1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow PC with bad sound issues

Discussion in 'Virus & Other Malware Removal' started by Johny5, Sep 4, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Johny5

    Johny5 Thread Starter

    Joined:
    Sep 4, 2012
    Messages:
    19
    Hi, :)

    For about a week now I've had troubles with my PC (laptop). First of all it takes ages for windows to start up, after it finally does, the PC freezes quite often and I cant play videos because the audio sounds like it´s in slow mo.

    I'm used to watching videos and listening to music on my PC so this is doing my head in.

    Hope you can help. Thanks!

    I've ran Hijackthis. Here's the log:


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:15:22 PM, on 9/4/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\All Users\Application Data\Codec\Codec.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\WINDOWS\AcerOrbiCam.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\WINDOWS\vsnp2std.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\user\My Documents\Downloads\HijackThis(1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=575e4ffd0000000000000016cfa38d9d
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Codecv - {6D769EC4-61D3-FDCF-8668-904481C97908} - C:\Documents and Settings\All Users\Application Data\Codecv\bhoclass.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [Acer OrbiCam] C:\WINDOWS\AcerOrbiCam.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\software tmn.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
    O4 - HKCU\..\Run: [hallskut] C:\WINDOWS\system32\dllhostc.exe
    O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKUS\S-1-5-19\..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...000&si=&a=vbYsI2RPNuTa1ourupYZpw&n=2010101613
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\user\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\user\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\gelarijo.dll c:\windows\system32\mopiseje.dll cqlqdb.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BasicScan Service - Unknown owner - C:\Program Files\BasicScan\basicscan.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

    --
    End of file - 14834 bytes
     
  2. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hello Johny5 and Welcome to Tech Support Guy! :)
    My name is Gizzy and I'll be glad to help you with your malware problems.

    Please note the following while we work:
    • The fixes are specific to your problem and should only be used for this issue on this computer.
    • Perform all actions in the order given.
    • If you don't know or understand something stop and ask! Don't keep going on.
    • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
    • Please DO NOT run any tools or scans unless I ask you to.
    • It is important that you reply to this thread. Do not start a new topic.
    • Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
    • The process is not instant, Please continue to respond to this thread until I give you the All Clean!. Absence of symptoms does not mean that everything is clear.
    • Topics not replied to within 3 days will be removed from my Subscribed Threads List.
    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.
    Backup your data - XP


    Uninstall List
    1. Open HijackThis.
    2. Click the Open the Misc Tools section button. (If you don't see that button click the Main Menu button first)
    3. Click the Open Uninstall Manager... button and then click the Save list... button.
    4. Save the uninstall_list.txt file to your HijackThis folder.
    5. Copy and Paste the contents of uninstall_list.txt in your next reply.


    Please reply with:
    • Uninstall list
     
  3. Johny5

    Johny5 Thread Starter

    Joined:
    Sep 4, 2012
    Messages:
    19
    Hi Tech Guy,
    Thanks for helping me! :)
    I did what you asked, here is the list:

    Acer Camera Driver
    Acer eDataSecurity Management
    Acer eDataSecurity Management 2.0.3079
    Acer eLock Management
    Acer Empowering Technology
    Acer ePerformance Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer OrbiCam Application
    Acer OrbiCam Utility Bar
    Acer Screensaver
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Display Driver
    ATI Parental Control & Encoder
    Auto Click 2.1
    AVG Free 8.5
    BasicScan 1.0 build 115
    BS.Player FREE
    BS_Player Toolbar
    Bubble Bobble TNA
    Codec Updater
    Codecv
    Contextual Tool Precisead
    Creative Media Lite
    Creative ZEN Stone Plus User's Guide
    DealPly
    DivX Setup
    GamesBar 1.1.0.5
    GemMaster Mystic
    Google Update Helper
    Hamsterball
    HDAUDIO Soft Data Fax Modem with SmartCP
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Ice Cream Tycoon
    iTunes
    J2SE Runtime Environment 5.0 Update 3
    Java(TM) 6 Update 35
    Junk Mail filter update
    Launch Manager
    Logitech Video Enumerator
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edição 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 15.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MVision
    My Web Search (IWON)
    NTI Backup NOW! 4.5
    Option GT HSDPA driver suite
    Option PC Cards driver package
    Otto
    Peggle Deluxe
    Peggle Deluxe 1.0
    PKR
    PokerStars
    PowerDVD
    Puppy Luv (remove only)
    QuickTime
    Realtek High Definition Audio Driver
    RON Too1 Precisead
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype™ 5.10
    software tmn
    Sonic Encoders
    SopCast 3.2.9
    Synaptics Pointing Device Driver
    TVUPlayer 2.5.3.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VC80CRTRedist - 8.0.50727.6195
    Water Bugs 1.0
    Wheel of Fortune 2
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Mail
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB2619340
    Windows XP Media Center Edition 2005 KB2628259
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    Xilisoft AVI to DVD Converter 6
     
  4. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi Johny5,


    Remove Programs
    Click Start > Control Panel > Add/Remove Programs
    Remove the following programs by clicking Remove

    • BasicScan 1.0 build 115
    • BS_Player Toolbar
    • Codecv
    • Contextual Tool Precisead
    • DealPly
    • GamesBar 1.1.0.5
    • J2SE Runtime Environment 5.0 Update 3
    • My Web Search (IWON)
    • RON Too1 Precisead

    If some programs listed are not present, please do not panic.


    I see you have Malwarebytes' installed, Please update it, run a scan and post a log using the instructions below.

    Malwarebytes Anti-Malware
    1. Launch Malwarebytes Anti-Malware.
    2. Click the Update tab.
    3. Click Check for Updates and wait for it to finish updating.
    4. Click the Scanner tab, Select Perform quick scan, Then click Scan.
    5. When the scan is complete, click OK, then Show Results to view the results.
    6. Check all items except items in the C:\System Volume Information folder, then click on Remove Selected.
    7. When completed, a log will open in Notepad. Please post that log in your next reply.

    The log is automatically saved and can be viewed by clicking the Logs tab in Malwarebytes' Anti-Malware. It can also be found here:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    Download and run OTL
    1. Download OTL to your desktop.
    2. Double-click on OTL.exe to run it. Make sure all other windows are closed and let it run uninterrupted.
    3. Check the box beside Scan All Users
    4. Ensure Use SafeList is selected under Extra Registry
    5. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    7. Please copy (Edit > Select All -- Edit > Copy) the contents of these files, one at a time, and post them with your next reply.


    Please reply with:
    • Malwarebytes' Anti-Malware log
    • OTL logs (OTL.txt and Extras.txt)
     
  5. Johny5

    Johny5 Thread Starter

    Joined:
    Sep 4, 2012
    Messages:
    19
    Hi Gizzy,
    I did everything that you instructed. Here's the log's:


    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.06.08

    Windows XP Service Pack 3 x86 FAT32
    Internet Explorer 8.0.6001.18702
    user :: ACER-1424F82190 [administrator]

    Protection: Disabled

    9/6/2012 3:20:28 PM
    mbam-log-2012-09-06 (15-20-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 250686
    Time elapsed: 1 hour(s), 35 minute(s), 15 second(s)

    Memory Processes Detected: 1
    C:\Documents and Settings\All Users\Application Data\Codec\Codec.exe (Trojan.Dropper) -> 204 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 23
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Codec (Trojan.Dropper) -> Quarantined and deleted successfully.
    HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BASICSCAN SERVICE (Adware.Zwangi) -> Quarantined and deleted successfully.

    Registry Values Detected: 5
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: a·¸+߬H»à¼À:&#8250;; -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolba...000&si=&a=vbYsI2RPNuTa1ourupYZpw&n=2010101613 -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hallskut (Trojan.Banker) -> Data: C:\WINDOWS\system32\dllhostc.exe -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\BasicScan Service|ImagePath (Adware.Zwangi) -> Data: "C:\Program Files\BasicScan\basicscan.exe" "C:\Program Files\BasicScan\basicscan.dll" iquyakis utopesejuk -> Quarantined and deleted successfully.

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 4
    C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} (Adware.Zwangi) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome (Adware.Zwangi) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults (Adware.Zwangi) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences (Adware.Zwangi) -> Quarantined and deleted successfully.

    Files Detected: 7
    C:\Documents and Settings\All Users\Application Data\Codec\Codec.exe (Trojan.Dropper) -> Delete on reboot.
    C:\Documents and Settings\user\My Documents\Downloads\pcmegarapido.exe (Trojan.RepackSMS) -> Quarantined and deleted successfully.
    C:\Documents and Settings\user\My Documents\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\user\My Documents\Downloads\XvidSetup.exe (Adware.AdBundle) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf (Adware.Zwangi) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome\basicscan.jar (Adware.Zwangi) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js (Adware.Zwangi) -> Quarantined and deleted successfully.

