1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google redirect virus & prob w/Hijack this log

Discussion in 'Virus & Other Malware Removal' started by SeekingSanity, Aug 24, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. SeekingSanity

    SeekingSanity Thread Starter

    Joined:
    Dec 22, 2008
    Messages:
    51
    Hi guys - I seem to have the google redirect virus - selected search result in google always takes me to some other site 1st, when I select my intended site a 2nd time, I get to it. I've tried multiple antivirus progs (malwarebytes, hitman pro, pctools safe). After reading other posts here, I even tried TDSSkiller, but the scan claimed to have found NO infected objects, out of 256.

    Read the sticky for this forum and downloaded Hijackthis but I seem to have problems with that program for some mysterious reason. I downloaded both installer & executable. Go to scan and 1st error message says "for some reason, system denied write access to hosts file" and something about Hijackthis not being able to fix hijacks in this file and I'll have to manually do it myself. I click OK to bypass and the scan runs in about 5 seconds flat ... a log comes up that doesn't show any infections (I don't think), and when I try to save the log, computer claims there already is a file with this name (C:\program files\trend micro\hijack this\hijack this.log files) and asks if I want to replace it. I choose yes. Then notepad opens up and says it CAN'T FIND THE FILE ... ???
    I've thought maybe the 2 hijack this downloads need "repairing" but tried this 3x and no change in results.

    You guys are really awesome and I've had great experiences with the TSG forums in the past.

    I really would love for someone to help me here, but it at least seems as if I can't even give you a hijack this log! I've been trying to solve this google redirect problem myself for over a week, with zippo results. Does anyone have any suggestions please?

    I so truly appreciate the time and effort if anyone could please please help me ...


    AT THE LEAST ... Here is the TSG sysinfo:
    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft® Windows Vista™ Home Premium , Service Pack 2, 32 bit
    Processor: Intel(R) Celeron(R) CPU 560 @ 2.13GHz, x64 Family 6 Model 22 Stepping 1
    Processor Count: 1
    RAM: 1525 Mb
    Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 448 Mb
    Hard Drives: C: Total - 51346 MB, Free - 25484 MB; D: Total - 51130 MB, Free - 20464 MB;
    Motherboard: Acer, Acadia , V1.35, Base Board Serial Number
    Antivirus: None
     
  2. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi SeekingSanity,

    My name is Jimbo and I will be helping you with your malware problems.
    As you may have noticed, I am currently in training which means that all of my responses will first be verified by a malware removal coach.
    Throughout the removal process, if you have any questions then feel free to ask. if you are unsure of my instructions or something does not go as planned please let me know.
    I have proposed a fix and will get back to you as soon as possible!
     
  3. SeekingSanity

    SeekingSanity Thread Starter

    Joined:
    Dec 22, 2008
    Messages:
    51
    Thank you very much Jimbo. I will be checking the thread whenever your proposal is verified and ready to try out. I appreciate your time and thank you!
     
  4. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi again.

    Please run OTL as it will provide a more thorough output compared to HijackThis and will be helpful later on.

    Download and run OTL

    1. Download OTL by OldTimer and save it to your desktop.
    2. Right-click and select run as administrator
    3. Click the "Scan All Users" checkbox.


      Note: If you are using a Windows 64bit machine, please make sure the checkbox next to Include 64Bit Scans is checked. It will be checked by default.

    4. Push the [​IMG] button.
    5. It will now begin to scan, please be paitent while it scans.
    6. Two reports will open once it's done.
    7. Please copy and paste them in your next reply:



      • OTL.txt <-- Will be opened
      • Extras.txt <-- Will be minimized
    Troubleshooting OTL


    Only perform the following instructions if you are having difficulty running OTL.
    • Rename OTL to something like "dog.exe" or "dog.com" or even "dog.scr"
    • Finally, if you still cannot run it, please attempt to boot in safe mode.
    • Restart your computer.
    • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Advanced Options menu (If f8 does not work then try f5).
    • Select the option for Safe Mode using the arrow keys.
    • Then press enter on your keyboard to boot into Safe Mode.
    • Login as usual using the account you normally use.
     
  5. SeekingSanity

    SeekingSanity Thread Starter

    Joined:
    Dec 22, 2008
    Messages:
    51
    OTL logfile created on: 8/28/2011 1:08:10 PM - Run 1
    OTL by OldTimer - Version 3.2.26.6 Folder = D:\Lisa Downloads June13
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.49 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 41.19% Memory free
    3.23 Gb Paging File | 1.59 Gb Available in Paging File | 49.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 50.14 Gb Total Space | 25.43 Gb Free Space | 50.72% Space Free | Partition Type: NTFS
    Drive D: | 49.93 Gb Total Space | 19.98 Gb Free Space | 40.01% Space Free | Partition Type: NTFS

    Computer Name: GUS | User Name: Lisa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/28 13:05:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Lisa Downloads June13\OTL(1).exe
    PRC - [2011/08/19 08:34:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/04/30 18:50:24 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Lisa\AppData\Local\Temp\RtkBtMnt.exe
    PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2009/07/29 11:47:32 | 000,602,792 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe
    PRC - [2009/07/29 11:47:25 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxeaserv.exe
    PRC - [2009/07/10 14:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    PRC - [2009/04/29 09:24:39 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
    PRC - [2009/04/29 09:24:36 | 000,766,632 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/11/07 17:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/03/11 04:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/03/05 08:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    PRC - [2008/02/04 19:43:08 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2008/01/20 21:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
    PRC - [2008/01/09 20:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    PRC - [2008/01/04 12:30:48 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2007/12/20 13:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
    PRC - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
    PRC - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    PRC - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
    PRC - [2007/10/23 12:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    PRC - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    PRC - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    PRC - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
    PRC - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    PRC - [2007/09/06 14:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/19 08:34:40 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2011/08/11 03:31:01 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
    MOD - [2011/08/11 03:28:29 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
    MOD - [2011/08/11 03:28:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
    MOD - [2011/08/11 03:28:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
    MOD - [2011/08/11 03:26:44 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
    MOD - [2011/08/11 03:24:59 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
    MOD - [2011/08/11 03:18:43 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
    MOD - [2011/08/11 03:15:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
    MOD - [2011/08/11 03:12:12 | 000,215,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cadbc1d686482550dbd14e69a4abd8ff\System.ServiceProcess.ni.dll
    MOD - [2011/08/11 03:05:42 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/06/22 10:39:55 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/05/15 10:21:04 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
    MOD - [2011/02/24 20:33:05 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
    MOD - [2011/02/24 20:33:05 | 001,400,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
    MOD - [2011/02/24 20:33:05 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
    MOD - [2011/02/24 20:33:05 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
    MOD - [2011/02/24 20:33:05 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
    MOD - [2011/02/24 20:33:05 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
    MOD - [2011/02/24 20:33:05 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
    MOD - [2011/02/24 20:33:05 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
    MOD - [2011/02/24 20:33:05 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
    MOD - [2011/02/24 20:33:05 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
    MOD - [2011/02/24 20:33:05 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
    MOD - [2011/02/24 20:33:04 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
    MOD - [2011/02/24 20:33:04 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
    MOD - [2011/02/24 20:33:04 | 000,404,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
    MOD - [2011/02/24 20:33:04 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
    MOD - [2011/02/24 20:33:04 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
    MOD - [2011/02/24 20:33:04 | 000,261,120 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
    MOD - [2011/02/24 20:33:04 | 000,232,960 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
    MOD - [2011/02/24 20:33:04 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
    MOD - [2011/02/24 20:33:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
    MOD - [2011/02/24 20:33:04 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
    MOD - [2011/02/24 20:33:04 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
    MOD - [2011/02/24 20:33:04 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
    MOD - [2011/02/24 20:33:04 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
    MOD - [2011/02/24 20:33:04 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
    MOD - [2011/02/24 20:33:03 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
    MOD - [2011/02/24 20:33:03 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
    MOD - [2011/02/24 20:33:03 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
    MOD - [2011/02/24 20:33:03 | 000,097,280 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
    MOD - [2011/02/24 20:33:03 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
    MOD - [2011/02/24 20:33:02 | 001,297,408 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
    MOD - [2011/02/24 20:33:02 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
    MOD - [2011/02/24 20:33:02 | 000,679,936 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
    MOD - [2011/02/24 20:33:02 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
    MOD - [2011/02/24 20:21:09 | 000,430,080 | ---- | M] () -- C:\Windows\assembly\GAC_32\WicFileFormat-PlatOpt\1.0.5227.4054__b0cfd8589c27b05f\WicFileFormat-PlatOpt.dll
    MOD - [2011/02/24 20:21:09 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\VirtualCollectionBase-Defs-PlatReq\1.0.5227.4054__b0cfd8589c27b05f\VirtualCollectionBase-Defs-PlatReq.dll
    MOD - [2009/06/19 22:43:17 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2009/05/27 09:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll
    MOD - [2009/04/29 09:24:39 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
    MOD - [2009/04/29 09:24:36 | 000,766,632 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
    MOD - [2009/04/24 13:01:15 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll
    MOD - [2009/04/24 12:59:37 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll
    MOD - [2009/04/03 09:18:46 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll
    MOD - [2009/03/30 07:37:47 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll
    MOD - [2009/03/30 07:37:46 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll
    MOD - [2009/03/30 07:37:44 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizres.dll
    MOD - [2009/03/30 07:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizard.dll
    MOD - [2009/03/30 07:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll
    MOD - [2009/03/30 07:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epfunct.dll
    MOD - [2009/03/30 07:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\eputil.dll
    MOD - [2009/03/30 07:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\imagutil.dll
    MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll
    MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll
    MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXEAsmr.dll
    MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEAsm.dll
    MOD - [2008/01/09 20:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
    MOD - [2008/01/09 20:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
    MOD - [2008/01/03 04:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
    MOD - [2007/12/20 15:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
    MOD - [2007/12/20 13:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
    MOD - [2007/12/19 20:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
    MOD - [2007/12/19 20:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
    MOD - [2007/12/19 20:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
    MOD - [2007/12/19 20:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
    MOD - [2007/10/23 12:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    MOD - [2007/09/20 16:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
    MOD - [2007/09/11 11:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
    MOD - [2007/02/13 08:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
    MOD - [2003/06/07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/07/29 11:47:32 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device)
    SRV - [2009/07/29 11:47:25 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
    SRV - [2008/11/07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/20 21:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2008/01/20 21:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
    SRV - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
    SRV - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
    SRV - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
    SRV - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
    SRV - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
    SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
    DRV - [2008/09/26 10:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/09/26 10:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/08/22 00:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2008/08/22 00:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
    DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2007/12/11 04:42:44 | 000,163,376 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/08/02 17:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2007/07/30 09:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/07/03 12:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
    DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
    DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/03/09 01:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2007/01/30 00:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/11/02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
    DRV - [2006/06/07 03:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2005/08/17 08:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
    DRV - [2005/08/17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2001/12/27 10:59:34 | 000,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Wibukey.sys -- (WIBUKEY)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=41647940&l=dis&gct=hp
    IE - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?ncid=toolbar"
    FF - prefs.js..extensions.enabledItems: {fa1cfe8c-66b4-4469-b360-b60c79d70c28}:5.22.35.6104
    FF - prefs.js..extensions.enabledItems: [email protected]:2.2.26.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/25 00:05:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/25 00:05:08 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{885304CF-2205-4949-9038-74E5E00B003A}: C:\Users\Lisa\AppData\Local\{885304CF-2205-4949-9038-74E5E00B003A}\ [2011/07/05 22:10:56 | 000,000,000 | ---D | M]

