,687 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Acer OrbiCam] C:\WINDOWS\AcerOrbiCam.exe ()
O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\Acer\OrbiCam10\OrbiCam.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe File not found
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\S-1-5-19..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s File not found
O4 - HKU\S-1-5-20..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s File not found
O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\software tmn.exe" File not found
O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe File not found
O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_35.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary...o.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary...t.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8846D96-83D5-4C0C-89F8-98005F8ECC24}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\gelarijo.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\mopiseje.dll) - File not found
O20 - AppInit_DLLs: (cqlqdb.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/22 17:11:12 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/01/18 22:08:08 | 000,000,090 | R--- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c9e6ef10-3439-11e0-8bc8-001636a11bb2}\Shell\AutoRun\command - "" = G:\__DT\DT.exe
O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 13:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012/09/06 13:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\BabylonToolbar
[2012/09/06 13:22:34 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/06 13:22:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/09/06 13:22:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/09/05 05:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/09/05 05:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/05 05:51:38 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/01 04:24:04 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/27 13:01:36 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2012/08/26 13:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Holdem Manager 2
[2012/08/26 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Holdem Manager 2
[2012/08/26 13:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
[2012/08/25 22:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\BasicScan
[2012/08/25 03:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Poker Pro Labs
[2012/08/24 03:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/24 03:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/23 20:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/08/23 20:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/08/22 16:55:51 | 000,000,000 | ---D | C] -- C:\HM2Archive
[2012/08/22 16:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\IsolatedStorage
[2012/08/22 16:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\HoldemManager
[2012/08/21 23:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PostgreSQL 8.4
[2012/08/21 23:28:53 | 000,000,000 | ---D | C] -- C:\postgreSQL
[2012/08/21 02:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\YoudaGames
[2012/08/21 02:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
[2012/08/21 02:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2012/08/21 02:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar
[2012/08/18 17:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DDMSettings
[2012/08/18 14:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2012/08/18 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/08/15 22:26:00 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/11 19:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\pkr
[2012/08/11 14:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PKR
[2012/08/11 14:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\PKR
[2010/06/20 23:51:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\user\Application Data\pcouffin.sys
[2010/06/17 13:17:24 | 000,950,779 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.3.exe
[9 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/06 18:24:22 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/06 17:49:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 17:40:22 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/06 17:39:58 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1241016058-1226847170-1791428113-1005.job
[2012/09/06 17:39:56 | 000,000,482 | -H-- | M] () -- C:\WINDOWS\tasks\CodecUpdaterTask{65973906-F750-4C59-AA0B-3AF3C64ED493}.job
[2012/09/06 17:39:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/06 17:37:48 | 937,603,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/06 17:03:38 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/09/06 13:32:02 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/04 17:46:02 | 000,853,646 | ---- | M] () -- C:\Documents and Settings\user\Desktop\17a223ee.x50.gif
[2012/09/02 23:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1241016058-1226847170-1791428113-1005.job
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/28 20:24:54 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/28 20:10:08 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/28 20:09:58 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/28 18:39:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/26 03:14:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/25 22:17:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\23d13a4d1e538ddd6bfce22774757328_c
[2012/08/25 19:49:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/15 21:01:34 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 21:00:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 18:01:40 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/15 01:24:36 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/15 01:24:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/10 02:37:08 | 000,039,996 | ---- | M] () -- C:\Documents and Settings\user\Desktop\user153070_pic7709_1329228577.jpg
[9 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/06 13:32:00 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/04 17:45:57 | 000,853,646 | ---- | C] () -- C:\Documents and Settings\user\Desktop\17a223ee.x50.gif
[2012/08/25 22:17:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23d13a4d1e538ddd6bfce22774757328_c
[2012/08/24 04:40:20 | 937,603,072 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/22 21:55:59 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1241016058-1226847170-1791428113-1005-0.dat
[2012/08/22 21:55:36 | 000,249,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/16 12:55:48 | 000,328,592 | ---- | C] () -- C:\Documents and Settings\user\My Documents\S5000743.JPG
[2012/08/10 02:36:55 | 000,039,996 | ---- | C] () -- C:\Documents and Settings\user\Desktop\user153070_pic7709_1329228577.jpg
[2012/04/14 14:43:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/10/17 01:36:26 | 000,039,771 | ---- | C] () -- C:\Documents and Settings\user\mysmiley.png
[2010/06/20 23:52:21 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\user\Application Data\vso_ts_preview.xml
[2010/06/20 23:51:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\user\Application Data\inst.exe
[2010/06/20 23:51:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.cat
[2010/06/20 23:51:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.inf
[2010/06/07 20:33:15 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\user\Application Data\qcopjv.dat
[2010/03/16 17:36:16 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\user\irs
[2006/12/19 03:18:36 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/18 05:53:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat

< End of report >



OTL Extras logfile created on: 9/6/2012 6:00:07 PM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.10 Mb Total Physical Memory | 564.80 Mb Available Physical Memory | 63.17% Memory free
2.11 Gb Paging File | 1.58 Gb Available in Paging File | 74.96% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.20 Gb Total Space | 10.42 Gb Free Space | 19.60% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 46.63 Gb Free Space | 86.86% Space Free | Partition Type: FAT32

Computer Name: ACER-1424F82190 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\TMN\AutoUpdateSrv.exe" = C:\Program Files\TMN\AutoUpdateSrv.exe:*isabled:AutoUpdateSrv Application
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Conference\Conference.dll" = C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*isabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\EXPLORER.EXE" = C:\WINDOWS\EXPLORER.EXE:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Holdem Indicator\HoldemIndicator.exe" = C:\Program Files\Holdem Indicator\HoldemIndicator.exe:*:Enabled:Holdem Indicator
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Documents and Settings\USER\My Documents\Downloads\pdf_converter.exe" = C:\Documents and Settings\USER\My Documents\Downloads\pdf_converter.exe:*:Enabled:PDF Creator
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*isabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\Google\Google Earth\PLUGIN\geplugin.exe" = C:\Program Files\Google\Google Earth\PLUGIN\geplugin.exe:*isabled:Google Earth


