Malware help - 8 step logs attached

Inactive
By JimDav
Nov 27, 2010
Topic Status:
Not open for further replies.
  1. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    Still refusing to start normally
  2. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    strangely, everything I disabled is showing checks in all the boxes when I get back into safe mode!
  3. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    exit msconfig without restart, then go back in - everything disabled as I wanted.
    Restart back into safe mode & everything 'checked' again!!

    ????
  4. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    While in safe mode, create new profile, restart and boot to a new profile.
    See, if it'll boot to normal mode.
  5. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    created new user account, restarted, new account gone!!!!!!!!!!!!!!!!
  6. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    What do you mean by "gone"?
  7. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    No new account to select. Its like any change made in safe mode doesn't save.
    When the stuff reappears after disabling all in safemode (msconfig / startup) and restarting, the only stuff not 'checked' is the stuff I disabled before I first posted here - when still in normal mode!
  8. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    extra log

    OTL Extras logfile created on: 28/11/2010 20:56:24 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sarah Brown\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.57 Gb Total Space | 53.10 Gb Free Space | 47.60% Space Free | Partition Type: NTFS
    Drive D: | 111.55 Gb Total Space | 111.26 Gb Free Space | 99.74% Space Free | Partition Type: NTFS

    Computer Name: SARAHBROWN | User Name: Sarah Brown | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" %*
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{045AC467-3952-41CB-A58D-1FBF3CB933BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{20914791-8316-40F6-9081-316CE60B2899}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{21D56196-E367-4823-951F-FA6A1E87EAB7}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{28E41DF1-5565-440F-913D-A37BA82B29D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5B061580-5A10-433D-AB70-552B18CE597E}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{6C257ECD-B2A6-4FD8-B581-0070123F79E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8D7A84FA-3B2D-4590-B061-95185EF2DA71}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9CDC8AB7-9B51-49EE-BA66-95173E936B79}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{CA016CA1-CBE5-4D9E-A964-DAFBE9E655EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D113CD3E-7076-4ACB-9063-D02CE0E698CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D1315400-D870-4794-B9B4-EC639007481C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D7471B55-3D81-4F00-AB6E-381104585C8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DB852A0E-587A-4D7B-A23B-B3949BA962D7}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0BEC0999-8C64-4727-92E2-DFB54FA5DA59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0C09AC15-0410-4813-A0BC-74539A025E0F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{0EC02EF0-42A8-43A7-94EC-3B3D299FE333}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{137865EE-9DD0-48C5-BE44-F9091C50D83A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1414CCE5-9B47-4508-AA5D-E9376B3F73CE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{167C8CB8-674A-498C-A7E9-2DF2E014BE02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1C19D2FB-834C-450A-BA71-9A7956C2ABA9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{20DFA46C-FEAE-477B-A53F-0CDF91C6E8F0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{237A91EE-9FDE-495A-BA2A-9D2FD08402D9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{238C0536-CC66-4AAC-A607-8873DDFDFA86}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{27480808-AC70-4095-8647-9F9FE9589456}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{2B435B82-D37F-4AFB-873C-12FD17E32E66}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{2B96FE96-251A-4DAB-904E-9BFAF0F46EB3}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{2FC156B5-0986-4C08-A8F5-28031BE4F43D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{32415216-C26A-4D0D-8E6D-9CAC0FA338F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3E14A432-0D12-40F1-A325-D652791133CC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{46CF3DE6-7CED-455F-BF34-3CB090160DC7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{477E75DE-9B8D-4805-81F8-5F3C2B4938E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{4BC47690-3FEF-4AF9-98E4-0835FA2C26EB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{4FBCEFEC-E356-4F7B-86E2-0987C054A97F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{5678D7B7-337B-4999-9EE7-9D06DCCFF02F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
    "{654E61D0-06E2-4DCE-B679-215B954C5795}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{6F6EED09-7BB1-4556-8556-29630651F789}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{75516EA1-8CA7-47D4-A628-4C4F9F66BAE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{78C0F7ED-AD03-4524-AA58-B94ADDC54609}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
    "{7B4585F4-3B4A-479D-BA16-BFCEBA7F5887}" = dir=in | app=e:\setup\hpznui01.exe |