    [2009/01/25 11:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
    [2011/08/11 08:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions
    [2010/07/26 08:21:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/24 20:49:55 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
    [2011/06/24 20:49:49 | 000,000,000 | ---D | M] ("AOL Mail Toolbar") -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions\{fa1cfe8c-66b4-4469-b360-b60c79d70c28}
    [2011/05/10 10:12:22 | 000,002,340 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\aol-search.xml
    [2010/02/17 11:19:38 | 000,002,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\ask.xml
    [2011/01/13 14:54:41 | 000,002,574 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\askcom.xml
    [2009/12/07 23:20:45 | 000,009,941 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\mywebsearch.xml
    [2011/06/26 07:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/07/05 22:10:56 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\LISA\APPDATA\LOCAL\{885304CF-2205-4949-9038-74E5E00B003A}
    () (No name found) -- C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50QLIVEE.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
    [2011/08/19 08:34:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/06/22 10:29:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/05/10 10:09:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/02/14 01:19:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
    O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
    O4 - HKLM..\Run: [Acer Tour Reminder] File not found
    O4 - HKLM..\Run: [ALaunch] File not found
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SetPanel] File not found
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000..\Run: [Driver Updater] C:\Program Files\Carambis\Driver Updater\dupdater.exe (Media Fog Ltd.)
    O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{a30c6bbb-78bb-11e0-a100-001eec42ced8}\Shell - "" = AutoRun
    O33 - MountPoints2\{a30c6bbb-78bb-11e0-a100-001eec42ced8}\Shell\AutoRun\command - "" = Iomega Encryption Utility.exe
    O33 - MountPoints2\{e5bf29fd-06f0-11df-a183-001eec42ced8}\Shell - "" = AutoRun
    O33 - MountPoints2\{e5bf29fd-06f0-11df-a183-001eec42ced8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/24 00:43:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2011/08/23 22:51:11 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- D:\Desktop\TDSSKiller.exe
    [2011/08/22 23:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/08/22 23:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/08/15 09:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2011/08/15 09:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2011/08/11 03:08:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/08/11 03:08:02 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2011/08/11 03:08:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/08/11 03:08:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2011/08/11 03:08:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/08/10 21:07:47 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2011/08/10 21:07:36 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011/08/10 21:07:36 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011/08/08 21:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/08/08 21:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/08/08 21:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/08/08 21:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/08/08 21:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2010/05/07 16:37:18 | 000,581,632 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
    [2010/05/07 16:37:15 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
    [2010/05/07 16:37:15 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll
    [2009/11/27 15:04:11 | 001,056,768 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
    [2009/11/27 15:04:11 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
    [2009/11/27 15:04:11 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
    [2009/11/27 15:04:10 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
    [2009/11/27 15:04:10 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
    [2009/11/27 15:04:10 | 000,328,360 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe
    [2009/11/27 15:04:09 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
    [2009/11/27 15:04:08 | 000,602,792 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe
    [2009/11/27 15:04:07 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
    [2009/11/27 15:04:07 | 000,369,320 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe
    [2009/11/27 15:04:03 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeahcp.dll
    [2008/05/12 12:45:18 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
    [2008/05/12 12:29:50 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
    [2008/05/12 12:29:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/28 12:56:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/08/28 04:07:38 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/08/28 04:07:38 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/08/28 02:01:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
    [2011/08/27 04:26:29 | 000,027,726 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
    [2011/08/27 04:26:29 | 000,010,752 | ---- | M] () -- D:\Lisa Documents June13\AA satmed treasuer apology.wps
    [2011/08/24 19:03:53 | 013,164,544 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
    [2011/08/24 19:03:53 | 007,378,944 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
    [2011/08/24 16:12:05 | 000,608,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/08/24 16:12:05 | 000,106,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/08/24 13:35:05 | 000,054,272 | ---- | M] () -- D:\Lisa Documents June13\REF LOGINS PWs PINS.wps
    [2011/08/23 17:02:54 | 000,011,776 | ---- | M] () -- D:\Lisa Documents June13\GOOGLEREDIRECT SCANS.wps
    [2011/08/22 23:44:54 | 002,366,408 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/08/22 23:36:53 | 000,512,992 | ---- | M] () -- D:\Desktop\PCTools_Safe_Install.exe
    [2011/08/22 22:52:13 | 000,012,288 | ---- | M] () -- D:\Lisa Documents June13\DRAFT COPIES.wps
    [2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- D:\Desktop\TDSSKiller.exe
    [2011/08/22 14:18:39 | 000,053,760 | ---- | M] () -- D:\Lisa Documents June13\AA satmed treas.wps
    [2011/08/22 12:19:08 | 000,022,528 | ---- | M] () -- D:\Lisa Documents June13\EBAY STEALTH 8.10.11.wps
    [2011/08/21 11:34:46 | 000,016,896 | ---- | M] () -- D:\Lisa Documents June13\AMY 82111.wps
    [2011/08/21 11:21:59 | 000,016,896 | ---- | M] () -- D:\Lisa Documents June13\CONTRACT WAY TO GROW CONTRACT.wps
    [2011/08/19 16:38:01 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2011/08/14 20:35:24 | 000,137,216 | ---- | M] () -- D:\Lisa Documents June13\VISTA hidden files.wps
    [2011/08/10 10:10:51 | 000,018,432 | ---- | M] () -- D:\Lisa Documents June13\AMANDA 81011.wps
    [2011/08/08 21:32:45 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/08/08 21:17:41 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/08/05 12:12:58 | 000,010,752 | ---- | M] () -- D:\Lisa Documents June13\REF EQUIP DUTCHS ADDRESS.wps
    [2011/08/02 09:48:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/31 20:23:25 | 000,144,896 | ---- | M] () -- D:\Lisa Documents June13\REF EQUIP LANDSCAPE & LAWN.wps
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/27 03:19:18 | 000,010,752 | ---- | C] () -- D:\Lisa Documents June13\AA satmed treasuer apology.wps
    [2011/08/23 17:02:54 | 000,011,776 | ---- | C] () -- D:\Lisa Documents June13\GOOGLEREDIRECT SCANS.wps
    [2011/08/22 23:41:54 | 002,366,408 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/08/22 23:37:03 | 000,512,992 | ---- | C] () -- D:\Desktop\PCTools_Safe_Install.exe
    [2011/08/22 22:52:12 | 000,012,288 | ---- | C] () -- D:\Lisa Documents June13\DRAFT COPIES.wps
    [2011/08/22 11:56:54 | 000,022,528 | ---- | C] () -- D:\Lisa Documents June13\EBAY STEALTH 8.10.11.wps
    [2011/08/21 11:34:46 | 000,016,896 | ---- | C] () -- D:\Lisa Documents June13\AMY 82111.wps
    [2011/08/21 11:21:59 | 000,016,896 | ---- | C] () -- D:\Lisa Documents June13\CONTRACT WAY TO GROW CONTRACT.wps
    [2011/08/20 06:56:40 | 000,053,760 | ---- | C] () -- D:\Lisa Documents June13\AA satmed treas.wps
    [2011/08/15 09:52:38 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2011/08/14 20:35:24 | 000,137,216 | ---- | C] () -- D:\Lisa Documents June13\VISTA hidden files.wps
    [2011/08/10 10:10:51 | 000,018,432 | ---- | C] () -- D:\Lisa Documents June13\AMANDA 81011.wps
    [2011/08/08 21:32:45 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/08/08 21:17:41 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/08/05 12:12:58 | 000,010,752 | ---- | C] () -- D:\Lisa Documents June13\REF EQUIP DUTCHS ADDRESS.wps
    [2011/07/05 22:10:58 | 000,000,120 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Pqamaneyul.dat
    [2011/07/05 22:10:58 | 000,000,000 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Hyutiruhakucad.bin
    [2011/04/28 13:00:04 | 000,010,168 | -HS- | C] () -- C:\Users\Lisa\AppData\Local\6juo3571r2wklq
    [2011/04/28 13:00:04 | 000,010,168 | -HS- | C] () -- C:\ProgramData\6juo3571r2wklq
    [2011/02/14 22:11:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\iptd.sys
    [2011/01/28 12:54:06 | 000,048,640 | ---- | C] () -- C:\Windows\fsViewer_acm.exe
    [2011/01/28 12:53:52 | 000,051,200 | ---- | C] () -- C:\Windows\fsViewer_h.dll
    [2010/05/07 16:41:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll
    [2010/05/07 16:37:36 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini
    [2010/05/07 16:37:19 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll
    [2010/05/04 02:08:54 | 000,000,103 | ---- | C] () -- C:\Windows\dellstat.ini
    [2010/04/25 13:57:13 | 000,000,220 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2010/04/22 22:41:39 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LXEAPMON.DLL
    [2010/04/22 22:41:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXEAFXPU.DLL
    [2010/04/22 22:41:19 | 004,485,120 | ---- | C] () -- C:\Windows\System32\LXEAoem.dll
    [2010/04/22 21:57:06 | 000,004,872 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
    [2010/04/11 21:47:00 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2009/12/11 16:42:41 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2009/11/27 15:04:09 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
    [2009/11/27 15:04:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
    [2009/11/27 15:04:03 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
    [2009/11/27 15:04:03 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
    [2009/11/27 15:04:03 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
    [2009/11/27 15:04:03 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
    [2009/11/27 15:04:02 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
    [2009/11/27 15:04:02 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
    [2009/11/27 15:04:02 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
    [2009/11/27 15:04:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
    [2009/11/27 15:04:02 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
    [2009/10/15 01:05:32 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll
    [2009/10/15 01:05:31 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll
    [2009/09/10 23:27:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/10 23:27:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/07/01 09:15:57 | 000,027,726 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
    [2009/06/30 08:41:48 | 000,057,552 | ---- | C] () -- C:\Windows\System32\WKDOS.EXE
    [2008/12/28 21:00:16 | 000,001,356 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d9caps.dat
    [2008/12/16 15:51:47 | 000,006,144 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/10 09:59:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/05/12 13:13:14 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
    [2008/05/12 13:13:09 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
    [2008/05/12 12:45:18 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
    [2008/05/12 12:41:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2008/05/12 12:41:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
    [2008/05/12 12:30:28 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2008/05/12 12:30:28 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe
    [2008/03/20 13:25:45 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
    [2008/03/20 11:48:37 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
    [2008/03/20 11:44:09 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
    [2008/03/20 11:25:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2008/03/20 11:00:36 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2008/03/20 11:00:36 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
    [2008/03/20 11:00:36 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
    [2008/03/20 11:00:24 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/03/20 11:00:24 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2008/03/20 11:00:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/03/20 11:00:24 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,330,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,608,644 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,106,114 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2003/07/01 13:38:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\btprn2k.dll
    [2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
    [2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3E7393FC
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:193426B4
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:57DC3B52