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3BB3B50E-FBD3-4E8B-A72B-45AC5CF23135}" = Acer OrbiCam Utility Bar
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = software tmn
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}" = Wheel of Fortune 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113137700}" = Ice Cream Tycoon
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edio 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"AcerOrbiCamDrv" = Acer Camera Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Auto Click 2.1_is1" = Auto Click 2.1
"AVG8Uninstall" = AVG Free 8.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BabylonToolbar" = Babylon toolbar on IE
"BSPlayerf" = BS.Player FREE
"Bubble Bobble TNA" = Bubble Bobble TNA
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025010F" = HDAUDIO Soft Data Fax Modem with SmartCP
"Creative Media Lite" = Creative Media Lite
"DivX Setup" = DivX Setup
"GridVista" = Acer GridVista
"Hamsterball" = Hamsterball
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3079
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OptionPCCardInstaller" = Option PC Cards driver package
"OptionPluss_PCCardInstaller" = Option GT HSDPA driver suite
"Peggle Deluxe" = Peggle Deluxe
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"PKR" = PKR
"PokerStars" = PokerStars
"Puppy Luv" = Puppy Luv (remove only)
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.5.3.1
"Water Bugs 1.0" = Water Bugs 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft AVI to DVD Converter 6" = Xilisoft AVI to DVD Converter 6
"ZENStonePlusUG" = Creative ZEN Stone Plus User's Guide

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2012 6:15:00 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 8/25/2012 5:19:34 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2012 5:19:50 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1001
Description = Fault bucket -1227688620.

Error - 8/26/2012 12:51:03 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/26/2012 8:02:32 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/1/2012 9:22:33 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
Description = Hanging application avgui.exe, version 8.5.0.454, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/2/2012 1:26:05 PM | Computer Name = ACER-1424F82190 | Source = Service1 | ID = 0
Description = Service cannot be started. System.Runtime.InteropServices.COMException
(0x80010002): Call was canceled by the message filter. at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at eLock.Serv.Main.MapVolumeName2DeviceID.updateFixDrives()

at eLock.Serv.Main.MapVolumeName2DeviceID..ctor() at eLock.Serv.Main.Main..ctor()

at eLock.Serv.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 9/3/2012 3:10:37 AM | Computer Name = ACER-1424F82190 | Source = Service1 | ID = 0
Description = Service cannot be started. System.Runtime.InteropServices.COMException
(0x80010002): Call was canceled by the message filter. at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at eLock.Serv.Main.MapVolumeName2DeviceID.updateFixDrives()

at eLock.Serv.Main.MapVolumeName2DeviceID..ctor() at eLock.Serv.Main.Main..ctor()

at eLock.Serv.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 9/6/2012 8:16:23 AM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2012 8:17:13 AM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

[ System Events ]
Error - 9/6/2012 12:39:28 PM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/6/2012 12:39:44 PM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/6/2012 12:39:44 PM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/6/2012 12:43:26 PM | Computer Name = ACER-1424F82190 | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 9/6/2012 12:47:59 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 9/6/2012 12:47:59 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the MBAMService service to
connect.

Error - 9/6/2012 12:47:59 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%1053

Error - 9/6/2012 12:47:59 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Fax service to connect.

Error - 9/6/2012 12:47:59 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7000
Description = The Fax service failed to start due to the following error: %%1053

Error - 9/6/2012 12:48:02 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >


Thanks!
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
06-Sep-2012, 05:42 PM #6
Hi Johny5,

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove the following programs by clicking Remove
  • Babylon toolbar on IE

If some programs listed are not present, please do not panic.


Run OTL Script
  1. Double-click OTL.exe to start the program
  2. Click the None button at the top
  3. Copy and Paste everything from the Code box below into the Custom Scans/Fixes box in OTL
    Code:
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
    IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
    IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110...000016cfa38d9d
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=040912_mnt_3612_3&babsrc=SP_ss&mntrId=575e 4ffd0000000000000016cfa38d9d
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=HP_ss&mntrId=575e4ffd000000000000 0016cfa38d9d"
    FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0
    FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=KW_ss&mntrId=575e4ffd000000000000 0016cfa38d9d&q="
    [2012/08/04 01:02:22 | 000,000,000 | ---D | M] (Codecv) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\501c6615c3fa0@501 c6615c3fd9.info
    [2012/08/04 01:02:22 | 000,000,000 | ---D | M] (Codecv) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\501c6615c3fa0@501c6615c3fd9.info
    [2012/09/06 15:22:34 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.com
    [2009/02/26 13:22:28 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\conduit.xml
    [2010/01/23 14:26:32 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\sweetim.xml
    [2011/11/03 17:16:24 | 000,009,924 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\mywebsearch.xml
    [2012/08/23 20:59:14 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\Search_Results.xml
    [2012/09/06 13:30:02 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012/08/23 20:59:14 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\bh\BabylonToolbar.dll (Babylon BHO)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O4 - HKU\S-1-5-19..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s File not found
    O4 - HKU\S-1-5-20..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s File not found
    O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe File not found
    O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\gelarijo.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\mopiseje.dll) - File not found
    O20 - AppInit_DLLs: (cqlqdb.dll) - File not found
    [2012/09/06 13:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
    [2012/09/06 13:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\BabylonToolbar
    [2012/08/25 22:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\BasicScan
    [2012/08/23 20:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
    [2012/08/23 20:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2010/06/07 20:33:15 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\user\Application Data\qcopjv.dat
    [2012/09/06 17:39:56 | 000,000,482 | -H-- | M] () -- C:\WINDOWS\tasks\CodecUpdaterTask{65973906-F750-4C59-AA0B-3AF3C64ED493}.job
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    
    :Files
    C:\Program Files\FriendFinder
    C:\Program Files\MyWebSearch
    C:\Documents and Settings\All Users\Application Data\Codecv
    C:\Program Files\DealPly
    C:\WINDOWS\system32\dllhostc.exe
    
    :Commands
    [EMPTYTEMP]
  4. Then click the Run Fix button at the top.
  5. If prompted, Click OK
  6. OTL may ask to reboot the computer. Please do so if asked
  7. When finished a report should appear in Notepad. Copy and Paste that report in your next reply.