    (end)



    OTL logfile created on: 9/6/2012 6:00:07 PM - Run 1
    OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.10 Mb Total Physical Memory | 564.80 Mb Available Physical Memory | 63.17% Memory free
    2.11 Gb Paging File | 1.58 Gb Available in Paging File | 74.96% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 53.20 Gb Total Space | 10.42 Gb Free Space | 19.60% Space Free | Partition Type: FAT32
    Drive D: | 53.69 Gb Total Space | 46.63 Gb Free Space | 86.86% Space Free | Partition Type: FAT32

    Computer Name: ACER-1424F82190 | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/06 17:57:10 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
    PRC - [2011/10/15 01:48:52 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
    PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2009/08/16 09:28:02 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
    PRC - [2009/08/16 09:28:00 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
    PRC - [2009/08/16 09:27:56 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
    PRC - [2009/08/16 09:27:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
    PRC - [2009/08/16 09:27:32 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
    PRC - [2009/03/08 18:11:00 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\user\Local Settings\Temp\RtkBtMnt.exe
    PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/12/18 14:20:00 | 000,401,408 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    PRC - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    PRC - [2006/11/28 18:43:36 | 000,754,712 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
    PRC - [2006/11/28 18:38:18 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    PRC - [2006/10/31 01:06:20 | 000,304,664 | ---- | M] (Acer Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    PRC - [2006/10/16 17:36:14 | 000,434,176 | ---- | M] () -- C:\WINDOWS\AcerOrbiCam.exe
    PRC - [2006/09/07 19:52:52 | 000,479,232 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
    PRC - [2006/08/30 09:57:34 | 000,442,368 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    PRC - [2006/08/29 17:56:22 | 000,020,480 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    PRC - [2006/08/10 15:00:50 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    PRC - [2006/08/09 16:18:14 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
    PRC - [2006/08/03 15:34:04 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    PRC - [2006/07/31 21:02:46 | 000,346,112 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    PRC - [2006/07/28 10:40:06 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    PRC - [2006/06/01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/29 03:08:30 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_1ba7e3ec\system.drawing.dll
    MOD - [2012/07/29 03:08:12 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_56a096ce\system.windows.forms.dll
    MOD - [2012/07/29 03:07:54 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2012/01/29 20:59:26 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5196b641\mscorlib.dll
    MOD - [2012/01/29 20:58:50 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_725da67b\system.xml.dll
    MOD - [2012/01/29 20:57:52 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_131e434c\system.dll
    MOD - [2012/01/29 20:57:28 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2012/01/29 20:57:24 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2008/04/14 01:12:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
    MOD - [2008/04/14 01:12:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 01:11:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2006/11/28 18:43:36 | 000,754,712 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
    MOD - [2006/11/28 12:24:42 | 001,058,328 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\LAppRes.DLL
    MOD - [2006/10/31 01:06:30 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll
    MOD - [2006/10/16 17:36:14 | 000,434,176 | ---- | M] () -- C:\WINDOWS\AcerOrbiCam.exe
    MOD - [2006/09/22 16:27:02 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
    MOD - [2006/09/22 16:27:00 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    MOD - [2006/09/22 16:27:00 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
    MOD - [2006/09/22 16:27:00 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
    MOD - [2006/08/30 09:57:34 | 000,442,368 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    MOD - [2006/08/03 10:20:52 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
    MOD - [2006/08/02 02:50:10 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll
    MOD - [2006/07/28 17:55:04 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
    MOD - [2006/01/12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll
    MOD - [2005/10/20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
    MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll


    ========== Services (SafeList) ==========

    SRV - [2012/08/31 13:31:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/08/15 01:24:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2009/08/16 09:27:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
    SRV - [2009/08/16 09:27:32 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
    SRV - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
    SRV - [2006/11/28 18:41:54 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2006/08/29 17:56:22 | 000,020,480 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2006/08/10 15:00:50 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (wjusk)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
    DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2009/08/16 09:28:02 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2009/08/16 09:28:02 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/05/19 10:14:28 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2007/07/05 16:58:24 | 000,100,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2007/04/24 09:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt)
    DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus)
    DRV - [2006/11/28 18:39:14 | 001,962,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2006/09/26 06:50:06 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/09/26 00:11:18 | 000,061,568 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
    DRV - [2006/08/21 19:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
    DRV - [2006/08/16 11:32:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2006/08/16 11:22:00 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/08/16 11:21:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
    DRV - [2006/08/11 17:52:50 | 011,985,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
    DRV - [2006/08/03 10:19:04 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
    DRV - [2006/08/03 10:19:02 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
    DRV - [2006/08/03 10:19:02 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
    DRV - [2006/07/12 19:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
    DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2006/04/20 16:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/04/20 16:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/04/20 16:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/09/01 16:54:26 | 000,032,000 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS)
    DRV - [2005/09/01 16:54:12 | 000,007,936 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
    DRV - [2005/08/29 14:45:24 | 000,018,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtscser.sys -- (GTSCSER)
    DRV - [2004/09/03 16:38:16 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.pt/ [binary data]
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=575e4ffd0000000000000016cfa38d9d
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=040912_mnt_3612_3&babsrc=SP_ss&mntrId=575e4ffd0000000000000016cfa38d9d
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{2E5EBC27-450A-482C-9930-E728DFB5F320}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{628A09EC-DDA8-4236-ADE9-A03857C32687}: "URL" = http://www.flickr.com/search/?q={searchTerms}
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{81255F7E-53BA-4797-AAC1-08DB83382637}: "URL" = http://delicious.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{C2CF0540-CCA4-49FD-8934-EEC447BADC95}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=HP_ss&mntrId=575e4ffd0000000000000016cfa38d9d"
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
    FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=KW_ss&mntrId=575e4ffd0000000000000016cfa38d9d&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/18 14:09:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/02/06 18:02:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/02/06 18:02:54 | 000,000,000 | ---D | M]

    [2009/02/06 18:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
    [2009/02/06 21:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\[email protected]
    [2009/02/06 18:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions
    [2010/10/02 15:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
    [2012/08/04 01:02:22 | 000,000,000 | ---D | M] (Codecv) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]
    [2012/09/06 15:22:34 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]
    [2009/02/26 13:22:28 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\conduit.xml
    [2010/01/23 14:26:32 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\sweetim.xml
    [2011/11/03 17:16:24 | 000,009,924 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\mywebsearch.xml
    [2012/08/23 20:59:14 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\Search_Results.xml
    [2009/02/06 18:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/08/15 22:26:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
    [2012/09/01 04:24:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/08/15 22:25:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/08/31 13:32:46 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/09/06 13:30:02 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012/08/23 20:59:14 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    [2012/08/31 13:29:28 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/08/31 13:29:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2009/03/08 18:07:46 | 000,000,687 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
    O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
    O4 - HKLM..\Run: [Acer OrbiCam] C:\WINDOWS\AcerOrbiCam.exe ()
    O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\Acer\OrbiCam10\OrbiCam.exe ()
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe File not found
    O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
    O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LaunchApp] File not found
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
    O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
    O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
    O4 - HKU\S-1-5-19..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s File not found
    O4 - HKU\S-1-5-20..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s File not found
    O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
    O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c File not found
    O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\software tmn.exe" File not found
    O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe File not found
    O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_35.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8846D96-83D5-4C0C-89F8-98005F8ECC24}: DhcpNameServer = 192.168.1.254 192.168.1.254
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\gelarijo.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\mopiseje.dll) - File not found
    O20 - AppInit_DLLs: (cqlqdb.dll) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/22 17:11:12 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2009/01/18 22:08:08 | 000,000,090 | R--- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
    O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{c9e6ef10-3439-11e0-8bc8-001636a11bb2}\Shell\AutoRun\command - "" = G:\__DT\DT.exe
    O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/06 13:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
    [2012/09/06 13:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\BabylonToolbar
    [2012/09/06 13:22:34 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/09/06 13:22:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/09/06 13:22:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/09/05 05:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    [2012/09/05 05:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/09/05 05:51:38 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012/09/01 04:24:04 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/08/27 13:01:36 | 000,000,000 | -HSD | C] -- C:\FOUND.000
    [2012/08/26 13:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Holdem Manager 2
    [2012/08/26 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Holdem Manager 2
    [2012/08/26 13:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
    [2012/08/25 22:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\BasicScan
    [2012/08/25 03:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Poker Pro Labs
    [2012/08/24 03:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/24 03:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/23 20:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
    [2012/08/23 20:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2012/08/22 16:55:51 | 000,000,000 | ---D | C] -- C:\HM2Archive
    [2012/08/22 16:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\IsolatedStorage
    [2012/08/22 16:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\HoldemManager
    [2012/08/21 23:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PostgreSQL 8.4
    [2012/08/21 23:28:53 | 000,000,000 | ---D | C] -- C:\postgreSQL
    [2012/08/21 02:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\YoudaGames
    [2012/08/21 02:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
    [2012/08/21 02:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
    [2012/08/21 02:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar
    [2012/08/18 17:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DDMSettings
    [2012/08/18 14:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
    [2012/08/18 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
    [2012/08/15 22:26:00 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2012/08/11 19:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\pkr
    [2012/08/11 14:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PKR
    [2012/08/11 14:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\PKR
    [2010/06/20 23:51:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\user\Application Data\pcouffin.sys
    [2010/06/17 13:17:24 | 000,950,779 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.3.exe
    [9 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/06 18:24:22 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/09/06 17:49:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/06 17:40:22 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/06 17:39:58 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1241016058-1226847170-1791428113-1005.job
    [2012/09/06 17:39:56 | 000,000,482 | -H-- | M] () -- C:\WINDOWS\tasks\CodecUpdaterTask{65973906-F750-4C59-AA0B-3AF3C64ED493}.job
    [2012/09/06 17:39:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/09/06 17:37:48 | 937,603,072 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/06 17:03:38 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
    [2012/09/06 13:32:02 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/04 17:46:02 | 000,853,646 | ---- | M] () -- C:\Documents and Settings\user\Desktop\17a223ee.x50.gif
    [2012/09/02 23:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1241016058-1226847170-1791428113-1005.job
    [2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2012/08/28 20:24:54 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/08/28 20:10:08 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/08/28 20:09:58 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/08/28 18:39:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/08/26 03:14:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/08/25 22:17:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\23d13a4d1e538ddd6bfce22774757328_c
    [2012/08/25 19:49:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/08/15 21:01:34 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/08/15 21:00:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/08/15 18:01:40 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/08/15 01:24:36 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/08/15 01:24:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/08/10 02:37:08 | 000,039,996 | ---- | M] () -- C:\Documents and Settings\user\Desktop\user153070_pic7709_1329228577.jpg
    [9 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/06 13:32:00 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/04 17:45:57 | 000,853,646 | ---- | C] () -- C:\Documents and Settings\user\Desktop\17a223ee.x50.gif
    [2012/08/25 22:17:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23d13a4d1e538ddd6bfce22774757328_c
    [2012/08/24 04:40:20 | 937,603,072 | -HS- | C] () -- C:\hiberfil.sys
    [2012/08/22 21:55:59 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1241016058-1226847170-1791428113-1005-0.dat
    [2012/08/22 21:55:36 | 000,249,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/08/16 12:55:48 | 000,328,592 | ---- | C] () -- C:\Documents and Settings\user\My Documents\S5000743.JPG
    [2012/08/10 02:36:55 | 000,039,996 | ---- | C] () -- C:\Documents and Settings\user\Desktop\user153070_pic7709_1329228577.jpg
    [2012/04/14 14:43:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2010/10/17 01:36:26 | 000,039,771 | ---- | C] () -- C:\Documents and Settings\user\mysmiley.png
    [2010/06/20 23:52:21 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\user\Application Data\vso_ts_preview.xml
    [2010/06/20 23:51:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\user\Application Data\inst.exe
    [2010/06/20 23:51:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.cat
    [2010/06/20 23:51:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.inf
    [2010/06/07 20:33:15 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\user\Application Data\qcopjv.dat
    [2010/03/16 17:36:16 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\user\irs
    [2006/12/19 03:18:36 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/12/18 05:53:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat

    < End of report >



    OTL Extras logfile created on: 9/6/2012 6:00:07 PM - Run 1
    OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.10 Mb Total Physical Memory | 564.80 Mb Available Physical Memory | 63.17% Memory free
    2.11 Gb Paging File | 1.58 Gb Available in Paging File | 74.96% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 53.20 Gb Total Space | 10.42 Gb Free Space | 19.60% Space Free | Partition Type: FAT32
    Drive D: | 53.69 Gb Total Space | 46.63 Gb Free Space | 86.86% Space Free | Partition Type: FAT32

    Computer Name: ACER-1424F82190 | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    "C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
    "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
    "C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
    "C:\Program Files\TMN\AutoUpdateSrv.exe" = C:\Program Files\TMN\AutoUpdateSrv.exe:*:Disabled:AutoUpdateSrv Application
    "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Conference\Conference.dll" = C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
    "C:\WINDOWS\EXPLORER.EXE" = C:\WINDOWS\EXPLORER.EXE:*:Enabled:Explorer -- (Microsoft Corporation)
    "C:\Program Files\Holdem Indicator\HoldemIndicator.exe" = C:\Program Files\Holdem Indicator\HoldemIndicator.exe:*:Enabled:Holdem Indicator
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
    "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
    "C:\Documents and Settings\USER\My Documents\Downloads\pdf_converter.exe" = C:\Documents and Settings\USER\My Documents\Downloads\pdf_converter.exe:*:Enabled:pDF Creator
    "C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component -- (TVU networks)
    "C:\Program Files\Google\Google Earth\PLUGIN\geplugin.exe" = C:\Program Files\Google\Google Earth\PLUGIN\geplugin.exe:*:Disabled:Google Earth


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
    "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
    "{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
    "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
    "{3BB3B50E-FBD3-4E8B-A72B-45AC5CF23135}" = Acer OrbiCam Utility Bar
    "{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = software tmn
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
    "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
    "{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}" = Wheel of Fortune 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113137700}" = Ice Cream Tycoon
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
    "{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
    "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype&#8482; 5.10
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    "AcerOrbiCamDrv" = Acer Camera Driver
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "Auto Click 2.1_is1" = Auto Click 2.1
    "AVG8Uninstall" = AVG Free 8.5
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "BabylonToolbar" = Babylon toolbar on IE
    "BSPlayerf" = BS.Player FREE
    "Bubble Bobble TNA" = Bubble Bobble TNA
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025010F" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Creative Media Lite" = Creative Media Lite
    "DivX Setup" = DivX Setup
    "GridVista" = Acer GridVista
    "Hamsterball" = Hamsterball
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3079
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "OptionPCCardInstaller" = Option PC Cards driver package
    "OptionPluss_PCCardInstaller" = Option GT HSDPA driver suite
    "Peggle Deluxe" = Peggle Deluxe
    "Peggle Deluxe 1.0" = Peggle Deluxe 1.0
    "PKR" = PKR
    "PokerStars" = PokerStars
    "Puppy Luv" = Puppy Luv (remove only)
    "SopCast" = SopCast 3.2.9
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TVUPlayer" = TVUPlayer 2.5.3.1
    "Water Bugs 1.0" = Water Bugs 1.0
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xilisoft AVI to DVD Converter 6" = Xilisoft AVI to DVD Converter 6
    "ZENStonePlusUG" = Creative ZEN Stone Plus User's Guide

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/23/2012 6:15:00 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 8/25/2012 5:19:34 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/25/2012 5:19:50 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1001
    Description = Fault bucket -1227688620.

    Error - 8/26/2012 12:51:03 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
    Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/26/2012 8:02:32 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/1/2012 9:22:33 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
    Description = Hanging application avgui.exe, version 8.5.0.454, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 9/2/2012 1:26:05 PM | Computer Name = ACER-1424F82190 | Source = Service1 | ID = 0
    Description = Service cannot be started. System.Runtime.InteropServices.COMException
    (0x80010002): Call was canceled by the message filter. at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

    at System.Management.ManagementObjectSearcher.Get() at eLock.Serv.Main.MapVolumeName2DeviceID.updateFixDrives()

    at eLock.Serv.Main.MapVolumeName2DeviceID..ctor() at eLock.Serv.Main.Main..ctor()

    at eLock.Serv.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
    state)

    Error - 9/3/2012 3:10:37 AM | Computer Name = ACER-1424F82190 | Source = Service1 | ID = 0
    Description = Service cannot be started. System.Runtime.InteropServices.COMException
    (0x80010002): Call was canceled by the message filter. at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

    at System.Management.ManagementObjectSearcher.Get() at eLock.Serv.Main.MapVolumeName2DeviceID.updateFixDrives()

    at eLock.Serv.Main.MapVolumeName2DeviceID..ctor() at eLock.Serv.Main.Main..ctor()

    at eLock.Serv.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
    state)

    Error - 9/6/2012 8:16:23 AM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
    Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/6/2012 8:17:13 AM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1001
    Description = Fault bucket 734562961.

    [ System Events ]
    Error - 9/6/2012 12:39:28 PM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/6/2012 12:39:44 PM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/6/2012 12:39:44 PM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/6/2012 12:43:26 PM | Computer Name = ACER-1424F82190 | Source = DCOM | ID = 10010
    Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
    with DCOM within the required timeout.

    Error - 9/6/2012 12:47:59 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7000
    Description = The General Purpose USB Driver (adildr.sys) service failed to start
    due to the following error: %%2

    Error - 9/6/2012 12:47:59 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the MBAMService service to
    connect.

    Error - 9/6/2012 12:47:59 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7000
    Description = The MBAMService service failed to start due to the following error:
    %%1053

    Error - 9/6/2012 12:47:59 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Fax service to connect.

    Error - 9/6/2012 12:47:59 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7000
    Description = The Fax service failed to start due to the following error: %%1053

    Error - 9/6/2012 12:48:02 PM | Computer Name = ACER-1424F82190 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
    asc3550
    cbidf
    cd20xrnt
    CmdIde
    Cpqarray
    dac2w2k
    dac960nt
    dpti2o
    hpn
    i2omp
    ini910u
    IntelIde
    mraid35x
    perc2
    perc2hib
    ql1080
    Ql10wnt
    ql12160
    ql1240
    ql1280
    sisagp
    Sparrow
    symc810
    symc8xx
    sym_hi
    sym_u3
    TosIde
    ultra
    viaagp
    ViaIde


    < End of report >


    Thanks!
     
  6. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi Johny5,

    Remove Programs
    Click Start > Control Panel > Add/Remove Programs
    Remove the following programs by clicking Remove

    • Babylon toolbar on IE

    If some programs listed are not present, please do not panic.