    "{86862813-CC3B-4623-B6D2-0B35D60E91E2}" = protocol=6 | dir=out | app=system |
    "{8B533F48-8C72-4A62-8CDE-5FFA8F8686E5}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
    "{934E834F-1676-49C0-8347-79318410D4B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{94C7F164-6190-43B0-9557-84C3B1841245}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{94DE97D8-FF67-4BDB-B93D-CFB7503256AB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{9757E8EB-4726-419A-840D-8142ABA407DC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{98CE2685-1C9F-47D7-9728-89C725E1E461}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{9AAC521E-278C-470D-9755-3E2B45AEE29F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{9DB7CCEC-0931-4BED-8525-5BE1FBB285A2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{A9A9340C-7886-4B84-940D-365FD0D952B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AF77B0F9-C2A1-4D0C-8221-0D5496D20F2D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{B216FC69-FCD9-42C2-A6D5-D4B54ACD76C9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B267534A-FE1D-479F-9F4D-B70878C2073B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{B39A49E9-AADB-4276-A93B-4A234B3D69D2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{B56BC230-7222-42B7-BD9C-9E1E82FB4D86}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{B66078E1-A677-4B84-B21F-DE2F71A42529}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{BA209563-7A49-42A4-8F76-6341D84C3F75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BF14971B-1CE3-40B5-92B9-16EAC521A9D0}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
    "{C440B538-21A8-4860-9EA7-0FF7F6CC79F2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{C94E61BA-3120-49D5-82A5-2A4E5F460F5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CB1FC82F-B914-44B8-B443-B925CC4DDA42}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{CF0E624E-FE25-4D38-8FDF-0E67EB2AD7E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DAB44904-2ABE-423A-AC76-35882E87E0F6}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
    "{DC0E4005-8DF5-4892-994F-CFDEA15BA488}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{DD0A70FF-9E72-4F6B-A2DE-11F9DE24F899}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{DF3FE734-62BE-4FBF-9A98-124B24F62E63}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{E55E69F1-8787-4E7F-89B6-6B591AB4A5E5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{ED2F9F7E-4C81-41BA-A4BD-B43B20F0BFB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F158F2D0-605A-4BD0-A632-7B1567DE160F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "TCP Query User{4ADFD4E3-BCD5-4F0E-9AA7-A9E2D1C529D5}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "TCP Query User{7B85F3FE-F302-463D-AE8C-69EB36FA1516}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "TCP Query User{C5BA20CC-787C-41D1-AE8C-84A0322B57FC}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{1ECD4A89-666C-484E-90DB-776748268E39}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
    "UDP Query User{C719D7F6-B5F4-4BF5-B50D-ABB6DA05DD01}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{D96F4699-936E-425B-881A-C0B7320BF898}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "$NtUninstallMTF197$" = Street-Ads Browser Enhancer
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
    "{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
    "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
    "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
    "{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
    "{640BE6CD-9B4E-4FA4-98BC-E6975A30DC4F}" = ESET NOD32 Antivirus
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{856C155E-4A74-4041-B026-04F96FFD1BCD}" = ZIP Reader 8.00.0018
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
    "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
    "{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
    "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{C7DD90E2-61F6-47F7-ADB3-8A61088F1F12}" = Sibelius Scorch (ActiveX Only)
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
    "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Advanced SystemCare 3_is1" = Advanced SystemCare 3
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "avast5" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "EADM" = EA Download Manager
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
    "Google Desktop" = Google Desktop
    "GridVista" = Acer GridVista
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 12.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
    "HPExtendedCapabilities" = HP Customer Participation Program 12.0
    "imeshmediabartb" = MediaBar
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Playsushi" = Playsushi
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Uninstall_is1" = Uninstall 1.0.0.1
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Smilebox" = Smilebox

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
  10. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    OTL log

    OTL logfile created on: 28/11/2010 20:56:24 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sarah Brown\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.57 Gb Total Space | 53.10 Gb Free Space | 47.60% Space Free | Partition Type: NTFS
    Drive D: | 111.55 Gb Total Space | 111.26 Gb Free Space | 99.74% Space Free | Partition Type: NTFS