    Note: The log can also be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log


Please reply with:
  • OTL log
Johny5's Avatar
Johny5 Johny5 is offline
Computer Specs
Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
07-Sep-2012, 06:35 AM #7
Hi Gizzy,
I did as you asked.
I noticed that my hidden files appeared after rebooting my PC, not sure if that is supposed to happen.
Here's the report:


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=HP_ss&mntrId=575e4ffd000000000000 0016cfa38d9d" removed from browser.startup.homepage
Prefs.js: ffxtlbr@babylon.com:1.5.0 removed from extensions.enabledAddons
Prefs.js: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 removed from extensions.enabledItems
Prefs.js: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=KW_ss&mntrId=575e4ffd000000000000 0016cfa38d9d&q=" removed from keyword.URL
Folder C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\501c6615c3fa0@501 c6615c3fd9.info\ not found.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\501c6615c3fa0@501 c6615c3fd9.info\content folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\501c6615c3fa0@501 c6615c3fd9.info folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om\components folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om\content\imgs\mnRadio folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om\content\imgs folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om\content folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\sweetim.xml moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\mywebsearch.xm l moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\Search_Results .xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\bh\BabylonToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\BabylonToolbarTlbr.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\riyahelepa deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\riyahelepa deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Windows\CurrentVersion\Run\\IMC deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\gelarijo.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\mopiseje.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:cqlqdb.dll deleted successfully.
Folder C:\Program Files\BabylonToolbar\ not found.
Folder C:\Documents and Settings\user\Application Data\BabylonToolbar\ not found.
C:\Program Files\BasicScan folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lt\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lt folder moved successfully.
C:\Program Files\iLivid\VLC\locale\it\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\it folder moved successfully.
C:\Program Files\iLivid\VLC\locale\id\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\id folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ko\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ko folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ar\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ar folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ms\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ms folder moved successfully.
C:\Program Files\iLivid\VLC\locale\kk\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\kk folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ca\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ca folder moved successfully.
C:\Program Files\iLivid\VLC\locale\da\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\da folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cs\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cs folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hy\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hy folder moved successfully.
C:\Program Files\iLivid\VLC\locale\oc\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\oc folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ga\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ga folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nb\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nb folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nn\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nn folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fa\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fa folder moved successfully.
C:\Program Files\iLivid\VLC\locale\he\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\he folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ckb\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ckb folder moved successfully.
C:\Program Files\iLivid\VLC\locale\is\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\is folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mn\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mn folder moved successfully.
C:\Program Files\iLivid\VLC\locale\am\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\am folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ff\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ff folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ach\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ach folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lg\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lg folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ka\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ka folder moved successfully.
C:\Program Files\iLivid\VLC\locale\af\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\af folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cgg\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cgg folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fur\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fur folder moved successfully.
C:\Program Files\iLivid\VLC\locale\be\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\be folder moved successfully.
C:\Program Files\iLivid\VLC\locale\br\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\br folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ast\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ast folder moved successfully.
C:\Program Files\iLivid\VLC\locale\en_GB\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\en_GB folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ml\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ml folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mk\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mk folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lv\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lv folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hi\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hi folder moved successfully.
C:\Program Files\iLivid\VLC\locale\co\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\co folder moved successfully.
C:\Program Files\iLivid\VLC\locale\my\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\my folder moved successfully.
C:\Program Files\iLivid\VLC\locale folder moved successfully.
C:\Program Files\iLivid\VLC\plugins folder moved successfully.
C:\Program Files\iLivid\VLC\skins folder moved successfully.
C:\Program Files\iLivid\VLC\activex folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default\volume folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default\selection folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default\selected folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\include\vlc\plugins folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\include\vlc folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\include folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\lib folder moved successfully.
C:\Program Files\iLivid\VLC\sdk folder moved successfully.
C:\Program Files\iLivid\VLC\http\js folder moved successfully.
C:\Program Files\iLivid\VLC\http\requests folder moved successfully.
C:\Program Files\iLivid\VLC\http\images folder moved successfully.
C:\Program Files\iLivid\VLC\http\dialogs folder moved successfully.
C:\Program Files\iLivid\VLC\http folder moved successfully.
C:\Program Files\iLivid\VLC\lua\modules folder moved successfully.
C:\Program Files\iLivid\VLC\lua\playlist folder moved successfully.
C:\Program Files\iLivid\VLC\lua\sd folder moved successfully.
C:\Program Files\iLivid\VLC\lua\intf\modules folder moved successfully.
C:\Program Files\iLivid\VLC\lua\intf folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta\reader folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta\fetcher folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta\art folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta folder moved successfully.
C:\Program Files\iLivid\VLC\lua\extensions folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\js folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\requests folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\images folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\dialogs folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http folder moved successfully.
C:\Program Files\iLivid\VLC\lua folder moved successfully.
C:\Program Files\iLivid\VLC folder moved successfully.
C:\Program Files\iLivid folder moved successfully.
C:\Documents and Settings\All Users\Application Data\boost_interprocess\C055AE896B81CD01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\boost_interprocess folder moved successfully.
C:\Documents and Settings\user\Application Data\qcopjv.dat moved successfully.
C:\WINDOWS\tasks\CodecUpdaterTask{65973906-F750-4C59-AA0B-3AF3C64ED493}.job moved successfully.
C:\WINDOWS\System32\SET48.tmp deleted successfully.
C:\WINDOWS\System32\SET49.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\PerfStringBackup.TMP deleted successfully.
C:\WINDOWS\E220AutoRunLog.tmp deleted successfully.
C:\WINDOWS\DUMP5ac2.tmp deleted successfully.
C:\WINDOWS\DUMP8193.tmp deleted successfully.
C:\WINDOWS\DUMP589f.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\DUMP5812.tmp deleted successfully.
C:\WINDOWS\DUMP592c.tmp deleted successfully.
C:\WINDOWS\DUMP2b86.tmp deleted successfully.
C:\WINDOWS\003268_.tmp deleted successfully.
C:\WINDOWS\DUMP6f25.tmp deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride" |0 /E : value set successfully!
========== FILES ==========
File\Folder C:\Program Files\FriendFinder not found.
File\Folder C:\Program Files\MyWebSearch not found.
C:\Documents and Settings\All Users\Application Data\Codecv\data folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Codecv folder moved successfully.
File\Folder C:\Program Files\DealPly not found.
File\Folder C:\WINDOWS\system32\dllhostc.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 524288 bytes
->Temporary Internet Files folder emptied: 43854 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator
->Temp folder emptied: 1552815 bytes
->Temporary Internet Files folder emptied: 387309 bytes