    Run OTL Script
    1. Double-click OTL.exe to start the program
    2. Click the None button at the top
    3. Copy and Paste everything from the Code box below into the Custom Scans/Fixes box in OTL
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
      IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
      IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
      IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
      IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
      IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
      IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110...000016cfa38d9d
      IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=040912_mnt_3612_3&babsrc=SP_ss&mntrId=575e 4ffd0000000000000016cfa38d9d
      IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
      FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
      FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
      FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
      FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=HP_ss&mntrId=575e4ffd000000000000 0016cfa38d9d"
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
      FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
      FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=KW_ss&mntrId=575e4ffd000000000000 0016cfa38d9d&q="
      [2012/08/04 01:02:22 | 000,000,000 | ---D | M] (Codecv) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\501c6615c3fa0@501 c6615c3fd9.info
      [2012/08/04 01:02:22 | 000,000,000 | ---D | M] (Codecv) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]
      [2012/09/06 15:22:34 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]
      [2009/02/26 13:22:28 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\conduit.xml
      [2010/01/23 14:26:32 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\sweetim.xml
      [2011/11/03 17:16:24 | 000,009,924 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\mywebsearch.xml
      [2012/08/23 20:59:14 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\Search_Results.xml
      [2012/09/06 13:30:02 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
      [2012/08/23 20:59:14 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
      O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\bh\BabylonToolbar.dll (Babylon BHO)
      O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\BabylonToolbarTlbr.dll (Babylon Ltd.)
      O4 - HKU\S-1-5-19..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s File not found
      O4 - HKU\S-1-5-20..\Run: [riyahelepa] Rundll32.exe "C:\WINDOWS\system32\dehaseha.dll",s File not found
      O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe File not found
      O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
      O20 - AppInit_DLLs: (C:\WINDOWS\system32\gelarijo.dll) - File not found
      O20 - AppInit_DLLs: (c:\windows\system32\mopiseje.dll) - File not found
      O20 - AppInit_DLLs: (cqlqdb.dll) - File not found
      [2012/09/06 13:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
      [2012/09/06 13:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\BabylonToolbar
      [2012/08/25 22:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\BasicScan
      [2012/08/23 20:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
      [2012/08/23 20:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
      [2010/06/07 20:33:15 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\user\Application Data\qcopjv.dat
      [2012/09/06 17:39:56 | 000,000,482 | -H-- | M] () -- C:\WINDOWS\tasks\CodecUpdaterTask{65973906-F750-4C59-AA0B-3AF3C64ED493}.job
      [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "FirstRunDisabled" = 0
      "AntiVirusOverride" = 0
      "FirewallOverride" = 0
      
      :Files
      C:\Program Files\FriendFinder
      C:\Program Files\MyWebSearch
      C:\Documents and Settings\All Users\Application Data\Codecv
      C:\Program Files\DealPly
      C:\WINDOWS\system32\dllhostc.exe
      
      :Commands
      [EMPTYTEMP]
    4. Then click the Run Fix button at the top.
    5. If prompted, Click OK
    6. OTL may ask to reboot the computer. Please do so if asked
    7. When finished a report should appear in Notepad. Copy and Paste that report in your next reply.

      Note: The log can also be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log


    Please reply with:
    • OTL log
     
  7. Johny5

    Johny5 Thread Starter

    Joined:
    Sep 4, 2012
    Messages:
    19
    Hi Gizzy,
    I did as you asked.
    I noticed that my hidden files appeared after rebooting my PC, not sure if that is supposed to happen.
    Here's the report:


    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
    HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
    HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
    HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
    Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
    Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
    Prefs.js: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=HP_ss&mntrId=575e4ffd000000000000 0016cfa38d9d" removed from browser.startup.homepage
    Prefs.js: [email protected]:1.5.0 removed from extensions.enabledAddons
    Prefs.js: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 removed from extensions.enabledItems
    Prefs.js: "http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=KW_ss&mntrId=575e4ffd000000000000 0016cfa38d9d&q=" removed from keyword.URL
    Folder C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\501c6615c3fa0@501 c6615c3fd9.info\ not found.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]\content folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected] folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]\components folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]\content\imgs\mnRadio folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]\content\imgs folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]\content folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected] folder moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\conduit.xml moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\sweetim.xml moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\mywebsearch.xml moved successfully.
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\Search_Results.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
    File C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\bh\BabylonToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
    File C:\Program Files\BabylonToolbar\BabylonToolbar\1.7.2.0\BabylonToolbarTlbr.dll not found.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\riyahelepa deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\riyahelepa deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Windows\CurrentVersion\Run\\IMC deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\gelarijo.dll deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\mopiseje.dll deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:cqlqdb.dll deleted successfully.
    Folder C:\Program Files\BabylonToolbar\ not found.
    Folder C:\Documents and Settings\user\Application Data\BabylonToolbar\ not found.
    C:\Program Files\BasicScan folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lt\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lt folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\it\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\it folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\id\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\id folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ko\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ko folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ar\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ar folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ms\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ms folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\kk\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\kk folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ca\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ca folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\da\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\da folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\cs\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\cs folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hy\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hy folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\oc\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\oc folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ga\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ga folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\nb\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\nb folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\nn\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\nn folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fa\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fa folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\he\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\he folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ckb\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ckb folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\is\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\is folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\mn\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\mn folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\am\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\am folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ff\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ff folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ach\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ach folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lg\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lg folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ka\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ka folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\af\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\af folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\cgg\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\cgg folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fur\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\fur folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\be\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\be folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\br\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\br folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ast\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ast folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\en_GB\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\en_GB folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ml\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\ml folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\mk\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\mk folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lv\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\lv folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hi\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\hi folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\co\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\co folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\my\LC_MESSAGES folder moved successfully.
    C:\Program Files\iLivid\VLC\locale\my folder moved successfully.
    C:\Program Files\iLivid\VLC\locale folder moved successfully.
    C:\Program Files\iLivid\VLC\plugins folder moved successfully.
    C:\Program Files\iLivid\VLC\skins folder moved successfully.
    C:\Program Files\iLivid\VLC\activex folder moved successfully.
    C:\Program Files\iLivid\VLC\osdmenu\default\volume folder moved successfully.
    C:\Program Files\iLivid\VLC\osdmenu\default\selection folder moved successfully.
    C:\Program Files\iLivid\VLC\osdmenu\default\selected folder moved successfully.
    C:\Program Files\iLivid\VLC\osdmenu\default folder moved successfully.
    C:\Program Files\iLivid\VLC\osdmenu folder moved successfully.
    C:\Program Files\iLivid\VLC\sdk\include\vlc\plugins folder moved successfully.
    C:\Program Files\iLivid\VLC\sdk\include\vlc folder moved successfully.
    C:\Program Files\iLivid\VLC\sdk\include folder moved successfully.
    C:\Program Files\iLivid\VLC\sdk\lib folder moved successfully.
    C:\Program Files\iLivid\VLC\sdk folder moved successfully.
    C:\Program Files\iLivid\VLC\http\js folder moved successfully.
    C:\Program Files\iLivid\VLC\http\requests folder moved successfully.
    C:\Program Files\iLivid\VLC\http\images folder moved successfully.
    C:\Program Files\iLivid\VLC\http\dialogs folder moved successfully.
    C:\Program Files\iLivid\VLC\http folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\modules folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\playlist folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\sd folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\intf\modules folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\intf folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\meta\reader folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\meta\fetcher folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\meta\art folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\meta folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\extensions folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\http\js folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\http\requests folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\http\images folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\http\dialogs folder moved successfully.
    C:\Program Files\iLivid\VLC\lua\http folder moved successfully.
    C:\Program Files\iLivid\VLC\lua folder moved successfully.
    C:\Program Files\iLivid\VLC folder moved successfully.
    C:\Program Files\iLivid folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\boost_interprocess\C055AE896B81CD01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\boost_interprocess folder moved successfully.
    C:\Documents and Settings\user\Application Data\qcopjv.dat moved successfully.
    C:\WINDOWS\tasks\CodecUpdaterTask{65973906-F750-4C59-AA0B-3AF3C64ED493}.job moved successfully.
    C:\WINDOWS\System32\SET48.tmp deleted successfully.
    C:\WINDOWS\System32\SET49.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\PerfStringBackup.TMP deleted successfully.
    C:\WINDOWS\E220AutoRunLog.tmp deleted successfully.
    C:\WINDOWS\DUMP5ac2.tmp deleted successfully.
    C:\WINDOWS\DUMP8193.tmp deleted successfully.
    C:\WINDOWS\DUMP589f.tmp deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\WINDOWS\DUMP5812.tmp deleted successfully.
    C:\WINDOWS\DUMP592c.tmp deleted successfully.
    C:\WINDOWS\DUMP2b86.tmp deleted successfully.
    C:\WINDOWS\003268_.tmp deleted successfully.
    C:\WINDOWS\DUMP6f25.tmp deleted successfully.
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | 0 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | 0 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride" |0 /E : value set successfully!
    ========== FILES ==========
    File\Folder C:\Program Files\FriendFinder not found.
    File\Folder C:\Program Files\MyWebSearch not found.
    C:\Documents and Settings\All Users\Application Data\Codecv\data folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Codecv folder moved successfully.
    File\Folder C:\Program Files\DealPly not found.
    File\Folder C:\WINDOWS\system32\dllhostc.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Default User
    ->Temp folder emptied: 524288 bytes
    ->Temporary Internet Files folder emptied: 43854 bytes

    User: All Users

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Administrator
    ->Temp folder emptied: 1552815 bytes
    ->Temporary Internet Files folder emptied: 387309 bytes

    User: user
    ->Temp folder emptied: 4750210421 bytes
    ->Temporary Internet Files folder emptied: 1188356691 bytes
    ->Java cache emptied: 95892075 bytes
    ->FireFox cache emptied: 1245015040 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1547124 bytes

    User: postgres
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 43586 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 151422349 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 384627565 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 113817271 bytes

    Total Files Cleaned = 7,566.00 mb


    OTL by OldTimer - Version 3.2.61.0 log created on 09072012_120707

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\T30DebugLogFile.txt moved successfully.
    C:\WINDOWS\temp\Perflib_Perfdata_91c.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  8. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi Johny5,

    We can re-hide those once we're finished. :)


    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2


    1. Double-click SystemLook.exe to run it.
    2. Copy and paste the contents of the following codebox into the main textfield:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      *cqlqdb.dll*
      *babylon*
      *DealPly*
      *MyWebSearch*
      *BasicScan*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      *babylon*
      *DealPly*
      *MyWebSearch*
      *BasicScan*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchnu
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
      babylon
      DealPly
      MyWebSearch
      BasicScan
      
    3. Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    4. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
      Note: The log can also be found on your Desktop entitled SystemLook.txt


    Gmer Rootkit Scanner
    Download GMER Rootkit Scanner from here & save it to your desktop.
    1. Double-click the .exe file. If asked to allow gmer.sys driver to load, please consent
    2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
    3. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
        [​IMG]
        Click the image to enlarge it
    4. Then click the Scan button & wait for it to finish
    5. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    6. Save it where you can easily find it, such as your desktop, and post it in your next reply
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Do not run any programs while Gmer is running.