    < End of report >









    OTL Extras logfile created on: 8/28/2011 1:08:10 PM - Run 1
    OTL by OldTimer - Version 3.2.26.6 Folder = D:\Lisa Downloads June13
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.49 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 41.19% Memory free
    3.23 Gb Paging File | 1.59 Gb Available in Paging File | 49.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 50.14 Gb Total Space | 25.43 Gb Free Space | 50.72% Space Free | Partition Type: NTFS
    Drive D: | 49.93 Gb Total Space | 19.98 Gb Free Space | 40.01% Space Free | Partition Type: NTFS

    Computer Name: GUS | User Name: Lisa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-4176329100-3699768917-3268998878-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
    "C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
    "C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
    "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
    "C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
    "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
    "C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
    "C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
    "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
    "C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{089C438A-AFAE-43CA-A933-3767AD15FE22}" = rport=445 | protocol=6 | dir=out | app=system |
    "{233D3CF4-1EE4-4A36-AC4B-5F71EAA3C13C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{2F6CD6EF-FEDF-4E5F-961D-9D94C6D0B6B8}" = lport=139 | protocol=6 | dir=in | app=system |
    "{35A426EB-FD27-409B-A789-8BB12CD8432B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{4C70CC6E-D018-4C58-86E7-422B519B6DF3}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A6F83F31-3E26-4232-A99F-F52E99221926}" = lport=138 | protocol=17 | dir=in | app=system |
    "{AA5A8CA2-D831-42D6-B190-882F303CB008}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{BA19C8F7-7853-46B3-94BA-15F310C40B34}" = rport=137 | protocol=17 | dir=out | app=system |
    "{EC3AD290-5ECC-4B45-BE10-60A11C13B2DC}" = lport=445 | protocol=6 | dir=in | app=system |
    "{F35A2F20-B2AB-41E8-9BF5-AAF2F9919CBF}" = rport=139 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{11B577DB-CCC7-4A03-AC96-37E0F6E8DDD5}" = protocol=1 | dir=out | [email protected],-28544 |
    "{1560F95F-FF18-4B67-A0DC-EDBE8D114F45}" = protocol=58 | dir=out | [email protected],-28546 |
    "{1670E55F-DF2F-487D-A13A-F6FAB50E612D}" = protocol=6 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeafax.exe |
    "{1CE96386-4FEE-4F41-9DDE-62639499AB67}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
    "{213766A8-12E3-4DDD-98CA-BC7838EB4BE9}" = protocol=6 | dir=in | app=c:\windows\system32\lxeacoms.exe |
    "{33C9712C-B5A2-455C-8BBD-88E4288C63D1}" = protocol=6 | dir=in | app=c:\program files\lexmark\dashboard\lx__dashboard.exe |
    "{33EEE166-85DE-46AC-87E1-E20A5A5434EB}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
    "{341730A9-9212-4EF8-95C9-BE94FE60087B}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{3DE37D16-C6D1-49F6-8A8E-62A5393A64FA}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "{4260C12A-DDA9-40E5-B8C6-685A144597D6}" = protocol=17 | dir=in | app=c:\windows\system32\lxeacoms.exe |
    "{5BCFD4F0-3F32-4E87-AEFC-FF046D56D29F}" = protocol=17 | dir=in | app=c:\program files\lexmark\dashboard\lx__dashboard.exe |
    "{6B4511AF-E63A-495C-A437-40B0846C6679}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
    "{6C8BF0A6-8497-4690-A024-11A85EAD1B0E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{6D3694CA-0040-4604-B04C-04D86A24AE9A}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{7E422C72-CDB8-4FA4-A345-DC20BD82DD47}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{91F88C42-C871-4F36-8830-74BD0271EC0F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{92ED1A14-ECEB-4F1B-B31A-4CC2C8F53ECA}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{A421C35B-D1BE-4FDE-8C04-88E07F60DC41}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
    "{AA8D63C3-97FE-44BB-8C8D-D4B21A9439B3}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
    "{B0C4F9D5-9066-4D62-BEA9-55C2E7B28544}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
    "{BDA5D874-16EF-4B10-8BA6-5856E0B56CE3}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
    "{C222BBF1-F6DE-4DA0-888B-C4EDC0C405F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C43A7793-7591-47E6-A4C9-4E22887E94F3}" = protocol=58 | dir=in | [email protected],-28545 |
    "{C8B48812-AEE2-4B5B-BA62-149B390DB255}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DEAFFECE-E94E-4134-AFB8-E9C2CBCD4BE7}" = protocol=1 | dir=in | [email protected],-28543 |
    "{E1824D05-EA91-4A16-A1C5-8ABF6420E3D7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E2F60330-E265-47C9-B5B2-B2E70545DEA9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{E9B1D32D-B0F8-4D63-BE9C-E66C0DD69E1D}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "{F2D2F87F-7009-4617-8A31-96F85207EF1D}" = protocol=17 | dir=in | app=c:\program files\lexmark s300-s400 series\lxeafax.exe |
    "TCP Query User{13B0A5F0-C0BC-4E52-AA64-8EED5FDD68FA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{13F2D7A3-F3C7-4BBC-9054-DCAF3A4E0EA9}C:\program files\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=6 | dir=in | app=c:\program files\kodak\kodak easyshare software\bin\easyshare.exe |
    "TCP Query User{EB2CA69E-D0EA-40D1-9476-96B7BF399982}C:\program files\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=6 | dir=in | app=c:\program files\kodak\kodak easyshare software\bin\easyshare.exe |
    "UDP Query User{A4BBD3AA-BF2B-4FD6-8A8A-89DD2C82A07B}C:\program files\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=17 | dir=in | app=c:\program files\kodak\kodak easyshare software\bin\easyshare.exe |
    "UDP Query User{BFB379FA-DD4A-46D7-82F2-1AA9AAFCC1C6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{DDF50F16-A52C-4FD0-923D-CF7A937ECDD9}C:\program files\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=17 | dir=in | app=c:\program files\kodak\kodak easyshare software\bin\easyshare.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
    "{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
    "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
    "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Belkin Bluetooth Software
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Dynex 6-in-1 card reader
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DF0BE48-16F0-4E36-814D-9B4FDFFAF25F}" = PayPal Plug-In
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
    "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409
    "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FD86D586-D504-4B44-BF7F-D5234117ABE8}" = File Secure Pro Viewer
    "Acer Assist" = Acer Assist
    "Acer Registration" = Acer Registration
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "CCleaner" = CCleaner
    "DiskRedactor_is1" = DiskRedactor
    "GridVista" = Acer GridVista
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
    "Lexmark S300-S400 Series" = Lexmark S300-S400 Series
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "TreeSize Free_is1" = TreeSize Free V2.5
    "TreeSize Professional_is1" = TreeSize Professional V5.4.4
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4176329100-3699768917-3268998878-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "AOL Toolbar" = AOL Toolbar
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/3/2011 11:19:28 PM | Computer Name = GUS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/3/2011 11:19:28 PM | Computer Name = GUS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6989

    Error - 1/3/2011 11:19:28 PM | Computer Name = GUS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6989

    Error - 1/4/2011 12:47:39 AM | Computer Name = GUS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/4/2011 12:47:39 AM | Computer Name = GUS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5298403

    Error - 1/4/2011 12:47:39 AM | Computer Name = GUS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5298403

    Error - 1/4/2011 12:47:40 AM | Computer Name = GUS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/4/2011 12:47:40 AM | Computer Name = GUS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5299588

    Error - 1/4/2011 12:47:40 AM | Computer Name = GUS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5299588

    Error - 1/4/2011 12:47:41 AM | Computer Name = GUS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    [ System Events ]
    Error - 8/24/2011 5:07:51 PM | Computer Name = GUS | Source = Service Control Manager | ID = 7001
    Description =

    Error - 8/24/2011 5:15:06 PM | Computer Name = GUS | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.23 for the Network Card with network
    address 001FE157E206 has been denied by the DHCP server 192.168.1.254 (The DHCP
    Server sent a DHCPNACK message).

    Error - 8/25/2011 9:56:03 AM | Computer Name = GUS | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F5FD6682-73BA-41A8-B733-B5E46D31980C}
    because another computer on the network has the same name. The server could not
    start.

    Error - 8/25/2011 9:56:12 AM | Computer Name = GUS | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F5FD6682-73BA-41A8-B733-B5E46D31980C}
    because another computer on the network has the same name. The server could not
    start.

    Error - 8/26/2011 2:45:54 AM | Computer Name = GUS | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F5FD6682-73BA-41A8-B733-B5E46D31980C}
    because another computer on the network has the same name. The server could not
    start.

    Error - 8/26/2011 2:45:56 AM | Computer Name = GUS | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F5FD6682-73BA-41A8-B733-B5E46D31980C}
    because another computer on the network has the same name. The server could not
    start.

    Error - 8/27/2011 1:16:36 AM | Computer Name = GUS | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F5FD6682-73BA-41A8-B733-B5E46D31980C}
    because another computer on the network has the same name. The server could not
    start.

    Error - 8/27/2011 1:16:39 AM | Computer Name = GUS | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F5FD6682-73BA-41A8-B733-B5E46D31980C}
    because another computer on the network has the same name. The server could not
    start.

    Error - 8/28/2011 12:59:02 AM | Computer Name = GUS | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F5FD6682-73BA-41A8-B733-B5E46D31980C}
    because another computer on the network has the same name. The server could not
    start.

    Error - 8/28/2011 12:59:14 AM | Computer Name = GUS | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F5FD6682-73BA-41A8-B733-B5E46D31980C}
    because another computer on the network has the same name. The server could not
    start.


    < End of report >
     
  6. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi again. Sorry for the delay, we have been really busy.

    I noticed you have Hitman Pro installed, this software can sometimes cause more problems than actually fix them. I would personally remove it by following instructions listed below.

    • Click "start" on the taskbar and then click on the "Control Panel" icon.
    • Please doubleclick the "Add or Remove Programs" icon
    • A list of programs installed will be "populated" this may take a bit of time.
    • If they exist, uninstall the following by clicking on the following entries and selecting "remove":
      Hitman Pro
    Next:
    [​IMG] Backup Registry with ERUNT
    This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.