User: user
->Temp folder emptied: 4750210421 bytes
->Temporary Internet Files folder emptied: 1188356691 bytes
->Java cache emptied: 95892075 bytes
->FireFox cache emptied: 1245015040 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1547124 bytes

User: postgres
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 43586 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151422349 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 384627565 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 113817271 bytes

Total Files Cleaned = 7,566.00 mb


OTL by OldTimer - Version 3.2.61.0 log created on 09072012_120707

Files\Folders moved on Reboot...
C:\WINDOWS\temp\T30DebugLogFile.txt moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_91c.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
07-Sep-2012, 07:45 AM #8
Hi Johny5,

Quote:
I noticed that my hidden files appeared after rebooting my PC, not sure if that is supposed to happen.
We can re-hide those once we're finished.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  1. Double-click SystemLook.exe to run it.
  2. Copy and paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *cqlqdb.dll*
    *babylon*
    *DealPly*
    *MyWebSearch*
    *BasicScan*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *DealPly*
    *MyWebSearch*
    *BasicScan*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    DealPly
    MyWebSearch
    BasicScan
  3. Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  4. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt


Gmer Rootkit Scanner
Download GMER Rootkit Scanner from here & save it to your desktop.
  1. Double-click the .exe file. If asked to allow gmer.sys driver to load, please consent
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  3. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

      Click the image to enlarge it
  4. Then click the Scan button & wait for it to finish
  5. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  6. Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.


Please reply with:
  • SystemLook log
  • Gmer log
Johny5's Avatar
Johny5 Johny5 is offline
Computer Specs
Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
07-Sep-2012, 01:02 PM #9
Hi Gizzy, me again
Here's the log's:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:08 on 07/09/2012 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Documents and Settings\user\My Documents\Downloads\iLividSetupV1.exe --a---- 823648 bytes [19:56 23/08/2012] [19:56 23/08/2012] BEA7D710D552ABFE91B979F08B92D6FE

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*cqlqdb.dll*"
No files found.

Searching for "*babylon*"
C:\WINDOWS\Prefetch\MYBABYLONTB.EXE-17F669FF.pf --a---- 36930 bytes [12:29 06/09/2012] [12:29 06/09/2012] 89D8C532CE9B08C0F6E2696F53565FA1
C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om\content\babylon.xul --a---- 1102 bytes [05:02 03/09/2012] [05:02 03/09/2012] 51451DCF876DEAC80962F42B0C61CBF6
C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om\content\babylon.css --a---- 2267 bytes [04:10 09/08/2012] [04:10 09/08/2012] C958E619394865F741A245D368BFD28C
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\Mozilla Firefox\searchplugins\babylon.xml --a---- 2360 bytes [00:02 04/08/2012] [12:30 06/09/2012] 0EF0DA47336CD59E4FC91593CD25AFA6

Searching for "*DealPly*"
C:\WINDOWS\Prefetch\DEALPLYUPDATE.EXE-20792FC5.pf --a---- 11392 bytes [10:44 06/09/2012] [10:44 06/09/2012] F5C639497F4AE7FCEB423E8FC608677F

Searching for "*MyWebSearch*"
C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\mywebsearch.xm l --a---- 9924 bytes [19:08 16/10/2010] [16:16 03/11/2011] B53323597F5CD78AD68403A9DA22C1E1

Searching for "*BasicScan*"
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).exe --a---- 23040 bytes [21:18 25/08/2012] [18:36 23/08/2012] 6ECFB83D481B636739E9736544F978A3
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).dll --a---- 888832 bytes [21:18 25/08/2012] [21:21 25/08/2012] ACC06E28FFED133B0284387D3A3A68E4

Searching for " "
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\iLivid d------ [11:09 07/09/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
C:\Documents and Settings\All Users\Application Data\Babylon d------ [10:44 15/04/2012]
C:\Documents and Settings\user\Application Data\Babylon d------ [10:43 15/04/2012]
C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om d------ [11:09 07/09/2012]

Searching for "*DealPly*"
No folders found.

Searching for "*MyWebSearch*"
No folders found.

Searching for "*BasicScan*"
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan d------ [21:18 25/08/2012]

Searching for " "
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
No data found.

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\babylontoolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\babylontoolbar\babylontoolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=NT_ss&mntrId=575e4ffd000000000000 0016cfa38d9d"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar]

Searching for "DealPly"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly]

Searching for "MyWebSearch"
No data found.

Searching for "BasicScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\BasicScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\BasicScan]
"DllPath"="C:\Program Files\BasicScan\basicscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\BasicScan]
"Src"="basicscan"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE\ 0000]
"Service"="BasicScan Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE\ 0000]
"DeviceDesc"="BasicScan Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE\ 0000]
"Service"="BasicScan Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE\ 0000]
"DeviceDesc"="BasicScan Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERV ICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERV ICE\0000]
"Service"="BasicScan Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERV ICE\0000]
"DeviceDesc"="BasicScan Service"

-= EOF =-



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-07 19:00:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-9 WDC_WD1200UE-22KVT0 rev.01.03K01
Running: qigvm95k.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pwpdypob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01186C40 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1564] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 013C2DBF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1564] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 013C2D9C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1564] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 0118FE71 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1564] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 013C2D1D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4060] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 105C8F94 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4060] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 105C8F23 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4060] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1040F66F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4060] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 1040FCA8 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat psdfilter.sys (PSD Filter Driver/HiTRUST)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedff850
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cedff850 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


Thanks!
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
07-Sep-2012, 09:13 PM #10
Hi Johny5,
After doing the following, Let me know how your computer is running.