    Please reply with:
    • SystemLook log
    • Gmer log
     
  9. Johny5

    Johny5 Thread Starter

    Joined:
    Sep 4, 2012
    Messages:
    19
    Hi Gizzy, me again :)
    Here's the log's:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:08 on 07/09/2012 by user
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Fun4IM*"
    No files found.

    Searching for "*Bandoo*"
    No files found.

    Searching for "*Searchnu*"
    No files found.

    Searching for "*Searchqu*"
    No files found.

    Searching for "*iLivid*"
    C:\Documents and Settings\user\My Documents\Downloads\iLividSetupV1.exe --a---- 823648 bytes [19:56 23/08/2012] [19:56 23/08/2012] BEA7D710D552ABFE91B979F08B92D6FE

    Searching for "*whitesmoke*"
    No files found.

    Searching for "*datamngr*"
    No files found.

    Searching for "*trolltech*"
    No files found.

    Searching for "*cqlqdb.dll*"
    No files found.

    Searching for "*babylon*"
    C:\WINDOWS\Prefetch\MYBABYLONTB.EXE-17F669FF.pf --a---- 36930 bytes [12:29 06/09/2012] [12:29 06/09/2012] 89D8C532CE9B08C0F6E2696F53565FA1
    C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]\content\babylon.xul --a---- 1102 bytes [05:02 03/09/2012] [05:02 03/09/2012] 51451DCF876DEAC80962F42B0C61CBF6
    C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]\content\babylon.css --a---- 2267 bytes [04:10 09/08/2012] [04:10 09/08/2012] C958E619394865F741A245D368BFD28C
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\Mozilla Firefox\searchplugins\babylon.xml --a---- 2360 bytes [00:02 04/08/2012] [12:30 06/09/2012] 0EF0DA47336CD59E4FC91593CD25AFA6

    Searching for "*DealPly*"
    C:\WINDOWS\Prefetch\DEALPLYUPDATE.EXE-20792FC5.pf --a---- 11392 bytes [10:44 06/09/2012] [10:44 06/09/2012] F5C639497F4AE7FCEB423E8FC608677F

    Searching for "*MyWebSearch*"
    C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\mywebsearch.xml --a---- 9924 bytes [19:08 16/10/2010] [16:16 03/11/2011] B53323597F5CD78AD68403A9DA22C1E1

    Searching for "*BasicScan*"
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).exe --a---- 23040 bytes [21:18 25/08/2012] [18:36 23/08/2012] 6ECFB83D481B636739E9736544F978A3
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).dll --a---- 888832 bytes [21:18 25/08/2012] [21:21 25/08/2012] ACC06E28FFED133B0284387D3A3A68E4

    Searching for " "
    No files found.

    ========== folderfind ==========

    Searching for "*Fun4IM*"
    No folders found.

    Searching for "*Bandoo*"
    No folders found.

    Searching for "*Searchnu*"
    No folders found.

    Searching for "*Searchqu*"
    No folders found.

    Searching for "*iLivid*"
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\iLivid d------ [11:09 07/09/2012]

    Searching for "*whitesmoke*"
    No folders found.

    Searching for "*datamngr*"
    No folders found.

    Searching for "*trolltech*"
    No folders found.

    Searching for "*babylon*"
    C:\Documents and Settings\All Users\Application Data\Babylon d------ [10:44 15/04/2012]
    C:\Documents and Settings\user\Application Data\Babylon d------ [10:43 15/04/2012]
    C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected] d------ [11:09 07/09/2012]

    Searching for "*DealPly*"
    No folders found.

    Searching for "*MyWebSearch*"
    No folders found.

    Searching for "*BasicScan*"
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan d------ [21:18 25/08/2012]

    Searching for " "
    No folders found.

    ========== Regfind ==========

    Searching for "Fun4IM"
    No data found.

    Searching for "Bandoo"
    No data found.

    Searching for "Searchnu"
    No data found.

    Searching for "Searchqu"
    No data found.

    Searching for "iLivid"
    No data found.

    Searching for "whitesmoke"
    No data found.

    Searching for "datamngr"
    No data found.

    Searching for "kelkoopartners"
    No data found.

    Searching for "trolltech"
    [HKEY_CURRENT_USER\Software\Trolltech]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QIconEngineFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
    [HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech]
    [HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QIconEngineFactoryInterface:]
    [HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
    [HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
    [HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]

    Searching for "babylon"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client]
    [HKEY_LOCAL_MACHINE\SOFTWARE\babylontoolbar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\babylontoolbar\babylontoolbar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="http://search.babylon.com/?affID=110823&tt=040912_mnt_3612_3&babsrc=NT_ss&mntrId=575e4ffd0000000000000016cfa38d9d"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar]

    Searching for "DealPly"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly]

    Searching for "MyWebSearch"
    No data found.

    Searching for "BasicScan"
    [HKEY_LOCAL_MACHINE\SOFTWARE\BasicScan]
    [HKEY_LOCAL_MACHINE\SOFTWARE\BasicScan]
    "DllPath"="C:\Program Files\BasicScan\basicscan.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\BasicScan]
    "Src"="basicscan"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "Service"="BasicScan Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "DeviceDesc"="BasicScan Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "Service"="BasicScan Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "DeviceDesc"="BasicScan Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERVICE]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "Service"="BasicScan Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "DeviceDesc"="BasicScan Service"

    -= EOF =-



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-07 19:00:03
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-9 WDC_WD1200UE-22KVT0 rev.01.03K01
    Running: qigvm95k.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pwpdypob.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[1564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01186C40 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1564] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 013C2DBF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1564] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 013C2D9C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1564] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 0118FE71 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1564] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 013C2D1D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4060] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 105C8F94 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4060] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 105C8F23 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4060] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1040F66F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4060] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 1040FCA8 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat psdfilter.sys (PSD Filter Driver/HiTRUST)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedff850
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cedff850 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----


    Thanks! :)
     
  10. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi Johny5,
    After doing the following, Let me know how your computer is running.


    Run OTL Script
    1. Double-click OTL.exe to start the program
    2. Click the None button at the top
    3. Copy and Paste everything from the Code box below into the Custom Scans/Fixes box in OTL
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :Reg
      [-HKEY_CURRENT_USER\Software\Trolltech]
      [-HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\babylontoolbar]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
      "Tabs"="res://ieframe.dll/tabswelcome.htm"
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\BasicScan]
      
      :Files
      C:\Documents and Settings\user\My Documents\Downloads\iLividSetupV1.exe
      C:\WINDOWS\Prefetch\MYBABYLONTB.EXE-17F669FF.pf
      C:\WINDOWS\Prefetch\DEALPLYUPDATE.EXE-20792FC5.pf
      C:\Documents and Settings\All Users\Application Data\Babylon
      C:\Documents and Settings\user\Application Data\Babylon
      C:\WINDOWS\system32\dehaseha.dll
      C:\WINDOWS\system32\gelarijo.dll
      c:\windows\system32\mopiseje.dll
      
      :Commands
      [EMPTYTEMP]
    4. Then click the Run Fix button at the top.
    5. If prompted, Click OK
    6. OTL may ask to reboot the computer. Please do so if asked
    7. When finished a report should appear in Notepad. Copy and Paste that report in your next reply.

      Note: The log can also be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log


    SystemLook
    1. Double-click SystemLook.exe to run it.
    2. Copy and paste the contents of the following codebox into the main textfield:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      *cqlqdb.dll*
      *babylon*
      *DealPly*
      *MyWebSearch*
      *BasicScan*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      *babylon*
      *DealPly*
      *MyWebSearch*
      *BasicScan*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchnu
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
      babylon
      DealPly
      MyWebSearch
      BasicScan
      
    3. Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    4. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
      Note: The log can also be found on your Desktop entitled SystemLook.txt


    Please reply with:
    • Update on computer's performance
    • New OTL log
    • New SystemLook log
     
  11. Johny5

    Johny5 Thread Starter

    Joined:
    Sep 4, 2012
    Messages:
    19
    Hi Gizzy,
    I did what you asked. Unfortunately, my PC's performance is still the same: freezes every now and again and the sound issue continues.
    Here's the log's


    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:02 on 08/09/2012 by user
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Fun4IM*"
    No files found.

    Searching for "*Bandoo*"
    No files found.

    Searching for "*Searchnu*"
    No files found.

    Searching for "*Searchqu*"
    No files found.

    Searching for "*iLivid*"
    C:\_OTL\MovedFiles\09082012_123630\C_Documents and Settings\user\My Documents\Downloads\iLividSetupV1.exe --a---- 823648 bytes [19:56 23/08/2012] [19:56 23/08/2012] BEA7D710D552ABFE91B979F08B92D6FE

    Searching for "*whitesmoke*"
    No files found.