    • Please download erunt-setup.exe[/URL]] and save it to your desktop.
    • Right-click erunt-setup.exe and select run as administrator.
    • Follow the prompts and allow ERUNT to be installed.
    • When asked for the location for it to be installed in, let it be installed at the default. (C:\Windows\ERDNT)
    • If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes.
    • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
    • Close the program once the registry backup is complete.
    You can find a complete guide to using the program here:
    http://www.larshederer.homepage.t-online.de/erunt/erunt.txt[/url]

    Next:



    Running OTL
    • Right-click on the OTL.exe icon on your desktop and select run as administrator
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

    • Code:
      :OTL 
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{885304CF-2205-4949-9038-74E5E00B003A}: C:\Users\Lisa\AppData\Local\{885304CF-2205-4949-9038-74E5E00B003A}\ [2011/07/05 22:10:56 | 000,000,000 | ---D | M]
      [2009/12/07 23:20:45 | 000,009,941 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\sea rchplugins\mywebsearch.xml
      [2011/07/05 22:10:58 | 000,000,120 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Pqamaneyul.dat
      [2011/07/05 22:10:58 | 000,000,000 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Hyutiruhakucad.bin
      [2011/04/28 13:00:04 | 000,010,168 | -HS- | C] () -- C:\Users\Lisa\AppData\Local\6juo3571r2wklq
      [2011/04/28 13:00:04 | 000,010,168 | -HS- | C] () -- C:\ProgramData\6juo3571r2wklq
      [2011/02/14 22:11:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\iptd.sys
      [2011/01/28 12:54:06 | 000,048,640 | ---- | C] () -- C:\Windows\fsViewer_acm.exe
      [2011/01/28 12:53:52 | 000,051,200 | ---- | C] () -- C:\Windows\fsViewer_h.dll
      [2010/04/22 21:57:06 | 000,004,872 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
      [2008/03/20 13:25:45 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3E7393FC
      @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:193426B4
      @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:57DC3B52
       
      :Files 
      ipconfig /flushdns /c
      netsh firewall reset /c 
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [EMPTYFLASH] 
      [createrestorepoint] 
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button.
    Next

    I notice you don't have an antivirus software installed. It is critical to have one installed to ensure your computer is free from any virus infections.
    Install Antivirus
    An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a (ONE) free anti-virus program from one of the links below:







    Update It after the installation is complete please and keep it up to date at all times.

    Rootkit Scan
    Download aswMBR.exe ( 1.8mb ) to your desktop.

    Right-Click the aswMBR.exe and choose Run as administrator

    When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
    Click the "Scan" button to start scan
    [​IMG]

    On completion of the scan click save log, save it to your desktop and post in your next reply
    [​IMG]
    In your next reply, please post the following:

    • OTL custom fix log.
    • New OTL log.
    • Log from aswMBR.
     
  7. SeekingSanity

    SeekingSanity Thread Starter

    Joined:
    Dec 22, 2008
    Messages:
    51
    Hi Jimbo,

    I've been busy too so no problem (but I did wonder at one point recently) ...
    Unfortunately, I have some problems with your instructions.

    A) the link you gave me to erunt won't load for me ... I tried repeatedly. Is there another recommended site I can get it from?

    B) I skimmed down your other steps and noticed running OTL again ... I find it on my system by typing "OTL" in the search box, but when I right click there's no option for running as administrator (Vista). I wasn't able to run as administrator the 1st time either. Is this OK?

    C) Do you see anything else that I might be able to delete (I've had problems with HDD space in the past & wonder if some things could be dropped). I have 25gb on C: now -- is that enough for all the programs you want me to download?

    I'll await an answer and thanks much for your help, considering your time demands.
     
  8. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi again.

    OTL should be located in your desktop. To run OTL or any other tool please do the following:


    • Right click the tool and choose properties.
    • Click the Compatibility tab at the top and choose Run as administrator.
    • Do the same for each program that requires admin rights.

    The program I have asked you to download at most are 1MB. You have 25GB which is 25,000 MB. Once we deal with the malware then we will see if we can free up some space.

    I noticed you have Hitman Pro installed, this software can sometimes cause more problems than actually fix them. I would personally remove it by following instructions listed below.

    • Click "start" on the taskbar and then click on the "Control Panel" icon.
    • Please doubleclick the "Add or Remove Programs" icon
    • A list of programs installed will be "populated" this may take a bit of time.
    • If they exist, uninstall the following by clicking on the following entries and selecting "remove":
      Hitman Pro
    Next:
    [​IMG] Backup Registry with ERUNT
    This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.

    • Please download Erunt-setup and save it to your desktop.
    • Right-click erunt-setup.exe and select run as administrator.
    • Follow the prompts and allow ERUNT to be installed.
    • When asked for the location for it to be installed in, let it be installed at the default. (C:\Windows\ERDNT)
    • If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes.
    • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
    • Close the program once the registry backup is complete.
    You can find a complete guide to using the program here:
    http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

    Next:

    Running OTL
    • Right-click on the OTL.exe icon on your desktop and select run as administrator
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

    • Code:
      :OTL 
      FF -  HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{885304CF-2205-4949-9038-74E5E00B003A}:  C:\Users\Lisa\AppData\Local\{885304CF-2205-4949-9038-74E5E00B003A}\  [2011/07/05 22:10:56 | 000,000,000 | ---D | M]
      [2009/12/07 23:20:45 | 000,009,941 | ---- | M] () --  C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\sea  rchplugins\mywebsearch.xml
      [2011/07/05 22:10:58 | 000,000,120 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Pqamaneyul.dat
      [2011/07/05 22:10:58 | 000,000,000 | ---- | C] () -- C:\Users\Lisa\AppData\Local\Hyutiruhakucad.bin
      [2011/04/28 13:00:04 | 000,010,168 | -HS- | C] () -- C:\Users\Lisa\AppData\Local\6juo3571r2wklq
      [2011/04/28 13:00:04 | 000,010,168 | -HS- | C] () -- C:\ProgramData\6juo3571r2wklq
      [2011/02/14 22:11:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\iptd.sys
      [2011/01/28 12:54:06 | 000,048,640 | ---- | C] () -- C:\Windows\fsViewer_acm.exe
      [2011/01/28 12:53:52 | 000,051,200 | ---- | C] () -- C:\Windows\fsViewer_h.dll
      [2010/04/22 21:57:06 | 000,004,872 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
      [2008/03/20 13:25:45 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3E7393FC
      @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:193426B4
      @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:57DC3B52
       
      :Files 
      ipconfig /flushdns /c
      netsh firewall reset /c 
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [EMPTYFLASH] 
      [createrestorepoint] 
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button.
    Next

    I notice you don't have an antivirus software installed. It is critical to have one installed to ensure your computer is free from any virus infections.
    Install Antivirus
    An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a (ONE) free anti-virus program from one of the links below:



    Update It after the installation is complete please and keep it up to date at all times.

    Rootkit Scan
    Download aswMBR.exe ( 1.8mb ) to your desktop.

    Right-Click the aswMBR.exe and choose Run as administrator

    When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
    Click the "Scan" button to start scan
    [​IMG]

    On completion of the scan click save log, save it to your desktop and post in your next reply
    [​IMG]
    In your next reply, please post the following:

    • OTL custom fix log.
    • New OTL log.
    • Log from aswMBR.
     
  9. SeekingSanity

    SeekingSanity Thread Starter

    Joined:
    Dec 22, 2008
    Messages:
    51
    The only way I find OTL is by doing a search, and then it shows up in "indexed locations." If I select properties, there is no compatibility tab - just general, shortcut, security, and details. I just looked at it again and actually, the "indexed locations" is ONLY the log I sent you previously (the extension, I now noticed, is .txt). Maybe I should download again?
     
  10. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Download and run OTL

    1. Download OTL by OldTimer and save it to your desktop.
    2. Please Right-click on the OTL.exe icon on your desktop and choose run as administrator
    Now you can follow with the rest of the instructions.
     
  11. SeekingSanity

    SeekingSanity Thread Starter

    Joined:
    Dec 22, 2008
    Messages:
    51
    [COLOR=black][FONT=Verdana, Arial, Helvetica, sans-serif][SIZE=3][COLOR=black][FONT=Verdana, Arial, Helvetica, sans-serif][SIZE=3][COLOR=black][SIZE=4][B]CUSTOM FIX LOG 9.2.11[/B][/SIZE]
    [/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT] [LEFT]
    All processes killed
    ========== OTL ==========
    File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{885304CF-2205-4949-9038-74E5E00B003A}: C:\Users\Lisa\AppData\Local\{885304CF-2205-4949-9038-74E5E00B003A}\ not found.
    File C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\sea rchplugins\mywebsearch.xml not found.
    C:\Users\Lisa\AppData\Local\Pqamaneyul.dat moved successfully.
    C:\Users\Lisa\AppData\Local\Hyutiruhakucad.bin moved successfully.
    C:\Users\Lisa\AppData\Local\6juo3571r2wklq moved successfully.
    C:\ProgramData\6juo3571r2wklq moved successfully.
    C:\Windows\System32\drivers\iptd.sys moved successfully.
    C:\Windows\fsViewer_acm.exe moved successfully.
    C:\Windows\fsViewer_h.dll moved successfully.
    C:\ProgramData\mtbjfghn.xbe moved successfully.
    C:\Windows\System32\NTIBUN4.dll moved successfully.
    ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
    ADS C:\ProgramData\TEMP:3E7393FC deleted successfully.
    ADS C:\ProgramData\TEMP:C7F04040 deleted successfully.
    Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
    ADS C:\ProgramData\TEMP:193426B4 deleted successfully.
    ADS C:\ProgramData\TEMP:57DC3B52 deleted successfully.
    ========== FILES ==========
    [color=#A23BEC]< ipconfig /flushdns /c >[/color]
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    D:\Lisa Downloads June13\cmd.bat deleted successfully.
    D:\Lisa Downloads June13\cmd.txt deleted successfully.
    [color=#A23BEC]< netsh firewall reset /c >[/color]
    Ok.
    D:\Lisa Downloads June13\cmd.bat deleted successfully.
    D:\Lisa Downloads June13\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LEDERHOSEN
    ->Temp folder emptied: 3395118 bytes
    ->Temporary Internet Files folder emptied: 611865 bytes
    ->FireFox cache emptied: 66187447 bytes
    ->Flash cache emptied: 961 bytes

    User: Lisa
    ->Temp folder emptied: 1067103 bytes
    ->Temporary Internet Files folder emptied: 360582 bytes
    ->Java cache emptied: 32061553 bytes
    ->FireFox cache emptied: 107973734 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 2835969 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 134823 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 69020 bytes

    Total Files Cleaned = 205.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: LEDERHOSEN
    ->Flash cache emptied: 0 bytes

    User: Lisa
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.26.6 log created on 09022011_133647

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    [LEFT][SIZE=4][B]OTL QUICKSCAN AFTER FIX
    [/B][/SIZE]
    OTL logfile created on: 9/2/2011 1:51:40 PM - Run 2
    OTL by OldTimer - Version 3.2.26.6 Folder = D:\Lisa Downloads June13
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.49 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 37.24% Memory free
    3.23 Gb Paging File | 1.99 Gb Available in Paging File | 61.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 50.14 Gb Total Space | 24.91 Gb Free Space | 49.68% Space Free | Partition Type: NTFS
    Drive D: | 49.93 Gb Total Space | 19.80 Gb Free Space | 39.65% Space Free | Partition Type: NTFS