Run OTL Script
  1. Double-click OTL.exe to start the program
  2. Click the None button at the top
  3. Copy and Paste everything from the Code box below into the Custom Scans/Fixes box in OTL
    Code:
    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\babylontoolbar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="res://ieframe.dll/tabswelcome.htm"
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\BasicScan]
    
    :Files
    C:\Documents and Settings\user\My Documents\Downloads\iLividSetupV1.exe
    C:\WINDOWS\Prefetch\MYBABYLONTB.EXE-17F669FF.pf
    C:\WINDOWS\Prefetch\DEALPLYUPDATE.EXE-20792FC5.pf
    C:\Documents and Settings\All Users\Application Data\Babylon
    C:\Documents and Settings\user\Application Data\Babylon
    C:\WINDOWS\system32\dehaseha.dll
    C:\WINDOWS\system32\gelarijo.dll
    c:\windows\system32\mopiseje.dll
    
    :Commands
    [EMPTYTEMP]
  4. Then click the Run Fix button at the top.
  5. If prompted, Click OK
  6. OTL may ask to reboot the computer. Please do so if asked
  7. When finished a report should appear in Notepad. Copy and Paste that report in your next reply.

    Note: The log can also be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log


SystemLook
  1. Double-click SystemLook.exe to run it.
  2. Copy and paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *cqlqdb.dll*
    *babylon*
    *DealPly*
    *MyWebSearch*
    *BasicScan*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *DealPly*
    *MyWebSearch*
    *BasicScan*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    DealPly
    MyWebSearch
    BasicScan
  3. Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  4. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt


Please reply with:
  • Update on computer's performance
  • New OTL log
  • New SystemLook log
Johny5's Avatar
Johny5 Johny5 is offline
Computer Specs
Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
08-Sep-2012, 12:08 PM #11
Hi Gizzy,
I did what you asked. Unfortunately, my PC's performance is still the same: freezes every now and again and the sound issue continues.
Here's the log's


SystemLook 30.07.11 by jpshortstuff
Log created at 13:02 on 08/09/2012 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\09082012_123630\C_Documents and Settings\user\My Documents\Downloads\iLividSetupV1.exe --a---- 823648 bytes [19:56 23/08/2012] [19:56 23/08/2012] BEA7D710D552ABFE91B979F08B92D6FE

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*cqlqdb.dll*"
No files found.

Searching for "*babylon*"
C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om\content\babylon.xul --a---- 1102 bytes [05:02 03/09/2012] [05:02 03/09/2012] 51451DCF876DEAC80962F42B0C61CBF6
C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om\content\babylon.css --a---- 2267 bytes [04:10 09/08/2012] [04:10 09/08/2012] C958E619394865F741A245D368BFD28C
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\Mozilla Firefox\searchplugins\babylon.xml --a---- 2360 bytes [00:02 04/08/2012] [12:30 06/09/2012] 0EF0DA47336CD59E4FC91593CD25AFA6

Searching for "*DealPly*"
No files found.

Searching for "*MyWebSearch*"
C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\mywebsearch.xm l --a---- 9924 bytes [19:08 16/10/2010] [16:16 03/11/2011] B53323597F5CD78AD68403A9DA22C1E1

Searching for "*BasicScan*"
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).exe --a---- 23040 bytes [21:18 25/08/2012] [18:36 23/08/2012] 6ECFB83D481B636739E9736544F978A3
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).dll --a---- 888832 bytes [21:18 25/08/2012] [21:21 25/08/2012] ACC06E28FFED133B0284387D3A3A68E4

Searching for " "
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\iLivid d------ [11:09 07/09/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\ffxtlbr@babylon.c om d------ [11:09 07/09/2012]
C:\_OTL\MovedFiles\09082012_123630\C_Documents and Settings\user\Application Data\Babylon d------ [10:43 15/04/2012]
C:\_OTL\MovedFiles\09082012_123630\C_Documents and Settings\All Users\Application Data\Babylon d------ [10:44 15/04/2012]

Searching for "*DealPly*"
No folders found.

Searching for "*MyWebSearch*"
No folders found.

Searching for "*BasicScan*"
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan d------ [21:18 25/08/2012]

Searching for " "
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
No data found.

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

Searching for "babylon"
No data found.

Searching for "DealPly"
No data found.

Searching for "MyWebSearch"
No data found.

Searching for "BasicScan"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE\ 0000]
"Service"="BasicScan Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE\ 0000]
"DeviceDesc"="BasicScan Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE\ 0000]
"Service"="BasicScan Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE\ 0000]
"DeviceDesc"="BasicScan Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERV ICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERV ICE\0000]
"Service"="BasicScan Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERV ICE\0000]
"DeviceDesc"="BasicScan Service"

-= EOF =-


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\babylontoolbar\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\"Tabs"|"res://ieframe.dll/tabswelcome.htm" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\BasicScan\ deleted successfully.
========== FILES ==========
C:\Documents and Settings\user\My Documents\Downloads\iLividSetupV1.exe moved successfully.
File\Folder C:\WINDOWS\Prefetch\MYBABYLONTB.EXE-17F669FF.pf not found.
File\Folder C:\WINDOWS\Prefetch\DEALPLYUPDATE.EXE-20792FC5.pf not found.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\user\Application Data\Babylon folder moved successfully.
File\Folder C:\WINDOWS\system32\dehaseha.dll not found.
File\Folder C:\WINDOWS\system32\gelarijo.dll not found.
File\Folder c:\windows\system32\mopiseje.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: user
->Temp folder emptied: 1140791105 bytes
->Temporary Internet Files folder emptied: 64901 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 314962695 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1788 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115139 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2040 bytes

Total Files Cleaned = 1,389.00 mb


OTL by OldTimer - Version 3.2.61.0 log created on 09082012_123630

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_dbc.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Thanks Gizzy!
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
09-Sep-2012, 08:41 AM #12
Hi Johny5,


Please run another scan with Mawarebytes', This time select Perform full scan using the instructions below.

Malwarebytes Anti-Malware
  1. Launch Malwarebytes Anti-Malware.
  2. Click the Update tab.
  3. Click Check for Updates and wait for it to finish updating.
  4. Click the Scanner tab, Select Perform full scan, Then click Scan.
  5. When the scan is complete, click OK, then Show Results to view the results.
  6. Check all items except items in the C:\System Volume Information folder, then click on Remove Selected.
  7. When completed, a log will open in Notepad. Please post that log in your next reply.