    Computer Name: SARAHBROWN | User Name: Sarah Brown | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/28 20:54:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah Brown\Downloads\OTL.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/28 20:54:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah Brown\Downloads\OTL.exe
    MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/04 17:18:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EHttpSrv)
    SRV - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/08/06 12:42:02 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/07/07 17:42:22 | 000,122,488 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2008/05/14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/04/07 05:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
    SRV - [2008/04/04 10:03:14 | 000,131,072 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
    SRV - [2008/03/21 20:22:52 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2008/03/03 20:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
    SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/17 01:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
    SRV - [2007/12/06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/03 06:13:46 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2010/07/29 12:31:26 | 000,096,920 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV - [2008/08/12 20:33:38 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
    DRV - [2008/07/11 18:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2008/07/07 17:42:20 | 000,017,144 | ---- | M] (Malwarebytes Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMDrvService)
    DRV - [2008/06/14 01:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/05/14 16:05:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
    DRV - [2008/05/14 16:05:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
    DRV - [2008/05/14 16:05:42 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
    DRV - [2008/04/28 14:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/04/25 18:08:42 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/04/18 22:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
    DRV - [2008/03/21 17:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/02/29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/02/21 09:55:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
    DRV - [2008/01/31 01:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2008/01/31 01:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2008/01/21 02:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 02:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 02:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 02:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 02:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 02:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 02:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 02:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 02:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 02:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 02:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 02:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 02:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 02:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 02:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 02:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 02:32:49 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
    DRV - [2008/01/21 02:32:48 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
    DRV - [2008/01/21 02:32:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
    DRV - [2008/01/21 02:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/21 02:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2008/01/21 02:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 02:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 02:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 02:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 02:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 02:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2008/01/21 02:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 02:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 02:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2008/01/17 01:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
    DRV - [2006/11/03 05:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
    DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0809&m=aspire_5735

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.2.1

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/10/10 13:24:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/26 22:56:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 22:56:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/11/22 18:34:36 | 000,000,000 | ---D | M]

    [2010/06/02 16:03:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\Mozilla\Extensions
    [2009/08/06 15:43:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2010/11/26 22:57:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\Mozilla\Firefox\Profiles\b9ohoggg.default\extensions
    [2010/11/26 22:57:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah Brown\AppData\Roaming\Mozilla\Firefox\Profiles\b9ohoggg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/26 22:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/11/28 00:25:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (adfayudhpr Object) - {6A59933E-D8A2-4E71-8027-3FA5881EC5C9} - C:\Windows\$NtUninstallMTF197$\lfjre.dll File not found
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (brumayudhgrm Object) - {FBF50663-5574-4494-9419-76158E351EF0} - C:\Windows\$NtUninstallMTF197$\cscdn.dll File not found
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
    O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\Sarah Brown\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Sarah Brown\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/28 00:26:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/11/28 00:26:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Local\temp
    [2010/11/28 00:26:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/11/28 00:21:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/11/27 23:24:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/11/27 23:20:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\Desktop\AMW
    [2010/11/27 22:03:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/11/27 22:03:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/11/27 22:03:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/11/27 22:03:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/27 21:07:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\Documents\tdsskiller
    [2010/11/27 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\Desktop\Logs
    [2010/11/27 14:10:11 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010/11/27 14:10:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010/11/27 14:10:09 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010/11/27 14:10:08 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010/11/27 14:10:07 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010/11/27 14:09:26 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010/11/27 14:09:26 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/11/27 14:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/11/27 14:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/11/26 22:56:09 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Local\Mozilla
    [2010/11/26 22:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/11/26 22:33:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2010/11/22 20:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
    [2010/11/22 20:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2010/11/22 20:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
    [2010/11/22 20:12:03 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
    [2010/11/22 20:10:27 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2010/11/21 18:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/11/21 17:12:24 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Roaming\DriverCure
    [2010/11/21 17:12:23 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Roaming\ParetoLogic
    [2010/11/21 17:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2010/11/21 17:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2010/11/21 17:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
    [2010/11/21 15:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe(937)
    [2010/11/21 15:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Local\Electronic Arts
    [2010/11/20 22:54:05 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Local\ESET
    [2010/11/20 22:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2010/11/20 14:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/11/20 14:09:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2010/11/20 14:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/11/20 14:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/11/20 13:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(991)
    [2010/11/20 13:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/11/20 13:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(936)
    [2010/11/20 13:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(1124)
    [2010/11/20 09:40:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Roaming\IObit
    [2010/11/20 09:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2010/11/20 09:39:18 | 008,858,504 | ---- | C] (IObit ) -- C:\Users\Sarah Brown\Documents\asc-setup-pro.exe
    [2010/11/20 00:03:39 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Roaming\Malwarebytes
    [2010/11/20 00:03:35 | 000,017,144 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/20 00:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/20 00:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/19 18:49:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2010/11/19 18:49:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2010/11/19 18:49:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2010/11/19 18:14:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2010/11/12 17:02:14 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Local\Adobe32 ARM
    [2009/08/03 02:01:39 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
  11. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    OTL part 2 - split as too big!!