    Computer Name: GUS | User Name: Lisa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    [color=#E56717]========== Processes (SafeList) ==========[/color]

    PRC - [2011/09/02 13:40:42 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Lisa\AppData\Local\Temp\RtkBtMnt.exe
    PRC - [2011/08/27 23:50:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Lisa Downloads June13\OTL.exe
    PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2009/07/29 11:47:32 | 000,602,792 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe
    PRC - [2009/07/29 11:47:25 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxeaserv.exe
    PRC - [2009/04/29 09:24:39 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
    PRC - [2009/04/29 09:24:36 | 000,766,632 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/11/07 17:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/03/11 04:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/03/05 08:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    PRC - [2008/02/04 19:43:08 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2008/01/20 21:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
    PRC - [2008/01/09 20:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    PRC - [2008/01/04 12:30:48 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2007/12/20 13:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
    PRC - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
    PRC - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    PRC - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
    PRC - [2007/10/23 12:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    PRC - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    PRC - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    PRC - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
    PRC - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    PRC - [2007/09/06 14:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    [color=#E56717]========== Modules (No Company Name) ==========[/color]

    MOD - [2011/08/11 03:31:01 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
    MOD - [2011/08/11 03:28:29 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
    MOD - [2011/08/11 03:28:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
    MOD - [2011/08/11 03:28:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
    MOD - [2011/08/11 03:26:44 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
    MOD - [2011/08/11 03:24:59 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
    MOD - [2011/08/11 03:18:43 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
    MOD - [2011/08/11 03:15:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
    MOD - [2011/08/11 03:12:12 | 000,215,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cadbc1d686482550dbd14e69a4abd8ff\System.ServiceProcess.ni.dll
    MOD - [2011/08/11 03:05:42 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/06/22 10:39:55 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2009/06/19 22:43:17 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2009/05/27 09:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll
    MOD - [2009/04/29 09:24:39 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
    MOD - [2009/04/29 09:24:36 | 000,766,632 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
    MOD - [2009/04/24 13:01:15 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll
    MOD - [2009/04/24 12:59:37 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll
    MOD - [2009/04/03 09:18:46 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll
    MOD - [2009/03/30 07:37:47 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll
    MOD - [2009/03/30 07:37:46 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll
    MOD - [2009/03/30 07:37:44 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizres.dll
    MOD - [2009/03/30 07:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizard.dll
    MOD - [2009/03/30 07:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll
    MOD - [2009/03/30 07:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epfunct.dll
    MOD - [2009/03/30 07:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\eputil.dll
    MOD - [2009/03/30 07:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\imagutil.dll
    MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll
    MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll
    MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXEAsmr.dll
    MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEAsm.dll
    MOD - [2008/01/09 20:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
    MOD - [2008/01/09 20:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
    MOD - [2008/01/03 04:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
    MOD - [2007/12/20 15:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
    MOD - [2007/12/20 13:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
    MOD - [2007/12/19 20:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
    MOD - [2007/12/19 20:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
    MOD - [2007/12/19 20:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
    MOD - [2007/12/19 20:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
    MOD - [2007/10/23 12:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    MOD - [2007/09/20 16:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
    MOD - [2007/09/11 11:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
    MOD - [2007/02/13 08:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
    MOD - [2003/06/07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]

    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/07/29 11:47:32 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device)
    SRV - [2009/07/29 11:47:25 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
    SRV - [2008/11/07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/20 21:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2008/01/20 21:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
    SRV - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
    SRV - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
    SRV - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
    SRV - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
    SRV - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
    SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    [color=#E56717]========== Driver Services (SafeList) ==========[/color]

    DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
    DRV - [2008/09/26 10:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/09/26 10:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/08/22 00:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2008/08/22 00:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
    DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2007/12/11 04:42:44 | 000,163,376 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/08/02 17:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2007/07/30 09:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/07/03 12:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
    DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
    DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/03/09 01:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2007/01/30 00:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/11/02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
    DRV - [2006/06/07 03:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2005/08/17 08:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
    DRV - [2005/08/17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2001/12/27 10:59:34 | 000,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Wibukey.sys -- (WIBUKEY)


    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]


    [color=#E56717]========== Internet Explorer ==========[/color]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://en.us.acer.yahoo.com[/url]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url]http://en.us.acer.yahoo.com[/url]

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [url]http://global.acer.com[/url] [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.ask.com?o=41647940&l=dis&gct=hp[/url]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    [color=#E56717]========== FireFox ==========[/color]

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?ncid=toolbar"
    FF - prefs.js..extensions.enabledItems: {fa1cfe8c-66b4-4469-b360-b60c79d70c28}:5.22.35.6104
    FF - prefs.js..extensions.enabledItems: [email protected]:2.2.26.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 10:36:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/25 00:05:08 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{885304CF-2205-4949-9038-74E5E00B003A}: C:\Users\Lisa\AppData\Local\{885304CF-2205-4949-9038-74E5E00B003A}\ [2011/07/05 22:10:56 | 000,000,000 | ---D | M]

    [2009/01/25 11:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
    [2011/08/11 08:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions
    [2010/07/26 08:21:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/24 20:49:55 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
    [2011/06/24 20:49:49 | 000,000,000 | ---D | M] ("AOL Mail Toolbar") -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions\{fa1cfe8c-66b4-4469-b360-b60c79d70c28}
    [2011/05/10 10:12:22 | 000,002,340 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\aol-search.xml
    [2010/02/17 11:19:38 | 000,002,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\ask.xml
    [2011/01/13 14:54:41 | 000,002,574 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\askcom.xml
    [2009/12/07 23:20:45 | 000,009,941 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\mywebsearch.xml
    [2011/06/26 07:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/07/05 22:10:56 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\LISA\APPDATA\LOCAL\{885304CF-2205-4949-9038-74E5E00B003A}
    () (No name found) -- C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50QLIVEE.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
    [2011/09/01 10:36:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/06/22 10:29:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/05/10 10:09:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/09/02 13:37:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
    O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
    O4 - HKLM..\Run: [Acer Tour Reminder] File not found
    O4 - HKLM..\Run: [ALaunch] File not found
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SetPanel] File not found
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Driver Updater] C:\Program Files\Carambis\Driver Updater\dupdater.exe (Media Fog Ltd.)
    O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Windows\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{a30c6bbb-78bb-11e0-a100-001eec42ced8}\Shell - "" = AutoRun
    O33 - MountPoints2\{a30c6bbb-78bb-11e0-a100-001eec42ced8}\Shell\AutoRun\command - "" = Iomega Encryption Utility.exe
    O33 - MountPoints2\{e5bf29fd-06f0-11df-a183-001eec42ced8}\Shell - "" = AutoRun
    O33 - MountPoints2\{e5bf29fd-06f0-11df-a183-001eec42ced8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "%1" %*

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2011/09/02 13:32:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/09/02 13:28:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2011/09/02 13:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/09/02 12:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
    [2011/09/02 12:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
    [2011/08/23 22:51:11 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- D:\Desktop\TDSSKiller.exe
    [2011/08/22 23:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/08/22 23:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/08/15 09:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2011/08/15 09:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2011/08/08 21:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/08/08 21:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/08/08 21:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/08/08 21:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/08/08 21:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2010/05/07 16:37:18 | 000,581,632 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
    [2010/05/07 16:37:15 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
    [2010/05/07 16:37:15 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll
    [2009/11/27 15:04:11 | 001,056,768 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
    [2009/11/27 15:04:11 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
    [2009/11/27 15:04:11 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
    [2009/11/27 15:04:10 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
    [2009/11/27 15:04:10 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
    [2009/11/27 15:04:10 | 000,328,360 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe
    [2009/11/27 15:04:09 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
    [2009/11/27 15:04:08 | 000,602,792 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe
    [2009/11/27 15:04:07 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
    [2009/11/27 15:04:07 | 000,369,320 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe
    [2009/11/27 15:04:03 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeahcp.dll
    [2008/05/12 12:45:18 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
    [2008/05/12 12:29:50 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
    [2008/05/12 12:29:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