The log is automatically saved and can be viewed by clicking the Logs tab in Malwarebytes' Anti-Malware. It can also be found here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


aswMBR
  1. Download aswMBR to your Desktop.
  2. Double-click aswMBR.exe to run it.
  3. Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  4. With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  5. After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  6. Click OK > Exit.
    Note: Do not attempt to fix anything at this stage!
  7. Two files will be created, aswMBR.txt and a file named MBR.dat.
  8. Copy & Paste the contents of aswMBR.txt into your next reply.


Run OTL
Should still be on your computer.
  1. Double-click on OTL.exe to run it. Make sure all other windows are closed and let it run uninterrupted.
  2. Check the box beside Scan All Users
  3. Ensure Use SafeList is selected under Extra Registry
  4. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  5. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  6. Please copy (Edit > Select All -- Edit > Copy) the contents of these files, one at a time, and post them with your next reply.


Please reply with:
  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • New OTL logs
Johny5's Avatar
Johny5 Johny5 is offline
Computer Specs
Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
10-Sep-2012, 09:20 PM #13
I'll post the results tomorrow, Gizzy.

Thanks.
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
10-Sep-2012, 09:46 PM #14
That's fine, Post the logs when ready.
Johny5's Avatar
Johny5 Johny5 is offline
Computer Specs
Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
11-Sep-2012, 10:11 AM #15
Hi again Gizzy,
Here's all the log's you asked for.


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.10.04

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
user :: ACER-1424F82190 [administrator]

Protection: Disabled

9/10/2012 2:45:48 PM
mbam-log-2012-09-10 (14-45-48).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319559
Time elapsed: 12 hour(s), 13 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 58
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP632\A0250179.dll (Adware.Shopper) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP633\A0252053.dll (Adware.Zwangi) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP633\A0252054.exe (Adware.BasicScan) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP634\A0252074.exe (Adware.BasicScan) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP634\A0252081.exe (Adware.BasicScan) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP634\A0252082.dll (Adware.Zwangi) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP638\A0255435.dll (Adware.Shopper) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP638\A0255439.dll (Adware.SmartShopper) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP640\A0256513.exe (Adware.AdRotator) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256625.scr (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256629.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256630.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256631.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256632.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256633.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256634.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256635.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256636.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256637.SCR (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256638.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256639.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256640.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256641.EXE (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256642.DLL (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256643.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256644.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256645.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256646.EXE (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256647.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256648.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256649.EXE (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256650.EXE (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256651.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256652.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256653.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256654.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256655.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256656.EXE (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256657.EXE (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256658.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256659.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256660.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256661.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256662.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256663.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256664.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256665.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256685.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256686.EXE (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256687.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256688.DLL (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0257685.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0257697.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\VSO Software ConvertXtoDVD v3.3.4.107a\keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).exe (Adware.BasicScan) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).dll (Adware.Zwangi) -> Quarantined and deleted successfully.

(end)



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 13:11:58
-----------------------------
13:11:58.578 OS Version: Windows 5.1.2600 Service Pack 3
13:11:58.578 Number of processors: 1 586 0x4C02
13:11:58.578 ComputerName: ACER-1424F82190 UserName: user
13:12:08.281 Initialize success
13:17:22.906 AVAST engine defs: 12091100
13:45:47.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-9
13:45:47.984 Disk 0 Vendor: WDC_WD1200UE-22KVT0 01.03K01 Size: 114473MB BusType: 3
13:45:48.015 Disk 0 MBR read successfully
13:45:48.015 Disk 0 MBR scan
13:45:48.218 Disk 0 unknown MBR code
13:45:48.250 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 4996 MB offset 63
13:45:48.281 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 54486 MB offset 10233405
13:45:48.296 Disk 0 Partition 3 00 0C FAT32 LBA MSWIN4.1 54988 MB offset 121820895
13:45:48.359 Disk 0 scanning sectors +234436545
13:45:48.484 Disk 0 scanning C:\WINDOWS\system32\drivers
13:49:08.109 Service scanning
13:52:21.078 Modules scanning
13:53:44.750 Disk 0 trace - called modules:
13:53:44.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
13:53:44.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8578cab8]
13:53:44.781 3 CLASSPNP.SYS[f76a2fd7] -> nt!IofCallDriver -> \Device\000000a0[0x857679e8]
13:53:44.781 5 ACPI.sys[f74a9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-9[0x8575ad98]
13:53:51.562 AVAST engine scan C:\WINDOWS
13:56:08.968 AVAST engine scan C:\WINDOWS\system32
14:31:55.937 AVAST engine scan C:\WINDOWS\system32\drivers
14:33:59.484 AVAST engine scan C:\Documents and Settings\user
14:48:02.921 AVAST engine scan C:\Documents and Settings\All Users
14:50:49.484 Scan finished successfully
15:04:31.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
15:04:31.609 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"



OTL logfile created on: 9/11/2012 3:14:32 PM - Run 2
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.10 Mb Total Physical Memory | 402.61 Mb Available Physical Memory | 45.03% Memory free
2.11 Gb Paging File | 1.39 Gb Available in Paging File | 65.94% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.20 Gb Total Space | 17.13 Gb Free Space | 32.20% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 46.63 Gb Free Space | 86.86% Space Free | Partition Type: FAT32