    Searching for "*datamngr*"
    No files found.

    Searching for "*trolltech*"
    No files found.

    Searching for "*cqlqdb.dll*"
    No files found.

    Searching for "*babylon*"
    C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]\content\babylon.xul --a---- 1102 bytes [05:02 03/09/2012] [05:02 03/09/2012] 51451DCF876DEAC80962F42B0C61CBF6
    C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected]\content\babylon.css --a---- 2267 bytes [04:10 09/08/2012] [04:10 09/08/2012] C958E619394865F741A245D368BFD28C
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\Mozilla Firefox\searchplugins\babylon.xml --a---- 2360 bytes [00:02 04/08/2012] [12:30 06/09/2012] 0EF0DA47336CD59E4FC91593CD25AFA6

    Searching for "*DealPly*"
    No files found.

    Searching for "*MyWebSearch*"
    C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\searchplugins\mywebsearch.xml --a---- 9924 bytes [19:08 16/10/2010] [16:16 03/11/2011] B53323597F5CD78AD68403A9DA22C1E1

    Searching for "*BasicScan*"
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).exe --a---- 23040 bytes [21:18 25/08/2012] [18:36 23/08/2012] 6ECFB83D481B636739E9736544F978A3
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).dll --a---- 888832 bytes [21:18 25/08/2012] [21:21 25/08/2012] ACC06E28FFED133B0284387D3A3A68E4

    Searching for " "
    No files found.

    ========== folderfind ==========

    Searching for "*Fun4IM*"
    No folders found.

    Searching for "*Bandoo*"
    No folders found.

    Searching for "*Searchnu*"
    No folders found.

    Searching for "*Searchqu*"
    No folders found.

    Searching for "*iLivid*"
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\iLivid d------ [11:09 07/09/2012]

    Searching for "*whitesmoke*"
    No folders found.

    Searching for "*datamngr*"
    No folders found.

    Searching for "*trolltech*"
    No folders found.

    Searching for "*babylon*"
    C:\_OTL\MovedFiles\09072012_120707\C_Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\[email protected] d------ [11:09 07/09/2012]
    C:\_OTL\MovedFiles\09082012_123630\C_Documents and Settings\user\Application Data\Babylon d------ [10:43 15/04/2012]
    C:\_OTL\MovedFiles\09082012_123630\C_Documents and Settings\All Users\Application Data\Babylon d------ [10:44 15/04/2012]

    Searching for "*DealPly*"
    No folders found.

    Searching for "*MyWebSearch*"
    No folders found.

    Searching for "*BasicScan*"
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan d------ [21:18 25/08/2012]

    Searching for " "
    No folders found.

    ========== Regfind ==========

    Searching for "Fun4IM"
    No data found.

    Searching for "Bandoo"
    No data found.

    Searching for "Searchnu"
    No data found.

    Searching for "Searchqu"
    No data found.

    Searching for "iLivid"
    No data found.

    Searching for "whitesmoke"
    No data found.

    Searching for "datamngr"
    No data found.

    Searching for "kelkoopartners"
    No data found.

    Searching for "trolltech"
    No data found.

    Searching for "babylon"
    No data found.

    Searching for "DealPly"
    No data found.

    Searching for "MyWebSearch"
    No data found.

    Searching for "BasicScan"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "Service"="BasicScan Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "DeviceDesc"="BasicScan Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "Service"="BasicScan Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "DeviceDesc"="BasicScan Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERVICE]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "Service"="BasicScan Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BASICSCAN_SERVICE\0000]
    "DeviceDesc"="BasicScan Service"

    -= EOF =-


    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Trolltech\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\babylontoolbar\ deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\"Tabs"|"res://ieframe.dll/tabswelcome.htm" /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\BasicScan\ deleted successfully.
    ========== FILES ==========
    C:\Documents and Settings\user\My Documents\Downloads\iLividSetupV1.exe moved successfully.
    File\Folder C:\WINDOWS\Prefetch\MYBABYLONTB.EXE-17F669FF.pf not found.
    File\Folder C:\WINDOWS\Prefetch\DEALPLYUPDATE.EXE-20792FC5.pf not found.
    C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
    C:\Documents and Settings\user\Application Data\Babylon folder moved successfully.
    File\Folder C:\WINDOWS\system32\dehaseha.dll not found.
    File\Folder C:\WINDOWS\system32\gelarijo.dll not found.
    File\Folder c:\windows\system32\mopiseje.dll not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: user
    ->Temp folder emptied: 1140791105 bytes
    ->Temporary Internet Files folder emptied: 64901 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 314962695 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1788 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 115139 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 2040 bytes

    Total Files Cleaned = 1,389.00 mb


    OTL by OldTimer - Version 3.2.61.0 log created on 09082012_123630

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\Perflib_Perfdata_dbc.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    Thanks Gizzy!
     
  12. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi Johny5,


    Please run another scan with Mawarebytes', This time select Perform full scan using the instructions below.

    Malwarebytes Anti-Malware
    1. Launch Malwarebytes Anti-Malware.
    2. Click the Update tab.
    3. Click Check for Updates and wait for it to finish updating.
    4. Click the Scanner tab, Select Perform full scan, Then click Scan.
    5. When the scan is complete, click OK, then Show Results to view the results.
    6. Check all items except items in the C:\System Volume Information folder, then click on Remove Selected.
    7. When completed, a log will open in Notepad. Please post that log in your next reply.

    The log is automatically saved and can be viewed by clicking the Logs tab in Malwarebytes' Anti-Malware. It can also be found here:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    aswMBR
    1. Download aswMBR to your Desktop.
    2. Double-click aswMBR.exe to run it.
    3. Click Yes to the prompt to download Avast! virus definitions.
      (Please be patient whilst the virus definitions download)
    4. With the AVscan set to Quick Scan, click the Scan button.
      (Please be patient whilst your computer is scanned.)
    5. After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
    6. Click OK > Exit.
      Note: Do not attempt to fix anything at this stage!
    7. Two files will be created, aswMBR.txt and a file named MBR.dat.
    8. Copy & Paste the contents of aswMBR.txt into your next reply.


    Run OTL
    Should still be on your computer.

    1. Double-click on OTL.exe to run it. Make sure all other windows are closed and let it run uninterrupted.
    2. Check the box beside Scan All Users
    3. Ensure Use SafeList is selected under Extra Registry
    4. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    5. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    6. Please copy (Edit > Select All -- Edit > Copy) the contents of these files, one at a time, and post them with your next reply.


    Please reply with:
    • Malwarebytes' Anti-Malware log
    • aswMBR log
    • New OTL logs
     
  13. Johny5

    Johny5 Thread Starter

    Joined:
    Sep 4, 2012
    Messages:
    19
    I'll post the results tomorrow, Gizzy.

    Thanks.
     
  14. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    That's fine, Post the logs when ready. :)
     
  15. Johny5

    Johny5 Thread Starter

    Joined:
    Sep 4, 2012
    Messages:
    19
    Hi again Gizzy,
    Here's all the log's you asked for.


    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.10.04

    Windows XP Service Pack 3 x86 FAT32
    Internet Explorer 8.0.6001.18702
    user :: ACER-1424F82190 [administrator]

    Protection: Disabled

    9/10/2012 2:45:48 PM
    mbam-log-2012-09-10 (14-45-48).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 319559
    Time elapsed: 12 hour(s), 13 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 58
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP632\A0250179.dll (Adware.Shopper) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP633\A0252053.dll (Adware.Zwangi) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP633\A0252054.exe (Adware.BasicScan) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP634\A0252074.exe (Adware.BasicScan) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP634\A0252081.exe (Adware.BasicScan) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP634\A0252082.dll (Adware.Zwangi) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP638\A0255435.dll (Adware.Shopper) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP638\A0255439.dll (Adware.SmartShopper) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP640\A0256513.exe (Adware.AdRotator) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256625.scr (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256629.DLL (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256630.DLL (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256631.DLL (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256632.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256633.DLL (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256634.DLL (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256635.DLL (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256636.DLL (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256637.SCR (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256638.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256639.DLL (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256640.DLL (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256641.EXE (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256642.DLL (PUP.FunWebProducts) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256643.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256644.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256645.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256646.EXE (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256647.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256648.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256649.EXE (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256650.EXE (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256651.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256652.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256653.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256654.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256655.exe (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256656.EXE (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256657.EXE (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256658.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256659.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256660.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256661.exe (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256662.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256663.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256664.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256665.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256685.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256686.EXE (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256687.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0256688.DLL (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0257685.dll (PUP.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP641\A0257697.exe (Trojan.Dropper) -> No action taken.
    C:\Program Files\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    C:\Program Files\VSO Software ConvertXtoDVD v3.3.4.107a\keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).exe (Adware.BasicScan) -> Quarantined and deleted successfully.
    C:\_OTL\MovedFiles\09072012_120707\C_Program Files\BasicScan\basicscan(2).dll (Adware.Zwangi) -> Quarantined and deleted successfully.