    [2011/09/02 13:45:27 | 000,608,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/09/02 13:45:27 | 000,106,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/09/02 13:41:19 | 000,004,872 | ---- | M] () -- C:\ProgramData\mtbjfghn.xbe
    [2011/09/02 13:40:03 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/02 13:40:02 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/02 13:39:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/02 13:37:02 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2011/09/02 13:28:27 | 000,000,845 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/09/02 12:01:11 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
    [2011/09/02 12:01:11 | 000,000,198 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url
    [2011/09/01 22:18:58 | 013,164,544 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
    [2011/09/01 22:18:58 | 007,378,944 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
    [2011/09/01 13:51:40 | 000,027,700 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
    [2011/08/31 14:28:12 | 000,010,240 | ---- | M] () -- D:\Lisa Documents June13\AA 10TH STEP LEAD.wps
    [2011/08/28 02:01:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
    [2011/08/27 04:26:29 | 000,010,752 | ---- | M] () -- D:\Lisa Documents June13\AA satmed treasuer apology.wps
    [2011/08/24 13:35:05 | 000,054,272 | ---- | M] () -- D:\Lisa Documents June13\REF LOGINS PWs PINS.wps
    [2011/08/23 17:02:54 | 000,011,776 | ---- | M] () -- D:\Lisa Documents June13\GOOGLEREDIRECT SCANS.wps
    [2011/08/22 23:44:54 | 002,366,408 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/08/22 23:36:53 | 000,512,992 | ---- | M] () -- D:\Desktop\PCTools_Safe_Install.exe
    [2011/08/22 22:52:13 | 000,012,288 | ---- | M] () -- D:\Lisa Documents June13\DRAFT COPIES.wps
    [2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- D:\Desktop\TDSSKiller.exe
    [2011/08/22 14:18:39 | 000,053,760 | ---- | M] () -- D:\Lisa Documents June13\AA satmed treas.wps
    [2011/08/22 12:19:08 | 000,022,528 | ---- | M] () -- D:\Lisa Documents June13\EBAY STEALTH 8.10.11.wps
    [2011/08/21 11:34:46 | 000,016,896 | ---- | M] () -- D:\Lisa Documents June13\AMY 82111.wps
    [2011/08/21 11:21:59 | 000,016,896 | ---- | M] () -- D:\Lisa Documents June13\CONTRACT WAY TO GROW CONTRACT.wps
    [2011/08/19 16:38:01 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2011/08/14 20:35:24 | 000,137,216 | ---- | M] () -- D:\Lisa Documents June13\VISTA hidden files.wps
    [2011/08/10 10:10:51 | 000,018,432 | ---- | M] () -- D:\Lisa Documents June13\AMANDA 81011.wps
    [2011/08/08 21:32:45 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/08/08 21:17:41 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/08/05 12:12:58 | 000,010,752 | ---- | M] () -- D:\Lisa Documents June13\REF EQUIP DUTCHS ADDRESS.wps
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    [color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2011/09/02 13:41:19 | 000,004,872 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
    [2011/09/02 13:28:27 | 000,000,845 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/09/02 12:01:11 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
    [2011/09/02 12:01:11 | 000,000,198 | ---- | C] () -- C:\Users\Public\Desktop\Play More Great Games!.url
    [2011/08/31 14:28:11 | 000,010,240 | ---- | C] () -- D:\Lisa Documents June13\AA 10TH STEP LEAD.wps
    [2011/08/27 03:19:18 | 000,010,752 | ---- | C] () -- D:\Lisa Documents June13\AA satmed treasuer apology.wps
    [2011/08/23 17:02:54 | 000,011,776 | ---- | C] () -- D:\Lisa Documents June13\GOOGLEREDIRECT SCANS.wps
    [2011/08/22 23:41:54 | 002,366,408 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/08/22 23:37:03 | 000,512,992 | ---- | C] () -- D:\Desktop\PCTools_Safe_Install.exe
    [2011/08/22 22:52:12 | 000,012,288 | ---- | C] () -- D:\Lisa Documents June13\DRAFT COPIES.wps
    [2011/08/22 11:56:54 | 000,022,528 | ---- | C] () -- D:\Lisa Documents June13\EBAY STEALTH 8.10.11.wps
    [2011/08/21 11:34:46 | 000,016,896 | ---- | C] () -- D:\Lisa Documents June13\AMY 82111.wps
    [2011/08/21 11:21:59 | 000,016,896 | ---- | C] () -- D:\Lisa Documents June13\CONTRACT WAY TO GROW CONTRACT.wps
    [2011/08/20 06:56:40 | 000,053,760 | ---- | C] () -- D:\Lisa Documents June13\AA satmed treas.wps
    [2011/08/15 09:52:38 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2011/08/14 20:35:24 | 000,137,216 | ---- | C] () -- D:\Lisa Documents June13\VISTA hidden files.wps
    [2011/08/10 10:10:51 | 000,018,432 | ---- | C] () -- D:\Lisa Documents June13\AMANDA 81011.wps
    [2011/08/08 21:32:45 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/08/08 21:17:41 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/08/05 12:12:58 | 000,010,752 | ---- | C] () -- D:\Lisa Documents June13\REF EQUIP DUTCHS ADDRESS.wps
    [2010/05/07 16:41:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll
    [2010/05/07 16:37:36 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini
    [2010/05/07 16:37:19 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll
    [2010/05/04 02:08:54 | 000,000,103 | ---- | C] () -- C:\Windows\dellstat.ini
    [2010/04/25 13:57:13 | 000,000,220 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2010/04/22 22:41:39 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LXEAPMON.DLL
    [2010/04/22 22:41:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXEAFXPU.DLL
    [2010/04/22 22:41:19 | 004,485,120 | ---- | C] () -- C:\Windows\System32\LXEAoem.dll
    [2010/04/11 21:47:00 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2009/12/11 16:42:41 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2009/11/27 15:04:09 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
    [2009/11/27 15:04:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
    [2009/11/27 15:04:03 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
    [2009/11/27 15:04:03 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
    [2009/11/27 15:04:03 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
    [2009/11/27 15:04:03 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
    [2009/11/27 15:04:02 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
    [2009/11/27 15:04:02 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
    [2009/11/27 15:04:02 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
    [2009/11/27 15:04:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
    [2009/11/27 15:04:02 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
    [2009/10/15 01:05:32 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll
    [2009/10/15 01:05:31 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll
    [2009/09/10 23:27:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/10 23:27:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/07/01 09:15:57 | 000,027,700 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
    [2009/06/30 08:41:48 | 000,057,552 | ---- | C] () -- C:\Windows\System32\WKDOS.EXE
    [2008/12/28 21:00:16 | 000,001,356 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d9caps.dat
    [2008/12/16 15:51:47 | 000,006,144 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/10 09:59:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/05/12 13:13:14 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
    [2008/05/12 13:13:09 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
    [2008/05/12 12:45:18 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
    [2008/05/12 12:41:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2008/05/12 12:41:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
    [2008/05/12 12:30:28 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2008/05/12 12:30:28 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe
    [2008/03/20 11:48:37 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
    [2008/03/20 11:44:09 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
    [2008/03/20 11:25:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2008/03/20 11:00:36 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2008/03/20 11:00:36 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
    [2008/03/20 11:00:36 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
    [2008/03/20 11:00:24 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/03/20 11:00:24 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2008/03/20 11:00:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/03/20 11:00:24 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,330,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,608,644 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,106,114 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2003/07/01 13:38:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\btprn2k.dll
    [2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
    [2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    [color=#E56717]========== LOP Check ==========[/color]

    [2010/01/13 22:53:42 | 000,000,000 | -HSD | M] -- C:\Users\Lisa\AppData\Roaming\.#
    [2008/12/07 23:05:11 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Acer
    [2008/03/20 12:07:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Acer GameZone Console
    [2011/02/14 18:19:57 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Amazon
    [2008/12/07 14:32:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\CEZEO software
    [2010/12/15 15:37:31 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/11/04 10:15:03 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FileOpen
    [2011/05/16 07:45:32 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\JAM Software
    [2008/12/07 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Leadertech
    [2011/06/22 09:41:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\MAGIX
    [2009/11/24 10:37:58 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org
    [2009/03/31 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Skinux
    [2011/05/11 09:44:18 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SoftGrid Client
    [2009/12/11 16:02:58 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SpinTop
    [2011/02/27 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Template
    [2011/01/06 14:06:04 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TP
    [2011/08/28 02:01:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
    [2011/09/02 13:38:20 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    [color=#E56717]========== Purity Check ==========[/color]



    [color=#E56717]========== Alternate Data Streams ==========[/color]

    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >

    [/LEFT]
    [/LEFT]
    [FONT=Verdana, Arial, Helvetica, sans-serif][SIZE=3][COLOR=black][FONT=Verdana, Arial, Helvetica, sans-serif][SIZE=3][COLOR=black][SIZE=4][B]aswMBR log

    [/B][/SIZE][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT]aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-02 14:03:38
    -----------------------------
    14:03:38.200 OS Version: Windows 6.0.6002 Service Pack 2
    14:03:38.200 Number of processors: 1 586 0x1601
    14:03:38.203 ComputerName: GUS UserName:
    14:03:41.077 Initialize success
    14:04:03.334 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    14:04:03.339 Disk 0 Vendor: ST9120817AS 3.AAA Size: 114473MB BusType: 3
    14:04:05.396 Disk 0 MBR read successfully
    14:04:05.406 Disk 0 MBR scan
    14:04:05.414 Disk 0 unknown MBR code
    14:04:05.433 Disk 0 scanning sectors +234438656
    14:04:05.513 Disk 0 scanning C:\Windows\system32\drivers
    14:04:15.205 Service scanning
    14:04:17.217 Modules scanning
    14:04:30.172 Disk 0 trace - called modules:
    14:04:30.208 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
    14:04:30.219 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84dbe5b0]
    14:04:30.227 3 CLASSPNP.SYS[873a28b3] -> nt!IofCallDriver -> [0x84c47408]
    14:04:30.239 5 acpi.sys[86c966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84c868a0]
    14:04:30.649 Scan finished successfully
    14:05:23.557 Disk 0 MBR has been saved successfully to "C:\Windows\System32\MBR.dat"
    14:05:23.585 The log file has been saved successfully to "C:\Windows\System32\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-02 14:03:38
    -----------------------------
    14:03:38.200 OS Version: Windows 6.0.6002 Service Pack 2
    14:03:38.200 Number of processors: 1 586 0x1601
    14:03:38.203 ComputerName: GUS UserName:
    14:03:41.077 Initialize success
    14:04:03.334 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    14:04:03.339 Disk 0 Vendor: ST9120817AS 3.AAA Size: 114473MB BusType: 3
    14:04:05.396 Disk 0 MBR read successfully
    14:04:05.406 Disk 0 MBR scan
    14:04:05.414 Disk 0 unknown MBR code
    14:04:05.433 Disk 0 scanning sectors +234438656
    14:04:05.513 Disk 0 scanning C:\Windows\system32\drivers
    14:04:15.205 Service scanning
    14:04:17.217 Modules scanning
    14:04:30.172 Disk 0 trace - called modules:
    14:04:30.208 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
    14:04:30.219 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84dbe5b0]
    14:04:30.227 3 CLASSPNP.SYS[873a28b3] -> nt!IofCallDriver -> [0x84c47408]
    14:04:30.239 5 acpi.sys[86c966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84c868a0]
    14:04:30.649 Scan finished successfully
    14:05:23.557 Disk 0 MBR has been saved successfully to "C:\Windows\System32\MBR.dat"
    14:05:23.585 The log file has been saved successfully to "C:\Windows\System32\aswMBR.txt"[FONT=Verdana, Arial, Helvetica, sans-serif][SIZE=3][COLOR=black][FONT=Verdana, Arial, Helvetica, sans-serif][SIZE=3][COLOR=black]
    [/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR]
     
  12. SeekingSanity

    SeekingSanity Thread Starter

    Joined:
    Dec 22, 2008
    Messages:
    51
    Jimbo - Just so you also know, I went to remove the Hitman Pro program, but I didn't find it on any drive (C or D). I DID download MS Security Essentials; when I restarted the sys after downloading this anti-virus program, it told me to remove any other anti-virus and all anti-spyware programs as it could severely affect the performance of my computer (don't know if that's MS standard lingo or really a problem). Finally, once Security Essentials was downloaded, a msg came up saying the registry could ONLY be restored manually if the need arises -- by using another OS to copy back the files. Hope this makes sense and thanks!
     
  13. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi sorry for the delay, please run OTL again to remove the remaining entries.


    Running OTL


    • Right-click on the OTL.exe icon on your desktop and select run as administrator
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
        :OTL 
        IE - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o...40&l=dis&gct=hp
        IE - HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
        FF - prefs.js..browser.search.defaultengine: "Ask.com"
        FF - prefs.js..browser.search.defaultenginename: "Ask.com"
        FF - prefs.js..browser.search.order.1: "Ask.com"
        FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{885304CF-2205-4949-9038-74E5E00B003A}: C:\Users\Lisa\AppData\Local\{885304CF-2205-4949-9038-74E5E00B003A}\ [2011/07/05 22:10:56 | 000,000,000 | ---D | M]
        [2011/07/05 22:10:56 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\LISA\APPDATA\LOCAL\{885304CF-2205-4949-9038-74E5E00B003A}  
         
        :Files 
         ipconfig /flushdns /c
        [B] [B]C:\ProgramData\Hitman Pro[/B][/B]
      
      
        :Commands 
      [emptytemp]   [EMPTYFLASH] 
        [createrestorepoint] 
        [Reboot]
        
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button.