Computer Name: ACER-1424F82190 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/08 12:49:06 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\user\Local Settings\Temp\RtkBtMnt.exe
PRC - [2012/09/07 17:22:54 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/06 17:57:10 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2011/10/15 01:48:52 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/08/16 09:28:02 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/16 09:28:00 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/16 09:27:56 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/16 09:27:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/16 09:27:32 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/18 14:20:00 | 000,401,408 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
PRC - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2006/11/28 18:43:36 | 000,754,712 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
PRC - [2006/11/28 18:38:18 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/10/31 01:06:20 | 000,304,664 | ---- | M] (Acer Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
PRC - [2006/10/16 17:36:14 | 000,434,176 | ---- | M] () -- C:\WINDOWS\AcerOrbiCam.exe
PRC - [2006/09/07 19:52:52 | 000,479,232 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2006/08/30 09:57:34 | 000,442,368 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006/08/29 17:56:22 | 000,020,480 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/08/10 15:00:50 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/08/09 16:18:14 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2006/08/03 15:34:04 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2006/07/31 21:02:46 | 000,346,112 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006/07/28 10:40:06 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2006/06/01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/07 17:21:10 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/15 01:24:36 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/07/29 03:08:30 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f 5f7f11d50a3a_1ba7e3ec\system.drawing.dll
MOD - [2012/07/29 03:08:12 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0 __b77a5c561934e089_56a096ce\system.windows.forms.dll
MOD - [2012/07/29 03:07:54 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system. drawing.dll
MOD - [2012/01/29 20:59:26 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c5619 34e089_5196b641\mscorlib.dll
MOD - [2012/01/29 20:58:50 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c56 1934e089_725da67b\system.xml.dll
MOD - [2012/01/29 20:57:52 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934 e089_131e434c\system.dll
MOD - [2012/01/29 20:57:28 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/29 20:57:24 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\s ystem.windows.forms.dll
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/14 01:12:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 01:12:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/28 18:43:36 | 000,754,712 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
MOD - [2006/11/28 12:24:42 | 001,058,328 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\LAppRes.DLL
MOD - [2006/10/31 01:06:30 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll
MOD - [2006/10/16 17:36:14 | 000,434,176 | ---- | M] () -- C:\WINDOWS\AcerOrbiCam.exe
MOD - [2006/09/22 16:27:02 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\ system.serviceprocess.dll
MOD - [2006/09/22 16:27:00 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml. dll
MOD - [2006/09/22 16:27:00 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\syst em.management.dll
MOD - [2006/09/22 16:27:00 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e08 9\system.runtime.remoting.dll
MOD - [2006/08/30 09:57:34 | 000,442,368 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2006/08/03 10:20:52 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
MOD - [2006/08/02 02:50:10 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll
MOD - [2006/07/28 17:55:04 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006/01/12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll
MOD - [2005/10/20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll


========== Services (SafeList) ==========

SRV - [2012/09/07 17:21:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 01:24:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/08/16 09:27:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/16 09:27:32 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2006/11/28 18:41:54 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/08/29 17:56:22 | 000,020,480 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/08/10 15:00:50 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | Boot | Stopped] -- -- (wjusk)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\user\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER)
DRV - [2012/09/10 14:45:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/08/16 09:28:02 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/16 09:28:02 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/19 10:14:28 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2007/07/05 16:58:24 | 000,100,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/24 09:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt)
DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus)
DRV - [2006/11/28 18:39:14 | 001,962,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/09/26 06:50:06 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/26 00:11:18 | 000,061,568 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/21 19:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/08/16 11:32:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/16 11:22:00 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/16 11:21:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/08/11 17:52:50 | 011,985,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2006/08/03 10:19:04 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006/08/03 10:19:02 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/08/03 10:19:02 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006/07/12 19:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/20 16:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 16:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 16:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/01 16:54:26 | 000,032,000 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS)
DRV - [2005/09/01 16:54:12 | 000,007,936 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2005/08/29 14:45:24 | 000,018,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtscser.sys -- (GTSCSER)
DRV - [2004/09/03 16:38:16 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.pt/ [binary data]
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{2E5EBC27-450A-482C-9930-E728DFB5F320}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{628A09EC-DDA8-4236-ADE9-A03857C32687}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{81255F7E-53BA-4797-AAC1-08DB83382637}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{C2CF0540-CCA4-49FD-8934-EEC447BADC95}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.pt/"
FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/18 14:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 17:10:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 17:10:42 | 000,000,000 | ---D | M]

[2009/02/06 18:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2009/02/06 21:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/02/06 18:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions
[2010/10/02 15:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2012/09/07 17:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 17:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/09/07 17:10:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/08/15 22:25:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/09/07 17:23:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/31 13:29:28 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/08/31 13:29:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/03/08 18:07:46 | 000,000,687 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Acer OrbiCam] C:\WINDOWS\AcerOrbiCam.exe ()
O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\Acer\OrbiCam10\OrbiCam.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe File not found
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\software tmn.exe" File not found
O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_35.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary...o.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary...t.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8846D96-83D5-4C0C-89F8-98005F8ECC24}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/22 17:11:12 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/01/18 22:08:08 | 000,000,090 | R--- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c9e6ef10-3439-11e0-8bc8-001636a11bb2}\Shell\AutoRun\command - "" = G:\__DT\DT.exe
O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell - "" = AutoRun
O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/10 14:44:23 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/07 17:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 12:07:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/06 13:22:34 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/06 13:22:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/09/06 13:22:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/09/05 05:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/09/05 05:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/05 05:51:38 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/01 04:24:04 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/27 13:01:36 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2012/08/26 13:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Holdem Manager 2
[2012/08/26 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Holdem Manager 2
[2012/08/26 13:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
[2012/08/25 03:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Poker Pro Labs
[2012/08/24 03:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/24 03:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/22 16:55:51 | 000,000,000 | ---D | C] -- C:\HM2Archive
[2012/08/22 16:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\IsolatedStorage
[2012/08/22 16:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\HoldemManager
[2012/08/21 23:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PostgreSQL 8.4
[2012/08/21 23:28:53 | 000,000,000 | ---D | C] -- C:\postgreSQL
[2012/08/21 02:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\YoudaGames
[2012/08/21 02:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
[2012/08/21 02:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2012/08/21 02:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar
[2012/08/18 17:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DDMSettings
[2012/08/18 14:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2012/08/18 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/08/15 22:26:00 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2010/06/20 23:51:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\user\Application Data\pcouffin.sys
[2010/06/17 13:17:24 | 000,950,779 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.3.exe
[9 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/11 15:24:20 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/11 14:49:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/11 11:20:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/11 11:19:46 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1241016058-1226847170-1791428113-1005.job
[2012/09/11 11:19:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/11 11:19:16 | 937,603,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/11 03:34:00 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/09/10 14:45:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/09 23:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1241016058-1226847170-1791428113-1005.job
[2012/09/08 12:45:38 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/06 13:32:02 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/04 17:46:02 | 000,853,646 | ---- | M] () -- C:\Documents and Settings\user\Desktop\17a223ee.x50.gif
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/28 20:24:54 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/28 20:10:08 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/28 20:09:58 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/28 18:39:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/26 03:14:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/25 22:17:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\23d13a4d1e538ddd6bfce22774757328_c
[2012/08/25 19:49:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/15 21:00:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 18:01:40 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/15 01:24:36 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/15 01:24:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[9 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/06 13:32:00 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/04 17:45:57 | 000,853,646 | ---- | C] () -- C:\Documents and Settings\user\Desktop\17a223ee.x50.gif
[2012/08/25 22:17:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23d13a4d1e538ddd6bfce22774757328_c
[2012/08/24 04:40:20 | 937,603,072 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/22 21:55:59 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1241016058-1226847170-1791428113-1005-0.dat
[2012/08/22 21:55:36 | 000,249,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/16 12:55:48 | 000,328,592 | ---- | C] () -- C:\Documents and Settings\user\My Documents\S5000743.JPG
[2012/04/14 14:43:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/10/17 01:36:26 | 000,039,771 | ---- | C] () -- C:\Documents and Settings\user\mysmiley.png
[2010/06/20 23:52:21 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\user\Application Data\vso_ts_preview.xml
[2010/06/20 23:51:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\user\Application Data\inst.exe
[2010/06/20 23:51:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.cat
[2010/06/20 23:51:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.inf
[2010/03/16 17:36:16 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\user\irs
[2006/12/19 03:18:36 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/18 05:53:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat

< End of report >


OTL Extras logfile created on: 9/11/2012 3:14:32 PM - Run 2
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.10 Mb Total Physical Memory | 402.61 Mb Available Physical Memory | 45.03% Memory free
2.11 Gb Paging File | 1.39 Gb Available in Paging File | 65.94% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.20 Gb Total Space | 17.13 Gb Free Space | 32.20% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 46.63 Gb Free Space | 86.86% Space Free | Partition Type: FAT32

Computer Name: ACER-1424F82190 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\TMN\AutoUpdateSrv.exe" = C:\Program Files\TMN\AutoUpdateSrv.exe:*isabled:AutoUpdateSrv Application
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Conference\Conference.dll" = C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*isabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\EXPLORER.EXE" = C:\WINDOWS\EXPLORER.EXE:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Holdem Indicator\HoldemIndicator.exe" = C:\Program Files\Holdem Indicator\HoldemIndicator.exe:*:Enabled:Holdem Indicator
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Documents and Settings\USER\My Documents\Downloads\pdf_converter.exe" = C:\Documents and Settings\USER\My Documents\Downloads\pdf_converter.exe:*:Enabled:PDF Creator
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*isabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\Google\Google Earth\PLUGIN\geplugin.exe" = C:\Program Files\Google\Google Earth\PLUGIN\geplugin.exe:*isabled:Google Earth


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3BB3B50E-FBD3-4E8B-A72B-45AC5CF23135}" = Acer OrbiCam Utility Bar
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = software tmn
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}" = Wheel of Fortune 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113137700}" = Ice Cream Tycoon
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edio 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"AcerOrbiCamDrv" = Acer Camera Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Auto Click 2.1_is1" = Auto Click 2.1
"AVG8Uninstall" = AVG Free 8.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BSPlayerf" = BS.Player FREE
"Bubble Bobble TNA" = Bubble Bobble TNA
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025010F" = HDAUDIO Soft Data Fax Modem with SmartCP
"Creative Media Lite" = Creative Media Lite
"DivX Setup" = DivX Setup
"GridVista" = Acer GridVista
"Hamsterball" = Hamsterball
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3079
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OptionPCCardInstaller" = Option PC Cards driver package
"OptionPluss_PCCardInstaller" = Option GT HSDPA driver suite
"Peggle Deluxe" = Peggle Deluxe
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"PKR" = PKR
"PokerStars" = PokerStars
"Puppy Luv" = Puppy Luv (remove only)
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.5.3.1
"Water Bugs 1.0" = Water Bugs 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft AVI to DVD Converter 6" = Xilisoft AVI to DVD Converter 6
"ZENStonePlusUG" = Creative ZEN Stone Plus User's Guide

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/26/2012 8:02:32 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/1/2012 9:22:33 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
Description = Hanging application avgui.exe, version 8.5.0.454, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/2/2012 1:26:05 PM | Computer Name = ACER-1424F82190 | Source = Service1 | ID = 0
Description = Service cannot be started. System.Runtime.InteropServices.COMException
(0x80010002): Call was canceled by the message filter. at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at eLock.Serv.Main.MapVolumeName2DeviceID.updateFixDrives()

at eLock.Serv.Main.MapVolumeName2DeviceID..ctor() at eLock.Serv.Main.Main..ctor()

at eLock.Serv.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 9/3/2012 3:10:37 AM | Computer Name = ACER-1424F82190 | Source = Service1 | ID = 0
Description = Service cannot be started. System.Runtime.InteropServices.COMException
(0x80010002): Call was canceled by the message filter. at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at eLock.Serv.Main.MapVolumeName2DeviceID.updateFixDrives()

at eLock.Serv.Main.MapVolumeName2DeviceID..ctor() at eLock.Serv.Main.Main..ctor()

at eLock.Serv.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 9/6/2012 8:16:23 AM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2012 8:17:13 AM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 9/7/2012 7:41:38 AM | Computer Name = ACER-1424F82190 | Source = ESENT | ID = 474
Description = wuauclt (1360) The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 121581568 (0x00000000073f3000) for 4096 (0x00001000) bytes failed verification
due to a page checksum mismatch. The expected checksum was 568616337 (0x21e46591)
and the actual checksum was 568616081 (0x21e46491). The read operation will fail
with error -1018 (0xfffffc06). If this condition persists then please restore
the database from a previous backup.

Error - 9/7/2012 1:42:20 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
Description = Hanging application qigvm95k.exe, version 1.0.15.15641, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2012 6:32:42 PM | Computer Name = ACER-1424F82190 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 15.0.1.4631, faulting
module mozalloc.dll, version 15.0.1.4631, fault address 0x00001993.

Error - 9/8/2012 6:32:56 PM | Computer Name = ACER-1424F82190 | Source = Application Error | ID = 1001
Description = Fault bucket -1150658847.

[ System Events ]
Error - 9/11/2012 8:47:13 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/11/2012 8:47:13 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/11/2012 8:47:13 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/11/2012 8:47:13 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/11/2012 10:19:59 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/11/2012 10:19:59 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/11/2012 10:20:01 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/11/2012 10:20:01 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/11/2012 10:20:02 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 9/11/2012 10:20:02 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
Description = I2c return failed


< End of report >



Thanks
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2