    (end)



    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-11 13:11:58
    -----------------------------
    13:11:58.578 OS Version: Windows 5.1.2600 Service Pack 3
    13:11:58.578 Number of processors: 1 586 0x4C02
    13:11:58.578 ComputerName: ACER-1424F82190 UserName: user
    13:12:08.281 Initialize success
    13:17:22.906 AVAST engine defs: 12091100
    13:45:47.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-9
    13:45:47.984 Disk 0 Vendor: WDC_WD1200UE-22KVT0 01.03K01 Size: 114473MB BusType: 3
    13:45:48.015 Disk 0 MBR read successfully
    13:45:48.015 Disk 0 MBR scan
    13:45:48.218 Disk 0 unknown MBR code
    13:45:48.250 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 4996 MB offset 63
    13:45:48.281 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 54486 MB offset 10233405
    13:45:48.296 Disk 0 Partition 3 00 0C FAT32 LBA MSWIN4.1 54988 MB offset 121820895
    13:45:48.359 Disk 0 scanning sectors +234436545
    13:45:48.484 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:49:08.109 Service scanning
    13:52:21.078 Modules scanning
    13:53:44.750 Disk 0 trace - called modules:
    13:53:44.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    13:53:44.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8578cab8]
    13:53:44.781 3 CLASSPNP.SYS[f76a2fd7] -> nt!IofCallDriver -> \Device\000000a0[0x857679e8]
    13:53:44.781 5 ACPI.sys[f74a9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-9[0x8575ad98]
    13:53:51.562 AVAST engine scan C:\WINDOWS
    13:56:08.968 AVAST engine scan C:\WINDOWS\system32
    14:31:55.937 AVAST engine scan C:\WINDOWS\system32\drivers
    14:33:59.484 AVAST engine scan C:\Documents and Settings\user
    14:48:02.921 AVAST engine scan C:\Documents and Settings\All Users
    14:50:49.484 Scan finished successfully
    15:04:31.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
    15:04:31.609 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"



    OTL logfile created on: 9/11/2012 3:14:32 PM - Run 2
    OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.10 Mb Total Physical Memory | 402.61 Mb Available Physical Memory | 45.03% Memory free
    2.11 Gb Paging File | 1.39 Gb Available in Paging File | 65.94% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 53.20 Gb Total Space | 17.13 Gb Free Space | 32.20% Space Free | Partition Type: FAT32
    Drive D: | 53.69 Gb Total Space | 46.63 Gb Free Space | 86.86% Space Free | Partition Type: FAT32

    Computer Name: ACER-1424F82190 | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/08 12:49:06 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\user\Local Settings\Temp\RtkBtMnt.exe
    PRC - [2012/09/07 17:22:54 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012/09/06 17:57:10 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
    PRC - [2011/10/15 01:48:52 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
    PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2009/08/16 09:28:02 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
    PRC - [2009/08/16 09:28:00 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
    PRC - [2009/08/16 09:27:56 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
    PRC - [2009/08/16 09:27:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
    PRC - [2009/08/16 09:27:32 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
    PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/12/18 14:20:00 | 000,401,408 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    PRC - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    PRC - [2006/11/28 18:43:36 | 000,754,712 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
    PRC - [2006/11/28 18:38:18 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    PRC - [2006/10/31 01:06:20 | 000,304,664 | ---- | M] (Acer Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    PRC - [2006/10/16 17:36:14 | 000,434,176 | ---- | M] () -- C:\WINDOWS\AcerOrbiCam.exe
    PRC - [2006/09/07 19:52:52 | 000,479,232 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
    PRC - [2006/08/30 09:57:34 | 000,442,368 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    PRC - [2006/08/29 17:56:22 | 000,020,480 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    PRC - [2006/08/10 15:00:50 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    PRC - [2006/08/09 16:18:14 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
    PRC - [2006/08/03 15:34:04 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    PRC - [2006/07/31 21:02:46 | 000,346,112 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    PRC - [2006/07/28 10:40:06 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    PRC - [2006/06/01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/07 17:21:10 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2012/08/15 01:24:36 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
    MOD - [2012/07/29 03:08:30 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_1ba7e3ec\system.drawing.dll
    MOD - [2012/07/29 03:08:12 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_56a096ce\system.windows.forms.dll
    MOD - [2012/07/29 03:07:54 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2012/01/29 20:59:26 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5196b641\mscorlib.dll
    MOD - [2012/01/29 20:58:50 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_725da67b\system.xml.dll
    MOD - [2012/01/29 20:57:52 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_131e434c\system.dll
    MOD - [2012/01/29 20:57:28 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2012/01/29 20:57:24 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2008/04/14 01:12:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
    MOD - [2008/04/14 01:12:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 01:11:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2006/11/28 18:43:36 | 000,754,712 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
    MOD - [2006/11/28 12:24:42 | 001,058,328 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\LAppRes.DLL
    MOD - [2006/10/31 01:06:30 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll
    MOD - [2006/10/16 17:36:14 | 000,434,176 | ---- | M] () -- C:\WINDOWS\AcerOrbiCam.exe
    MOD - [2006/09/22 16:27:02 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
    MOD - [2006/09/22 16:27:00 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    MOD - [2006/09/22 16:27:00 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
    MOD - [2006/09/22 16:27:00 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
    MOD - [2006/08/30 09:57:34 | 000,442,368 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    MOD - [2006/08/03 10:20:52 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
    MOD - [2006/08/02 02:50:10 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll
    MOD - [2006/07/28 17:55:04 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
    MOD - [2006/01/12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll
    MOD - [2005/10/20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
    MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll


    ========== Services (SafeList) ==========

    SRV - [2012/09/07 17:21:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/08/15 01:24:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2009/08/16 09:27:40 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
    SRV - [2009/08/16 09:27:32 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
    SRV - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
    SRV - [2006/11/28 18:41:54 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2006/08/29 17:56:22 | 000,020,480 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2006/08/10 15:00:50 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (wjusk)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\user\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
    DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER)
    DRV - [2012/09/10 14:45:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2009/08/16 09:28:02 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2009/08/16 09:28:02 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/05/19 10:14:28 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2007/07/05 16:58:24 | 000,100,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2007/04/24 09:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt)
    DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus)
    DRV - [2006/11/28 18:39:14 | 001,962,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2006/09/26 06:50:06 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/09/26 00:11:18 | 000,061,568 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
    DRV - [2006/08/21 19:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
    DRV - [2006/08/16 11:32:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2006/08/16 11:22:00 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/08/16 11:21:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
    DRV - [2006/08/11 17:52:50 | 011,985,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD)
    DRV - [2006/08/03 10:19:04 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
    DRV - [2006/08/03 10:19:02 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
    DRV - [2006/08/03 10:19:02 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
    DRV - [2006/07/12 19:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
    DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2006/04/20 16:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/04/20 16:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/04/20 16:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/09/01 16:54:26 | 000,032,000 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS)
    DRV - [2005/09/01 16:54:12 | 000,007,936 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
    DRV - [2005/08/29 14:45:24 | 000,018,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtscser.sys -- (GTSCSER)
    DRV - [2004/09/03 16:38:16 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.pt/ [binary data]
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{2E5EBC27-450A-482C-9930-E728DFB5F320}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{628A09EC-DDA8-4236-ADE9-A03857C32687}: "URL" = http://www.flickr.com/search/?q={searchTerms}
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{81255F7E-53BA-4797-AAC1-08DB83382637}: "URL" = http://delicious.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\SearchScopes\{C2CF0540-CCA4-49FD-8934-EEC447BADC95}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
    IE - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: "http://www.google.pt/"
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/18 14:09:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 17:10:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 17:10:42 | 000,000,000 | ---D | M]

    [2009/02/06 18:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
    [2009/02/06 21:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\[email protected]
    [2009/02/06 18:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions
    [2010/10/02 15:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nie824pj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
    [2012/09/07 17:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/07 17:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
    [2012/09/07 17:10:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/08/15 22:25:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/09/07 17:23:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/08/31 13:29:28 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/08/31 13:29:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2009/03/08 18:07:46 | 000,000,687 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
    O3 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
    O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
    O4 - HKLM..\Run: [Acer OrbiCam] C:\WINDOWS\AcerOrbiCam.exe ()
    O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\Acer\OrbiCam10\OrbiCam.exe ()
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe File not found
    O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
    O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LaunchApp] File not found
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
    O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
    O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
    O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
    O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c File not found
    O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\software tmn.exe" File not found
    O4 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_35.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8846D96-83D5-4C0C-89F8-98005F8ECC24}: DhcpNameServer = 192.168.1.254 192.168.1.254
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/22 17:11:12 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2009/01/18 22:08:08 | 000,000,090 | R--- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
    O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0536b740-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0536b742-bbf0-11dd-8aa7-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0b090fb0-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0b090fb1-db76-11dd-8ab5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{35d6199f-b8d6-11dd-8aa2-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{46b7fd16-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{46b7fd17-5018-11de-8b1a-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6b86f86e-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6b86f86f-cc7d-11dd-8ab0-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{75280e38-749f-11de-8b34-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{75280e39-749f-11de-8b34-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7bd6d75a-717f-11de-8b32-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7bd6d75b-717f-11de-8b32-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9d90487a-d901-11dd-8ab4-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a442a772-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a442a773-cc85-11dd-8ab3-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b9717408-6f22-11de-8b2e-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c4447d9e-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c4447d9f-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c4447da0-cc7f-11dd-8ab1-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{c9e6ef10-3439-11e0-8bc8-001636a11bb2}\Shell\AutoRun\command - "" = G:\__DT\DT.exe
    O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f6e38f2a-bb21-11dd-8aa5-001636a11bb2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/10 14:44:23 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/09/07 17:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/09/07 12:07:07 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/09/06 13:22:34 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/09/06 13:22:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/09/06 13:22:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/09/05 05:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    [2012/09/05 05:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/09/05 05:51:38 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012/09/01 04:24:04 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/08/27 13:01:36 | 000,000,000 | -HSD | C] -- C:\FOUND.000
    [2012/08/26 13:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Holdem Manager 2
    [2012/08/26 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Holdem Manager 2
    [2012/08/26 13:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
    [2012/08/25 03:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Poker Pro Labs
    [2012/08/24 03:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/24 03:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/22 16:55:51 | 000,000,000 | ---D | C] -- C:\HM2Archive
    [2012/08/22 16:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\IsolatedStorage
    [2012/08/22 16:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\HoldemManager
    [2012/08/21 23:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PostgreSQL 8.4
    [2012/08/21 23:28:53 | 000,000,000 | ---D | C] -- C:\postgreSQL
    [2012/08/21 02:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\YoudaGames
    [2012/08/21 02:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
    [2012/08/21 02:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
    [2012/08/21 02:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar
    [2012/08/18 17:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DDMSettings
    [2012/08/18 14:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
    [2012/08/18 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
    [2012/08/15 22:26:00 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2010/06/20 23:51:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\user\Application Data\pcouffin.sys
    [2010/06/17 13:17:24 | 000,950,779 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.3.exe
    [9 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/11 15:24:20 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/09/11 14:49:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/11 11:20:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/11 11:19:46 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1241016058-1226847170-1791428113-1005.job
    [2012/09/11 11:19:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/09/11 11:19:16 | 937,603,072 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/11 03:34:00 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
    [2012/09/10 14:45:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/09/09 23:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1241016058-1226847170-1791428113-1005.job
    [2012/09/08 12:45:38 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/09/06 13:32:02 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/04 17:46:02 | 000,853,646 | ---- | M] () -- C:\Documents and Settings\user\Desktop\17a223ee.x50.gif
    [2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2012/08/28 20:24:54 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/08/28 20:10:08 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/08/28 20:09:58 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/08/28 18:39:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/08/26 03:14:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/08/25 22:17:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\23d13a4d1e538ddd6bfce22774757328_c
    [2012/08/25 19:49:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/08/15 21:00:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/08/15 18:01:40 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/08/15 01:24:36 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/08/15 01:24:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [9 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/06 13:32:00 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/04 17:45:57 | 000,853,646 | ---- | C] () -- C:\Documents and Settings\user\Desktop\17a223ee.x50.gif
    [2012/08/25 22:17:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23d13a4d1e538ddd6bfce22774757328_c
    [2012/08/24 04:40:20 | 937,603,072 | -HS- | C] () -- C:\hiberfil.sys
    [2012/08/22 21:55:59 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1241016058-1226847170-1791428113-1005-0.dat
    [2012/08/22 21:55:36 | 000,249,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/08/16 12:55:48 | 000,328,592 | ---- | C] () -- C:\Documents and Settings\user\My Documents\S5000743.JPG
    [2012/04/14 14:43:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2010/10/17 01:36:26 | 000,039,771 | ---- | C] () -- C:\Documents and Settings\user\mysmiley.png
    [2010/06/20 23:52:21 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\user\Application Data\vso_ts_preview.xml
    [2010/06/20 23:51:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\user\Application Data\inst.exe
    [2010/06/20 23:51:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.cat
    [2010/06/20 23:51:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.inf
    [2010/03/16 17:36:16 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\user\irs
    [2006/12/19 03:18:36 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/12/18 05:53:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat

    < End of report >


    OTL Extras logfile created on: 9/11/2012 3:14:32 PM - Run 2
    OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.10 Mb Total Physical Memory | 402.61 Mb Available Physical Memory | 45.03% Memory free
    2.11 Gb Paging File | 1.39 Gb Available in Paging File | 65.94% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 53.20 Gb Total Space | 17.13 Gb Free Space | 32.20% Space Free | Partition Type: FAT32
    Drive D: | 53.69 Gb Total Space | 46.63 Gb Free Space | 86.86% Space Free | Partition Type: FAT32

    Computer Name: ACER-1424F82190 | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    "C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
    "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
    "C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
    "C:\Program Files\TMN\AutoUpdateSrv.exe" = C:\Program Files\TMN\AutoUpdateSrv.exe:*:Disabled:AutoUpdateSrv Application
    "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Conference\Conference.dll" = C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
    "C:\WINDOWS\EXPLORER.EXE" = C:\WINDOWS\EXPLORER.EXE:*:Enabled:Explorer -- (Microsoft Corporation)
    "C:\Program Files\Holdem Indicator\HoldemIndicator.exe" = C:\Program Files\Holdem Indicator\HoldemIndicator.exe:*:Enabled:Holdem Indicator
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
    "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
    "C:\Documents and Settings\USER\My Documents\Downloads\pdf_converter.exe" = C:\Documents and Settings\USER\My Documents\Downloads\pdf_converter.exe:*:Enabled:pDF Creator
    "C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component -- (TVU networks)
    "C:\Program Files\Google\Google Earth\PLUGIN\geplugin.exe" = C:\Program Files\Google\Google Earth\PLUGIN\geplugin.exe:*:Disabled:Google Earth


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
    "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
    "{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
    "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
    "{3BB3B50E-FBD3-4E8B-A72B-45AC5CF23135}" = Acer OrbiCam Utility Bar
    "{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = software tmn
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
    "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
    "{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}" = Wheel of Fortune 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113137700}" = Ice Cream Tycoon
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
    "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype&#8482; 5.10
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    "AcerOrbiCamDrv" = Acer Camera Driver
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "Auto Click 2.1_is1" = Auto Click 2.1
    "AVG8Uninstall" = AVG Free 8.5
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "BSPlayerf" = BS.Player FREE
    "Bubble Bobble TNA" = Bubble Bobble TNA
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025010F" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Creative Media Lite" = Creative Media Lite
    "DivX Setup" = DivX Setup
    "GridVista" = Acer GridVista
    "Hamsterball" = Hamsterball
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3079
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "OptionPCCardInstaller" = Option PC Cards driver package
    "OptionPluss_PCCardInstaller" = Option GT HSDPA driver suite
    "Peggle Deluxe" = Peggle Deluxe
    "Peggle Deluxe 1.0" = Peggle Deluxe 1.0
    "PKR" = PKR
    "PokerStars" = PokerStars
    "Puppy Luv" = Puppy Luv (remove only)
    "SopCast" = SopCast 3.2.9
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TVUPlayer" = TVUPlayer 2.5.3.1
    "Water Bugs 1.0" = Water Bugs 1.0
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xilisoft AVI to DVD Converter 6" = Xilisoft AVI to DVD Converter 6
    "ZENStonePlusUG" = Creative ZEN Stone Plus User's Guide

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1241016058-1226847170-1791428113-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/26/2012 8:02:32 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/1/2012 9:22:33 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
    Description = Hanging application avgui.exe, version 8.5.0.454, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 9/2/2012 1:26:05 PM | Computer Name = ACER-1424F82190 | Source = Service1 | ID = 0
    Description = Service cannot be started. System.Runtime.InteropServices.COMException
    (0x80010002): Call was canceled by the message filter. at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

    at System.Management.ManagementObjectSearcher.Get() at eLock.Serv.Main.MapVolumeName2DeviceID.updateFixDrives()

    at eLock.Serv.Main.MapVolumeName2DeviceID..ctor() at eLock.Serv.Main.Main..ctor()

    at eLock.Serv.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
    state)

    Error - 9/3/2012 3:10:37 AM | Computer Name = ACER-1424F82190 | Source = Service1 | ID = 0
    Description = Service cannot be started. System.Runtime.InteropServices.COMException
    (0x80010002): Call was canceled by the message filter. at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

    at System.Management.ManagementObjectSearcher.Get() at eLock.Serv.Main.MapVolumeName2DeviceID.updateFixDrives()

    at eLock.Serv.Main.MapVolumeName2DeviceID..ctor() at eLock.Serv.Main.Main..ctor()

    at eLock.Serv.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
    state)

    Error - 9/6/2012 8:16:23 AM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
    Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/6/2012 8:17:13 AM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1001
    Description = Fault bucket 734562961.

    Error - 9/7/2012 7:41:38 AM | Computer Name = ACER-1424F82190 | Source = ESENT | ID = 474
    Description = wuauclt (1360) The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
    at offset 121581568 (0x00000000073f3000) for 4096 (0x00001000) bytes failed verification
    due to a page checksum mismatch. The expected checksum was 568616337 (0x21e46591)
    and the actual checksum was 568616081 (0x21e46491). The read operation will fail
    with error -1018 (0xfffffc06). If this condition persists then please restore
    the database from a previous backup.

    Error - 9/7/2012 1:42:20 PM | Computer Name = ACER-1424F82190 | Source = Application Hang | ID = 1002
    Description = Hanging application qigvm95k.exe, version 1.0.15.15641, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/8/2012 6:32:42 PM | Computer Name = ACER-1424F82190 | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 15.0.1.4631, faulting
    module mozalloc.dll, version 15.0.1.4631, fault address 0x00001993.

    Error - 9/8/2012 6:32:56 PM | Computer Name = ACER-1424F82190 | Source = Application Error | ID = 1001
    Description = Fault bucket -1150658847.

    [ System Events ]
    Error - 9/11/2012 8:47:13 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/11/2012 8:47:13 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/11/2012 8:47:13 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/11/2012 8:47:13 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/11/2012 10:19:59 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/11/2012 10:19:59 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/11/2012 10:20:01 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/11/2012 10:20:01 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/11/2012 10:20:02 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed

    Error - 9/11/2012 10:20:02 AM | Computer Name = ACER-1424F82190 | Source = ati2mtag | ID = 43015
    Description = I2c return failed


    < End of report >



    Thanks :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1067677