    This program needs to be uninstalled using "uninstall a program", a feature which is automated and does not require manual removal. This feature is located in Control Panel and the instructions below will guide you through it. Just for reference the location of it is "C:\ProgramData\Hitman Pro".

    Next:

    Update Java

    It is critical to have the latest version of Java installed, because older versions are a security risk that malware often exploits.


    • To get the latest version of Java please go here.
    • Please select "Agree and Start Free Download".
    • Once downloaded please follow the on screen wizard to install it.
    • When installed, please go to Start -> Control Panel -> Programs and Features.
    • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
      They should have this icon next to any that are there: [​IMG]
      Select any found and choose Uninstall.

    Next:

    It appears your flash player is out of date. Please visit the link below to download the latest version. This will ensure any exploits with older versions are patches.

    http://get.adobe.com/flashplayer/

    Next:

    Run ESET Online Scan


    1. Right click on Internet Explorer, and choose Run as administrator.

    2. Then please copy this url to the new window you just opened. ESET OnlineScan
    3. Click the [​IMG] button.
    4. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the [​IMG] icon on your desktop.
    5. Check [​IMG]
    6. Click the [​IMG] button.
    7. Accept any security warnings from your browser.
    8. Check [​IMG]
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push [​IMG]
    12. Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    13. Push the [​IMG] button.
    14. Push [​IMG]

    You can refer to this animation by neomage if needed.

    In your next reply, please post:


    • OTL custom log.
    • New quick scan OTL log.
    • ESET log.
    • Were you successful in updating Java / Flash player?
     
  14. SeekingSanity

    SeekingSanity Thread Starter

    Joined:
    Dec 22, 2008
    Messages:
    51
    Jimbo - sorry it took me a while (but I sense you won't mind :)
    JAVA AND FLASH PLAYER:
    First, I was successful in updating flash player; Java is another story - after I installed (or tried to) I got a message that said it has been disabled because "Java Console 6.0.27 is not compatible with this version of Firefox" <<I have 6.0.2 version of Fire). So I guess I have Java but can't use it (what's the point?)

    ESET LOG:
    Unfortunately, since I impetuously skimmed your directions, I did NOT follow them and save a text of the removed threats (I somehow though hitting "finish" would give me a log, like OTL does). Is there another way for me to find out that info for you? I can tell you that I looked at what it removed -- 3 threats, 2 were backup related and one was Java related. Can I do anything else to help with this (now that I messed it up)?? <sorry!>

    HERE ARE THE OTHER LOGS - OTL CUSTOM AND QUICK SCANS (over 2 posts)



    1ST LOG FROM OTL - AFTER CUSTOM SCAN BUT BEFORE QUICK SCAN


    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKU\S-1-5-21-4176329100-3699768917-3268998878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "Ask.com" removed from browser.search.order.1
    File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{885304CF-2205-4949-9038-74E5E00B003A}: C:\Users\Lisa\AppData\Local\{885304CF-2205-4949-9038-74E5E00B003A}\ not found.
    C:\USERS\LISA\APPDATA\LOCAL\{885304CF-2205-4949-9038-74E5E00B003A}\chrome\content folder moved successfully.
    C:\USERS\LISA\APPDATA\LOCAL\{885304CF-2205-4949-9038-74E5E00B003A}\chrome folder moved successfully.
    C:\USERS\LISA\APPDATA\LOCAL\{885304CF-2205-4949-9038-74E5E00B003A} folder moved successfully.
    File ptytemp] [EMPTYFLASH] not found.
    File eaterestorepoint] not found.
    File boot] not found.

    OTL by OldTimer - Version 3.2.26.6 log created on 09072011_133308

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...



     
  15. SeekingSanity

    SeekingSanity Thread Starter

    Joined:
    Dec 22, 2008
    Messages:
    51
    LOG AFTER QUICKSCAN

    OTL logfile created on: 9/7/2011 1:45:10 PM - Run 3
    OTL by OldTimer - Version 3.2.26.6 Folder = D:\Lisa Downloads June13
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.49 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 32.18% Memory free
    3.23 Gb Paging File | 1.91 Gb Available in Paging File | 59.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 50.14 Gb Total Space | 25.02 Gb Free Space | 49.90% Space Free | Partition Type: NTFS
    Drive D: | 49.93 Gb Total Space | 19.80 Gb Free Space | 39.64% Space Free | Partition Type: NTFS

    Computer Name: GUS | User Name: Lisa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/02 13:40:42 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Lisa\AppData\Local\Temp\RtkBtMnt.exe
    PRC - [2011/08/27 23:50:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Lisa Downloads June13\OTL.exe
    PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2009/07/29 11:47:32 | 000,602,792 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe
    PRC - [2009/07/29 11:47:25 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxeaserv.exe
    PRC - [2009/04/29 09:24:39 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
    PRC - [2009/04/29 09:24:36 | 000,766,632 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/11/07 17:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/03/11 04:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/03/05 08:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    PRC - [2008/02/04 19:43:08 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    PRC - [2008/01/20 21:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
    PRC - [2008/01/09 20:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    PRC - [2008/01/04 12:30:48 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2007/12/20 13:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
    PRC - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
    PRC - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    PRC - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
    PRC - [2007/10/23 12:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    PRC - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    PRC - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    PRC - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
    PRC - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    PRC - [2007/09/06 14:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/04 03:25:50 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
    MOD - [2011/09/04 03:21:46 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1cc11918d8dd561391bba05c61de7573\System.ServiceProcess.ni.dll
    MOD - [2011/09/04 03:21:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
    MOD - [2011/09/04 03:21:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
    MOD - [2011/09/04 03:21:16 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
    MOD - [2011/09/04 03:21:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
    MOD - [2011/09/04 03:20:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
    MOD - [2011/09/04 03:20:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
    MOD - [2011/09/04 03:18:44 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
    MOD - [2011/09/04 03:18:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/06/22 10:39:55 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2009/06/19 22:43:17 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2009/05/27 09:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll
    MOD - [2009/04/29 09:24:39 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
    MOD - [2009/04/29 09:24:36 | 000,766,632 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
    MOD - [2009/04/24 13:01:15 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll
    MOD - [2009/04/24 12:59:37 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll
    MOD - [2009/04/03 09:18:46 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll
    MOD - [2009/03/30 07:37:47 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll
    MOD - [2009/03/30 07:37:46 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll
    MOD - [2009/03/30 07:37:44 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizres.dll
    MOD - [2009/03/30 07:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizard.dll
    MOD - [2009/03/30 07:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll
    MOD - [2009/03/30 07:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epfunct.dll
    MOD - [2009/03/30 07:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\eputil.dll
    MOD - [2009/03/30 07:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\imagutil.dll
    MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll
    MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll
    MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXEAsmr.dll
    MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEAsm.dll
    MOD - [2008/01/09 20:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
    MOD - [2008/01/09 20:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
    MOD - [2008/01/03 04:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
    MOD - [2007/12/20 15:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
    MOD - [2007/12/20 13:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
    MOD - [2007/12/19 20:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
    MOD - [2007/12/19 20:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
    MOD - [2007/12/19 20:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
    MOD - [2007/12/19 20:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
    MOD - [2007/10/23 12:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    MOD - [2007/09/20 16:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
    MOD - [2007/09/11 11:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
    MOD - [2007/02/13 08:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
    MOD - [2003/06/07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/07/29 11:47:32 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device)
    SRV - [2009/07/29 11:47:25 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
    SRV - [2008/11/07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/03/05 08:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/20 21:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2008/01/20 21:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/12/20 13:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
    SRV - [2007/12/19 20:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
    SRV - [2007/11/27 20:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
    SRV - [2007/10/01 18:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2007/09/20 15:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
    SRV - [2007/09/19 16:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
    SRV - [2007/09/10 17:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
    SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/09/07 13:36:07 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56D389BD-38EC-4186-B650-5B846C06EC45}\MpKsl314fb493.sys -- (MpKsl314fb493)
    DRV - [2011/09/07 13:33:39 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56D389BD-38EC-4186-B650-5B846C06EC45}\MpKsl6d8165cb.sys -- (MpKsl6d8165cb)
    DRV - [2011/09/06 12:59:46 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56D389BD-38EC-4186-B650-5B846C06EC45}\MpKsl67dd52e8.sys -- (MpKsl67dd52e8)
    DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
    DRV - [2008/09/26 10:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/09/26 10:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/08/22 00:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2008/08/22 00:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
    DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2007/12/11 04:42:44 | 000,163,376 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/08/02 17:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2007/07/30 09:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/07/03 12:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
    DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
    DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/03/09 01:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2007/01/30 00:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/11/02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
    DRV - [2006/06/07 03:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2005/08/17 08:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
    DRV - [2005/08/17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2001/12/27 10:59:34 | 000,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Wibukey.sys -- (WIBUKEY)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: ""
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?ncid=toolbar"
    FF - prefs.js..extensions.enabledItems: {fa1cfe8c-66b4-4469-b360-b60c79d70c28}:5.22.35.6104
    FF - prefs.js..extensions.enabledItems: [email protected]:2.2.26.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 10:36:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/25 00:05:08 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{885304CF-2205-4949-9038-74E5E00B003A}: C:\Users\Lisa\AppData\Local\{885304CF-2205-4949-9038-74E5E00B003A}\