    ========== Files - Modified Within 30 Days ==========

    [2010/11/28 20:50:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/28 20:50:47 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
    [2010/11/28 20:49:52 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
    [2010/11/28 00:25:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/11/27 22:02:45 | 003,981,232 | R--- | M] () -- C:\Users\Sarah Brown\Desktop\ComboFix.exe
    [2010/11/27 21:09:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/27 21:09:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/27 18:00:04 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2010/11/27 17:37:43 | 000,005,972 | ---- | M] () -- C:\Users\Sarah Brown\AppData\Local\d3d9caps.dat
    [2010/11/27 14:10:11 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010/11/27 14:10:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010/11/26 22:56:06 | 000,001,752 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/26 22:56:06 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/26 21:08:29 | 000,000,165 | -H-- | M] () -- C:\Users\Sarah Brown\Documents\~$Virus Scan Results 20th November 2010.pptx
    [2010/11/24 20:00:14 | 000,000,120 | ---- | M] () -- C:\Users\Sarah Brown\AppData\Local\Glezeqo.dat
    [2010/11/24 19:55:51 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/11/24 19:55:51 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/11/24 17:56:11 | 000,409,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/11/22 20:33:38 | 000,002,255 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2010/11/22 20:33:26 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/22 20:27:33 | 000,001,891 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader 9 (2).lnk
    [2010/11/22 20:27:30 | 000,000,906 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\ParetoLogic PC Health Advisor.lnk
    [2010/11/22 20:27:27 | 000,001,018 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2010/11/22 20:27:19 | 000,000,822 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/11/22 18:30:01 | 042,371,584 | ---- | M] () -- C:\Users\Sarah Brown\Documents\eav_nt32_enu.msi
    [2010/11/21 17:58:29 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2010/11/21 17:58:29 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
    [2010/11/21 17:58:29 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
    [2010/11/20 23:38:49 | 000,194,106 | ---- | M] () -- C:\Users\Sarah Brown\Documents\Virus Scan Results 20th November 2010.pptx
    [2010/11/20 09:56:58 | 000,010,752 | ---- | M] () -- C:\Users\Sarah Brown\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/20 09:39:55 | 008,858,504 | ---- | M] (IObit ) -- C:\Users\Sarah Brown\Documents\asc-setup-pro.exe
    [2010/11/14 13:17:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/11/14 13:17:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/11/14 13:14:01 | 292,744,125 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/08 19:35:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe

    ========== Files Created - No Company Name ==========

    [2010/11/27 23:56:15 | 003,981,232 | R--- | C] () -- C:\Users\Sarah Brown\Desktop\ComboFix.exe
    [2010/11/27 22:03:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/11/27 22:03:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/11/27 22:03:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/11/27 22:03:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/11/27 22:03:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/11/27 21:10:32 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
    [2010/11/27 14:10:11 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010/11/26 22:56:06 | 000,001,752 | ---- | C] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/26 22:56:06 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/26 21:08:29 | 000,000,165 | -H-- | C] () -- C:\Users\Sarah Brown\Documents\~$Virus Scan Results 20th November 2010.pptx
    [2010/11/22 20:27:33 | 000,001,891 | ---- | C] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader 9 (2).lnk
    [2010/11/22 20:27:30 | 000,000,906 | ---- | C] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\ParetoLogic PC Health Advisor.lnk
    [2010/11/22 20:27:27 | 000,001,018 | ---- | C] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2010/11/22 20:27:19 | 000,000,822 | ---- | C] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/11/22 18:29:56 | 042,371,584 | ---- | C] () -- C:\Users\Sarah Brown\Documents\eav_nt32_enu.msi
    [2010/11/21 17:12:29 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2010/11/21 17:12:17 | 000,000,430 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2010/11/21 17:12:15 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
    [2010/11/21 17:12:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
    [2010/11/20 23:38:48 | 000,194,106 | ---- | C] () -- C:\Users\Sarah Brown\Documents\Virus Scan Results 20th November 2010.pptx
    [2010/11/20 09:41:13 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
    [2010/11/20 00:03:33 | 000,034,296 | ---- | C] () -- C:\Windows\System32\drivers\mbamcatchme.sys
    [2010/11/14 13:17:51 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2010/11/14 13:17:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2010/11/12 17:03:57 | 000,000,120 | ---- | C] () -- C:\Users\Sarah Brown\AppData\Local\Glezeqo.dat
    [2010/11/08 19:06:47 | 292,744,125 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/01/16 18:56:22 | 000,010,752 | ---- | C] () -- C:\Users\Sarah Brown\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/10 13:14:48 | 000,002,047 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/09/12 09:09:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/27 12:23:21 | 000,005,972 | ---- | C] () -- C:\Users\Sarah Brown\AppData\Local\d3d9caps.dat
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 01:46:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
    [2009/08/02 17:32:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
    [2009/08/02 17:29:58 | 000,091,992 | ---- | C] () -- C:\Users\Sarah Brown\AppData\Local\edsinstaller.txt-20090802.log
    [2009/08/02 17:26:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2008/05/15 05:50:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
    [2008/05/15 05:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
    [2008/05/15 05:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
    [2008/05/14 12:48:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/05/14 12:48:14 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
    [2008/05/14 12:48:14 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
    [2008/05/14 12:48:13 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
    [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2008/05/15 05:46:38 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\Acer GameZone Console
    [2010/11/21 17:12:24 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\DriverCure
    [2010/11/20 09:40:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\IObit
    [2009/09/12 12:49:47 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\LimeWire
    [2010/11/21 17:12:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\ParetoLogic
    [2009/08/09 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\PKWARE
    [2010/01/17 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\Smilebox
    [2010/11/28 20:49:52 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
    [2010/11/27 18:00:04 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
    [2010/11/21 17:58:29 | 000,000,430 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
    [2010/11/21 17:58:29 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
    [2010/11/21 17:58:29 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
    [2010/11/27 21:09:35 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/02/10 23:06:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/11/28 00:26:26 | 000,018,799 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/11/14 13:17:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/11/14 13:17:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/11/27 17:32:48 | 3460,423,680 | -HS- | M] () -- C:\pagefile.sys
    [2008/12/16 00:25:26 | 000,004,132 | -HS- | M] () -- C:\Patch.rev
    [2008/05/15 07:28:39 | 000,000,146 | RHS- | M] () -- C:\preload.rev
    [2009/08/02 17:28:06 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log
    [2010/11/27 22:24:17 | 000,000,389 | ---- | M] () -- C:\rkill.log
    [2010/11/27 21:09:19 | 000,062,202 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_27.11.2010_21.08.23_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 12:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 12:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 12:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/11/19 18:40:06 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/10/24 10:48:38 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp696.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/21 02:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 03:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 03:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 03:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/01/22 19:38:40 | 000,000,337 | -HS- | M] () -- C:\Users\Sarah Brown\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/27 22:02:45 | 003,981,232 | R--- | M] () -- C:\Users\Sarah Brown\Desktop\ComboFix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/11/19 18:57:06 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/11/19 18:56:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2009/08/03 01:08:03 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2009/08/03 01:08:03 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/11/19 18:56:36 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/08/02 17:22:40 | 000,000,402 | -HS- | M] () -- C:\Users\Sarah Brown\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/20 12:33:38 | 000,002,047 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  12. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (adfayudhpr Object) - {6A59933E-D8A2-4E71-8027-3FA5881EC5C9} - C:\Windows\$NtUninstallMTF197$\lfjre.dll File not found
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
      O2 - BHO: (brumayudhgrm Object) - {FBF50663-5574-4494-9419-76158E351EF0} - C:\Windows\$NtUninstallMTF197$\cscdn.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
      O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
      [2010/11/24 20:00:14 | 000,000,120 | ---- | M] () -- C:\Users\Sarah Brown\AppData\Local\Glezeqo.dat
      [2010/11/20 09:56:58 | 000,010,752 | ---- | M] () -- C:\Users\Sarah Brown\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2010/11/08 19:35:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    After restart, try normal mode.
  13. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    Didn't boot in normal mode.

    No logs opened this time but document desktop.ini appeared on the desktop......


    [.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
    IconResource=%SystemRoot%\system32\imageres.dll,-183

    Is this what you wanted - there are no new logs in the downloads folder (where OTL put the first two)

    Jim
     
  14. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    In Windows Explorer, go Tools>Folder options>View tab and PUT checkmark into "Hide protected operating system files".

    Did you restart computer?
    If so...

    Run OTL "Quick scan" (no custom script) and post new log. We'll see what happened.
  15. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    OTL logfile created on: 28/11/2010 21:54:27 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sarah Brown\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.57 Gb Total Space | 53.14 Gb Free Space | 47.63% Space Free | Partition Type: NTFS
    Drive D: | 111.55 Gb Total Space | 111.26 Gb Free Space | 99.74% Space Free | Partition Type: NTFS

    Computer Name: SARAHBROWN | User Name: Sarah Brown | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/28 20:54:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah Brown\Downloads\OTL.exe
    PRC - [2010/10/27 06:13:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/28 20:54:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah Brown\Downloads\OTL.exe
    MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/04 17:18:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EHttpSrv)
    SRV - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/08/06 12:42:02 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/07/07 17:42:22 | 000,122,488 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2008/05/14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/04/07 05:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
    SRV - [2008/04/04 10:03:14 | 000,131,072 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
    SRV - [2008/03/21 20:22:52 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2008/03/03 20:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
    SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/17 01:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
    SRV - [2007/12/06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/03 06:13:46 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2010/07/29 12:31:26 | 000,096,920 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV - [2008/08/12 20:33:38 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
    DRV - [2008/07/11 18:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2008/07/07 17:42:20 | 000,017,144 | ---- | M] (Malwarebytes Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMDrvService)
    DRV - [2008/06/14 01:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/05/14 16:05:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
    DRV - [2008/05/14 16:05:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
    DRV - [2008/05/14 16:05:42 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
    DRV - [2008/04/28 14:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/04/25 18:08:42 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/04/18 22:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
    DRV - [2008/03/21 17:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/02/29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/02/21 09:55:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
    DRV - [2008/01/31 01:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2008/01/31 01:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2008/01/21 02:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 02:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 02:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 02:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 02:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 02:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 02:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 02:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 02:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 02:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 02:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 02:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 02:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 02:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 02:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 02:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 02:32:49 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
    DRV - [2008/01/21 02:32:48 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
    DRV - [2008/01/21 02:32:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
    DRV - [2008/01/21 02:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/21 02:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2008/01/21 02:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 02:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 02:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 02:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 02:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 02:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2008/01/21 02:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 02:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 02:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2008/01/17 01:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
    DRV - [2006/11/03 05:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
    DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0809&m=aspire_5735

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.2.1

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/10/10 13:24:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/26 22:56:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 22:56:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/11/22 18:34:36 | 000,000,000 | ---D | M]

    [2010/06/02 16:03:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\Mozilla\Extensions
    [2009/08/06 15:43:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2010/11/28 21:47:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\Mozilla\Firefox\Profiles\b9ohoggg.default\extensions
    [2010/11/26 22:57:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah Brown\AppData\Roaming\Mozilla\Firefox\Profiles\b9ohoggg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/26 22:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/11/28 00:25:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (adfayudhpr Object) - {6A59933E-D8A2-4E71-8027-3FA5881EC5C9} - C:\Windows\$NtUninstallMTF197$\lfjre.dll File not found
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (brumayudhgrm Object) - {FBF50663-5574-4494-9419-76158E351EF0} - C:\Windows\$NtUninstallMTF197$\cscdn.dll File not found
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
    O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\Sarah Brown\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Sarah Brown\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/28 21:32:15 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/11/28 00:26:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/11/28 00:26:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Local\temp
    [2010/11/28 00:26:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/11/28 00:21:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/11/27 23:24:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/11/27 23:20:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\Desktop\AMW
    [2010/11/27 22:03:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/11/27 22:03:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/11/27 22:03:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/11/27 22:03:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/27 21:07:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\Documents\tdsskiller
    [2010/11/27 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\Desktop\Logs
    [2010/11/27 14:10:11 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010/11/27 14:10:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010/11/27 14:10:09 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010/11/27 14:10:08 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010/11/27 14:10:07 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010/11/27 14:09:26 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010/11/27 14:09:26 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/11/27 14:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/11/27 14:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/11/26 22:56:09 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Local\Mozilla
    [2010/11/26 22:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/11/26 22:33:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2010/11/22 20:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
    [2010/11/22 20:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2010/11/22 20:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
    [2010/11/22 20:12:03 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
    [2010/11/22 20:10:27 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2010/11/21 18:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/11/21 17:12:24 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Roaming\DriverCure
    [2010/11/21 17:12:23 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Roaming\ParetoLogic
    [2010/11/21 17:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2010/11/21 17:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2010/11/21 17:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
    [2010/11/21 15:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe(937)
    [2010/11/21 15:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Local\Electronic Arts
    [2010/11/20 22:54:05 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Local\ESET
    [2010/11/20 22:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2010/11/20 14:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/11/20 14:09:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2010/11/20 14:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/11/20 14:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/11/20 13:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(991)
    [2010/11/20 13:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/11/20 13:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(936)
    [2010/11/20 13:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(1124)
    [2010/11/20 09:40:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Roaming\IObit
    [2010/11/20 09:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2010/11/20 09:39:18 | 008,858,504 | ---- | C] (IObit ) -- C:\Users\Sarah Brown\Documents\asc-setup-pro.exe
    [2010/11/20 00:03:39 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Roaming\Malwarebytes
    [2010/11/20 00:03:35 | 000,017,144 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/20 00:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/20 00:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/19 18:49:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2010/11/19 18:49:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2010/11/19 18:49:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2010/11/19 18:14:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2010/11/12 17:02:14 | 000,000,000 | ---D | C] -- C:\Users\Sarah Brown\AppData\Local\Adobe32 ARM
    [2009/08/03 02:01:39 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/11/28 21:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/28 21:34:32 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
    [2010/11/28 21:33:29 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
    [2010/11/28 00:25:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/11/27 22:02:45 | 003,981,232 | R--- | M] () -- C:\Users\Sarah Brown\Desktop\ComboFix.exe
    [2010/11/27 21:09:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/27 21:09:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/27 18:00:04 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2010/11/27 17:37:43 | 000,005,972 | ---- | M] () -- C:\Users\Sarah Brown\AppData\Local\d3d9caps.dat
    [2010/11/27 14:10:11 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010/11/27 14:10:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010/11/26 22:56:06 | 000,001,752 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/26 22:56:06 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/26 21:08:29 | 000,000,165 | -H-- | M] () -- C:\Users\Sarah Brown\Documents\~$Virus Scan Results 20th November 2010.pptx
    [2010/11/24 19:55:51 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/11/24 19:55:51 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/11/24 17:56:11 | 000,409,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/11/22 20:33:38 | 000,002,255 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2010/11/22 20:33:26 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/22 20:27:33 | 000,001,891 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader 9 (2).lnk
    [2010/11/22 20:27:30 | 000,000,906 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\ParetoLogic PC Health Advisor.lnk
    [2010/11/22 20:27:27 | 000,001,018 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2010/11/22 20:27:19 | 000,000,822 | ---- | M] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/11/22 18:30:01 | 042,371,584 | ---- | M] () -- C:\Users\Sarah Brown\Documents\eav_nt32_enu.msi
    [2010/11/21 17:58:29 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2010/11/21 17:58:29 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
    [2010/11/21 17:58:29 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
    [2010/11/20 23:38:49 | 000,194,106 | ---- | M] () -- C:\Users\Sarah Brown\Documents\Virus Scan Results 20th November 2010.pptx
    [2010/11/20 09:39:55 | 008,858,504 | ---- | M] (IObit ) -- C:\Users\Sarah Brown\Documents\asc-setup-pro.exe
    [2010/11/14 13:17:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/11/14 13:17:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/11/14 13:14:01 | 292,744,125 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe

    ========== Files Created - No Company Name ==========

    [2010/11/27 23:56:15 | 003,981,232 | R--- | C] () -- C:\Users\Sarah Brown\Desktop\ComboFix.exe
    [2010/11/27 22:03:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/11/27 22:03:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/11/27 22:03:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/11/27 22:03:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/11/27 22:03:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/11/27 21:10:32 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
    [2010/11/27 14:10:11 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010/11/26 22:56:06 | 000,001,752 | ---- | C] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/26 22:56:06 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/26 21:08:29 | 000,000,165 | -H-- | C] () -- C:\Users\Sarah Brown\Documents\~$Virus Scan Results 20th November 2010.pptx
    [2010/11/22 20:27:33 | 000,001,891 | ---- | C] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Reader 9 (2).lnk
    [2010/11/22 20:27:30 | 000,000,906 | ---- | C] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\ParetoLogic PC Health Advisor.lnk
    [2010/11/22 20:27:27 | 000,001,018 | ---- | C] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2010/11/22 20:27:19 | 000,000,822 | ---- | C] () -- C:\Users\Sarah Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/11/22 18:29:56 | 042,371,584 | ---- | C] () -- C:\Users\Sarah Brown\Documents\eav_nt32_enu.msi
    [2010/11/21 17:12:29 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2010/11/21 17:12:17 | 000,000,430 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2010/11/21 17:12:15 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
    [2010/11/21 17:12:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
    [2010/11/20 23:38:48 | 000,194,106 | ---- | C] () -- C:\Users\Sarah Brown\Documents\Virus Scan Results 20th November 2010.pptx
    [2010/11/20 09:41:13 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
    [2010/11/20 00:03:33 | 000,034,296 | ---- | C] () -- C:\Windows\System32\drivers\mbamcatchme.sys
    [2010/11/14 13:17:51 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2010/11/14 13:17:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2010/11/08 19:06:47 | 292,744,125 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2009/10/10 13:14:48 | 000,002,047 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/09/12 09:09:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/27 12:23:21 | 000,005,972 | ---- | C] () -- C:\Users\Sarah Brown\AppData\Local\d3d9caps.dat
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 01:46:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
    [2009/08/02 17:32:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
    [2009/08/02 17:29:58 | 000,091,992 | ---- | C] () -- C:\Users\Sarah Brown\AppData\Local\edsinstaller.txt-20090802.log
    [2009/08/02 17:26:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2008/05/15 05:50:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
    [2008/05/15 05:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
    [2008/05/15 05:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
    [2008/05/14 12:48:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/05/14 12:48:14 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
    [2008/05/14 12:48:14 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
    [2008/05/14 12:48:13 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
    [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2008/05/15 05:46:38 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\Acer GameZone Console
    [2010/11/21 17:12:24 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\DriverCure
    [2010/11/20 09:40:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\IObit
    [2009/09/12 12:49:47 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\LimeWire
    [2010/11/21 17:12:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\ParetoLogic
    [2009/08/09 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\PKWARE
    [2010/01/17 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Sarah Brown\AppData\Roaming\Smilebox
    [2010/11/28 21:33:29 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
    [2010/11/27 18:00:04 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
    [2010/11/21 17:58:29 | 000,000,430 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
    [2010/11/21 17:58:29 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
    [2010/11/21 17:58:29 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
    [2010/11/27 21:09:35 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
  16. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Nothing got fixed.
    You sure, you pasted my script before running my fix?
    Try instructions from my reply #37 again.
  17. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    Hi, sorry not to respond sooner - been stuck in snow last 2 days!!

    I have just run OTL (as per reply 37) two more times.
    It 'insists' on a reboot after running but, on restart, there are no new logs (assuming it saves them wherever the OTL program is located, I moved it to see if it made a difference for the 2nd run).
    I think my first reply to #37 may have been a repost of the log from the first OTL run.

    Could this be related to my earlier observation that any changes made in safemode are not being saved??

    Jim
  18. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Do you have, can borrow Vista DVD?
  19. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    I do not have a disk for vista. The machine came with recovery on the D partition which has been deleted. (not my machine!) Maybe I can borrow but not sure. Is this my best option? Would prefer to fix without reinstall if possible.
  20. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    If you could borrow Vista DVD, we could run repair installation.
    That wouldn't touch your data.
  21. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    Will see what I can get hold of.
  22. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    OK :)...........................
  23. JimDav

    JimDav Newcomer, in training Topic Starter Posts: 38

    Will be Monday evening (in UK) at best - back in 72 hours or so!!!
  24. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    No problem :)
  25. Broni

    Broni Malware Annihilator Posts: 45,317   +243

    Broni,
    Unfortunately I have left my previous thread too long and it has been closed.

    You were helping me with malware removal & we got to a point where the machine could only be started in safemode and any changes we made weren't being saved. You asked me to get hold of a vista DVD if I could. This was just over a week ago.

    This is proving difficult - I am no longer sure I can get hold of one. The one 'lead' I had cannot find the disk they thought they had!


    Is there anything else you can suggest that we might try?

    Jim
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.