    [2009/01/25 11:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
    [2011/08/11 08:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions
    [2010/07/26 08:21:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/24 20:49:55 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
    [2011/06/24 20:49:49 | 000,000,000 | ---D | M] ("AOL Mail Toolbar") -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\extensions\{fa1cfe8c-66b4-4469-b360-b60c79d70c28}
    [2011/05/10 10:12:22 | 000,002,340 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\aol-search.xml
    [2010/02/17 11:19:38 | 000,002,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\ask.xml
    [2011/01/13 14:54:41 | 000,002,574 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\askcom.xml
    [2009/12/07 23:20:45 | 000,009,941 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\50qlivee.default\searchplugins\mywebsearch.xml
    [2011/06/26 07:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50QLIVEE.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
    [2011/09/01 10:36:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/06/22 10:29:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/05/10 10:09:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/09/02 13:37:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
    O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
    O4 - HKLM..\Run: [Acer Tour Reminder] File not found
    O4 - HKLM..\Run: [ALaunch] File not found
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SetPanel] File not found
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Driver Updater] C:\Program Files\Carambis\Driver Updater\dupdater.exe (Media Fog Ltd.)
    O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Windows\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{a30c6bbb-78bb-11e0-a100-001eec42ced8}\Shell - "" = AutoRun
    O33 - MountPoints2\{a30c6bbb-78bb-11e0-a100-001eec42ced8}\Shell\AutoRun\command - "" = Iomega Encryption Utility.exe
    O33 - MountPoints2\{e5bf29fd-06f0-11df-a183-001eec42ced8}\Shell - "" = AutoRun
    O33 - MountPoints2\{e5bf29fd-06f0-11df-a183-001eec42ced8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/04 03:11:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/09/02 16:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/09/02 13:32:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/09/02 13:28:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2011/09/02 13:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/09/02 12:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
    [2011/09/02 12:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
    [2011/08/23 22:51:11 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- D:\Desktop\TDSSKiller.exe
    [2011/08/22 23:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/08/22 23:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/08/15 09:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2011/08/15 09:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2011/08/08 21:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/08/08 21:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/08/08 21:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/08/08 21:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/08/08 21:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2010/05/07 16:37:18 | 000,581,632 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
    [2010/05/07 16:37:15 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
    [2010/05/07 16:37:15 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll
    [2009/11/27 15:04:11 | 001,056,768 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
    [2009/11/27 15:04:11 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
    [2009/11/27 15:04:11 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
    [2009/11/27 15:04:10 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
    [2009/11/27 15:04:10 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
    [2009/11/27 15:04:10 | 000,328,360 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe
    [2009/11/27 15:04:09 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
    [2009/11/27 15:04:08 | 000,602,792 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe
    [2009/11/27 15:04:07 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
    [2009/11/27 15:04:07 | 000,369,320 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe
    [2009/11/27 15:04:03 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeahcp.dll
    [2008/05/12 12:45:18 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
    [2008/05/12 12:29:50 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
    [2008/05/12 12:29:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/07 13:42:45 | 000,610,744 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/09/07 13:42:45 | 000,107,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/09/07 13:36:07 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/07 13:36:06 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/07 13:35:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/07 09:34:24 | 000,027,760 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
    [2011/09/07 09:34:24 | 000,009,216 | ---- | M] () -- D:\Lisa Documents June13\DUTCH message copy.wps
    [2011/09/05 21:36:55 | 000,010,240 | ---- | M] () -- D:\Lisa Documents June13\EBAY HELP CL AD.wps
    [2011/09/05 11:43:06 | 013,164,544 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
    [2011/09/05 11:43:05 | 007,378,944 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
    [2011/09/04 23:58:58 | 000,057,856 | ---- | M] () -- D:\Lisa Documents June13\EBAY STEALTH 8.10.11.wps
    [2011/09/04 12:58:05 | 000,054,272 | ---- | M] () -- D:\Lisa Documents June13\REF LOGINS PWs PINS.wps
    [2011/09/04 12:57:59 | 000,014,336 | ---- | M] () -- D:\Lisa Documents June13\EBAY STEALTH 411.wps
    [2011/09/04 03:00:16 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
    [2011/09/02 17:00:08 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/09/02 16:49:11 | 000,000,512 | ---- | M] () -- C:\Windows\System32\MBR.dat
    [2011/09/02 14:01:20 | 000,099,328 | ---- | M] () -- D:\Lisa Documents June13\JIMBO QUICKSCAN 9211.wps
    [2011/09/02 13:41:19 | 000,004,872 | ---- | M] () -- C:\ProgramData\mtbjfghn.xbe
    [2011/09/02 13:37:02 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2011/09/02 13:28:27 | 000,000,845 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/09/02 12:01:11 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
    [2011/09/02 12:01:11 | 000,000,198 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url
    [2011/08/31 14:28:12 | 000,010,240 | ---- | M] () -- D:\Lisa Documents June13\AA 10TH STEP LEAD.wps
    [2011/08/27 04:26:29 | 000,010,752 | ---- | M] () -- D:\Lisa Documents June13\AA satmed treasuer apology.wps
    [2011/08/23 17:02:54 | 000,011,776 | ---- | M] () -- D:\Lisa Documents June13\GOOGLEREDIRECT SCANS.wps
    [2011/08/22 23:44:54 | 002,366,408 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/08/22 23:36:53 | 000,512,992 | ---- | M] () -- D:\Desktop\PCTools_Safe_Install.exe
    [2011/08/22 22:52:13 | 000,012,288 | ---- | M] () -- D:\Lisa Documents June13\DRAFT COPIES.wps
    [2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- D:\Desktop\TDSSKiller.exe
    [2011/08/22 14:18:39 | 000,053,760 | ---- | M] () -- D:\Lisa Documents June13\AA satmed treas.wps
    [2011/08/21 11:34:46 | 000,016,896 | ---- | M] () -- D:\Lisa Documents June13\AMY 82111.wps
    [2011/08/21 11:21:59 | 000,016,896 | ---- | M] () -- D:\Lisa Documents June13\CONTRACT WAY TO GROW CONTRACT.wps
    [2011/08/19 16:38:01 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2011/08/14 20:35:24 | 000,137,216 | ---- | M] () -- D:\Lisa Documents June13\VISTA hidden files.wps
    [2011/08/10 10:10:51 | 000,018,432 | ---- | M] () -- D:\Lisa Documents June13\AMANDA 81011.wps
    [2011/08/08 21:32:45 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/08/08 21:17:41 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/07 09:21:16 | 000,009,216 | ---- | C] () -- D:\Lisa Documents June13\DUTCH message copy.wps
    [2011/09/05 21:36:55 | 000,010,240 | ---- | C] () -- D:\Lisa Documents June13\EBAY HELP CL AD.wps
    [2011/09/02 17:00:08 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/09/02 16:55:27 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/09/02 14:05:23 | 000,000,512 | ---- | C] () -- C:\Windows\System32\MBR.dat
    [2011/09/02 14:01:19 | 000,099,328 | ---- | C] () -- D:\Lisa Documents June13\JIMBO QUICKSCAN 9211.wps
    [2011/09/02 13:41:19 | 000,004,872 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
    [2011/09/02 13:28:27 | 000,000,845 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/09/02 12:01:11 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
    [2011/09/02 12:01:11 | 000,000,198 | ---- | C] () -- C:\Users\Public\Desktop\Play More Great Games!.url
    [2011/08/31 14:28:11 | 000,010,240 | ---- | C] () -- D:\Lisa Documents June13\AA 10TH STEP LEAD.wps
    [2011/08/27 03:19:18 | 000,010,752 | ---- | C] () -- D:\Lisa Documents June13\AA satmed treasuer apology.wps
    [2011/08/23 17:02:54 | 000,011,776 | ---- | C] () -- D:\Lisa Documents June13\GOOGLEREDIRECT SCANS.wps
    [2011/08/22 23:41:54 | 002,366,408 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/08/22 23:37:03 | 000,512,992 | ---- | C] () -- D:\Desktop\PCTools_Safe_Install.exe
    [2011/08/22 22:52:12 | 000,012,288 | ---- | C] () -- D:\Lisa Documents June13\DRAFT COPIES.wps
    [2011/08/22 11:56:54 | 000,057,856 | ---- | C] () -- D:\Lisa Documents June13\EBAY STEALTH 8.10.11.wps
    [2011/08/21 11:34:46 | 000,016,896 | ---- | C] () -- D:\Lisa Documents June13\AMY 82111.wps
    [2011/08/21 11:21:59 | 000,016,896 | ---- | C] () -- D:\Lisa Documents June13\CONTRACT WAY TO GROW CONTRACT.wps
    [2011/08/20 06:56:40 | 000,053,760 | ---- | C] () -- D:\Lisa Documents June13\AA satmed treas.wps
    [2011/08/15 09:52:38 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2011/08/14 20:35:24 | 000,137,216 | ---- | C] () -- D:\Lisa Documents June13\VISTA hidden files.wps
    [2011/08/10 10:10:51 | 000,018,432 | ---- | C] () -- D:\Lisa Documents June13\AMANDA 81011.wps
    [2011/08/08 21:32:45 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/08/08 21:17:41 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/05/07 16:41:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll
    [2010/05/07 16:37:36 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini
    [2010/05/07 16:37:19 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll
    [2010/05/04 02:08:54 | 000,000,103 | ---- | C] () -- C:\Windows\dellstat.ini
    [2010/04/25 13:57:13 | 000,000,220 | ---- | C] () -- C:\Windows\WinInit.Ini
    [2010/04/22 22:41:39 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LXEAPMON.DLL
    [2010/04/22 22:41:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXEAFXPU.DLL
    [2010/04/22 22:41:19 | 004,485,120 | ---- | C] () -- C:\Windows\System32\LXEAoem.dll
    [2010/04/11 21:47:00 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2009/12/11 16:42:41 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2009/11/27 15:04:09 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
    [2009/11/27 15:04:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
    [2009/11/27 15:04:03 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
    [2009/11/27 15:04:03 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
    [2009/11/27 15:04:03 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
    [2009/11/27 15:04:03 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
    [2009/11/27 15:04:02 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
    [2009/11/27 15:04:02 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
    [2009/11/27 15:04:02 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
    [2009/11/27 15:04:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
    [2009/11/27 15:04:02 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
    [2009/10/15 01:05:32 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll
    [2009/10/15 01:05:31 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll
    [2009/09/10 23:27:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/10 23:27:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/07/01 09:15:57 | 000,027,760 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
    [2009/06/30 08:41:48 | 000,057,552 | ---- | C] () -- C:\Windows\System32\WKDOS.EXE
    [2008/12/28 21:00:16 | 000,001,356 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d9caps.dat
    [2008/12/16 15:51:47 | 000,006,144 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/10 09:59:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/05/12 13:13:14 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
    [2008/05/12 13:13:09 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
    [2008/05/12 12:45:18 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
    [2008/05/12 12:41:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2008/05/12 12:41:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
    [2008/05/12 12:30:28 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2008/05/12 12:30:28 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe
    [2008/03/20 11:48:37 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
    [2008/03/20 11:44:09 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
    [2008/03/20 11:25:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2008/03/20 11:00:36 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2008/03/20 11:00:36 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
    [2008/03/20 11:00:36 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
    [2008/03/20 11:00:24 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/03/20 11:00:24 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2008/03/20 11:00:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/03/20 11:00:24 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,330,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,610,744 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,107,114 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2003/07/01 13:38:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\btprn2k.dll
    [2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
    [2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2010/01/13 22:53:42 | 000,000,000 | -HSD | M] -- C:\Users\Lisa\AppData\Roaming\.#
    [2008/12/07 23:05:11 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Acer
    [2008/03/20 12:07:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Acer GameZone Console
    [2011/02/14 18:19:57 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Amazon
    [2008/12/07 14:32:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\CEZEO software
    [2010/12/15 15:37:31 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/11/04 10:15:03 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FileOpen
    [2011/05/16 07:45:32 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\JAM Software
    [2008/12/07 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Leadertech
    [2011/06/22 09:41:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\MAGIX
    [2009/11/24 10:37:58 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org
    [2009/03/31 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Skinux
    [2011/05/11 09:44:18 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SoftGrid Client
    [2009/12/11 16:02:58 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SpinTop
    [2011/02/27 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Template
    [2011/01/06 14:06:04 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TP
    [2011/09/04 03:00:16 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
    [2011/09/07 13:33:54 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >



     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1014078

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice