OTL logfile created on: 1/11/2012 3:16:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sarah\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.60 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 32.28% Memory free
2.09 Gb Paging File | 0.59 Gb Available in Paging File | 28.09% Paging File free
Paging file location(s): C:\pagefile.sys 500 1500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.72 Gb Total Space | 2.26 Gb Free Space | 7.62% Space Free | Partition Type: NTFS
Computer Name: WRITER | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/11 15:14:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2011/12/21 01:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
PRC - [2011/09/16 18:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mcafee.com\agent\mcagent.exe
PRC - [2011/07/15 22:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/04 16:50:18 | 003,594,112 | ---- | M] (Acer) -- C:\Program Files\Acer\TouchApplicationSuite\Acer Ring\Acer Ring.exe
PRC - [2011/03/03 16:00:04 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/03/03 15:59:38 | 000,377,664 | ---- | M] (NTI Corporation) -- C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/03/02 19:46:30 | 000,723,560 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/22 22:01:10 | 000,715,368 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2011/02/22 22:01:08 | 000,739,944 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2011/02/22 22:01:02 | 000,469,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2011/02/21 21:01:17 | 000,066,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe
PRC - [2011/02/21 21:01:16 | 000,239,696 | ---- | M] () -- C:\Program Files\Acer\Device Control\ADevCtrl.exe
PRC - [2011/02/21 21:01:16 | 000,106,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Acer\Device Control\AdWmiSvc.exe
PRC - [2011/02/21 07:33:32 | 000,114,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Acer\Auto Screen Rotation Blocker\AutoScreenRotationBlocker.exe
PRC - [2011/02/18 12:46:36 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/02/11 06:49:46 | 000,332,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2011/02/11 06:49:44 | 001,070,160 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2011/02/11 06:49:44 | 000,346,704 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2011/02/11 03:53:18 | 000,114,688 | ---- | M] () -- C:\Program Files\HIDMon\HIDMON.exe
PRC - [2011/02/04 03:12:38 | 000,086,016 | ---- | M] () -- C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
PRC - [2011/01/18 00:52:56 | 001,530,472 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2011/01/12 07:57:14 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/12 07:56:44 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/01/06 21:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/01/06 21:04:54 | 000,490,656 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\BtvStack.exe
PRC - [2011/01/06 21:04:44 | 000,302,240 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe
PRC - [2011/01/06 21:04:40 | 000,056,480 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/07/13 19:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/13 19:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/10 03:47:57 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2012/01/10 03:43:45 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2012/01/10 03:43:22 | 014,322,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2012/01/10 03:42:24 | 012,216,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2012/01/10 03:41:46 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2012/01/10 03:41:01 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2012/01/10 03:40:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll
MOD - [2012/01/10 03:39:37 | 011,807,744 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll
MOD - [2012/01/10 03:39:08 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2012/01/10 03:38:56 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2012/01/10 03:38:44 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2012/01/10 03:38:26 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2012/01/10 03:38:09 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2012/01/02 12:52:54 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/21 01:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/03/04 16:50:56 | 000,008,592 | ---- | M] () -- C:\Program Files\Acer\TouchApplicationSuite\TouchBrowser\TouchBrowserMui.dll
MOD - [2011/03/03 16:00:48 | 000,465,640 | ---- | M] () -- C:\Program Files\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2011/03/03 16:00:26 | 001,081,664 | ---- | M] () -- C:\Program Files\NTI\Acer Backup Manager\ACE.dll
MOD - [2011/02/21 21:01:16 | 000,239,696 | ---- | M] () -- C:\Program Files\Acer\Device Control\ADevCtrl.exe
MOD - [2011/02/21 21:01:16 | 000,057,424 | ---- | M] () -- C:\Program Files\Acer\Device Control\BrandDetection.dll
MOD - [2011/02/11 03:53:18 | 000,114,688 | ---- | M] () -- C:\Program Files\HIDMon\HIDMON.exe
========== Win32 Services (SafeList) ==========
SRV - [2012/01/10 03:00:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/10/18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/03 16:00:04 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/22 22:01:08 | 000,739,944 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/02/21 21:01:17 | 000,066,128 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Acer\Device Control\DeviceCtrlSvc.exe -- (DsiDeviceControlService)
SRV - [2011/02/11 06:49:44 | 000,346,704 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/04 03:12:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\USBKBTool\SnxUsbDockingKB2267Srv.exe -- (SnxUsbDockingKB2267Srv)
SRV - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/01/12 07:56:44 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/01/06 21:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/01/06 21:04:40 | 000,056,480 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/09 16:41:46 | 000,198,904 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
========== Driver Services (SafeList) ==========
DRV - [2012/01/02 13:44:49 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ute4nzu5.sys -- (ute4nzu5)
DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/01/12 08:38:26 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/12 07:14:58 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/01/10 06:59:36 | 000,015,936 | ---- | M] (Bosch Sensortec GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\bma150.sys -- (BST)
DRV - [2011/01/06 21:05:14 | 000,241,824 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/01/06 21:05:14 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011/01/06 21:05:14 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011/01/06 21:05:12 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011/01/06 21:05:12 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011/01/06 21:05:10 | 000,258,720 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011/01/06 21:05:10 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010/12/31 01:17:32 | 000,081,408 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ax88772b.sys -- (AX88772B)
DRV - [2010/11/28 13:50:40 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/11/16 17:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/11/09 04:26:46 | 001,884,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/10/29 02:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://acer.msn.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3387651535-152678953-4247029933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/
IE - HKU\S-1-5-21-3387651535-152678953-4247029933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/03/08 05:14:55 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: C:\Program Files\EpicPlay\npEpicHost.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/01/02 14:15:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/01/11 15:16:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/01 20:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/11/10 12:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2012/01/02 18:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/01/10 19:23:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120102204249.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [AcerRingLauncher] C:\Program Files\Acer\TouchApplicationSuite\Acer Ring\AcerRingLauncher.exe (Acer)
O4 - HKLM..\Run: [ADevCtrl] C:\Program Files\Acer\Device Control\ADevCtrl.exe ()
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AutoScreenRotationBlocker] C:\Program Files\Acer\Auto Screen Rotation Blocker\AutoScreenRotationBlocker.exe (Dritek System Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OOTag] C:\Program Files\Acer\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [xLaunchHIDMon] C:\Program Files\HIDMon\HIDMON.exe ()
O4 - HKU\S-1-5-21-3387651535-152678953-4247029933-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3387651535-152678953-4247029933-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_11959207.lnk = File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61472742.lnk = File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_84347022.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3387651535-152678953-4247029933-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3387651535-152678953-4247029933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.251.160.2 64.251.173.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2145E70C-E825-40EC-BADD-4208DF81DA52}: DhcpNameServer = 64.251.160.2 64.251.173.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC6BEF89-113E-44E5-B422-DA5BE152EEB2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE7CC4F7-0702-46B9-B3BD-3B5633BF7B99}: DhcpNameServer = 64.251.160.2 64.251.173.40
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/01/11 15:14:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2012/01/11 15:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/11 10:08:34 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\vlc
[2012/01/10 19:23:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/10 17:08:09 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\temp
[2012/01/10 16:40:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/01/10 16:40:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/01/10 16:40:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/01/10 16:39:54 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/01/10 16:30:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/10 16:28:38 | 004,377,322 | R--- | C] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2012/01/10 15:38:00 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Sarah\Desktop\aswMBR.exe
[2012/01/10 03:31:37 | 000,000,000 | ---D | C] -- C:\windows\System32\Wat
[2012/01/06 18:56:14 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\My Barnes & Noble eBooks
[2012/01/02 20:00:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sarah\Desktop\dds.scr
[2012/01/02 18:45:59 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/02 14:05:36 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\WindowsUpdate
[2012/01/02 13:15:14 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\11959207.sys
[2012/01/02 13:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/01/02 09:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/02 09:44:51 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\84347022.sys
[2012/01/01 13:28:34 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\gmer
[2011/12/31 11:05:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2011/12/31 11:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/31 11:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/31 11:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/31 10:26:43 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/12/31 10:09:06 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/26 13:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RTMI2
[2011/12/26 13:13:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iceberg Interactive
[2011/12/26 13:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Iceberg Interactive
[2011/12/14 14:44:05 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\gtk-2.0
[2011/12/13 17:47:41 | 000,000,000 | ---D | C] -- C:\Users\Sarah\.thumbnails
[2011/12/13 17:45:39 | 000,000,000 | ---D | C] -- C:\Users\Sarah\.gimp-2.6
[2011/12/13 17:45:38 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\gegl-0.0
========== Files - Modified Within 30 Days ==========
[2012/01/11 15:18:01 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 15:18:01 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 15:17:40 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/11 15:17:40 | 000,103,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/11 15:14:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2012/01/11 15:10:11 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/01/11 15:09:54 | 000,067,584 | -H-- | M] () -- C:\windows\bootstat.dat
[2012/01/11 15:09:35 | 860,827,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/10 19:23:40 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/01/10 15:48:52 | 000,000,512 | ---- | M] () -- C:\Users\Sarah\Desktop\MBR.dat
[2012/01/10 15:25:22 | 004,377,322 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2012/01/10 14:35:48 | 000,044,607 | ---- | M] () -- C:\Users\Sarah\Desktop\bootkit_remover.zip
[2012/01/10 14:35:34 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Sarah\Desktop\aswMBR.exe
[2012/01/10 11:58:46 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sarah\Desktop\tdsskiller.exe
[2012/01/10 03:33:38 | 000,307,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/01/02 20:00:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\dds.scr
[2012/01/02 13:44:49 | 000,007,168 | ---- | M] () -- C:\windows\System32\drivers\ute4nzu5.sys
[2012/01/02 13:18:38 | 000,001,008 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_11959207.lnk
[2012/01/02 10:27:59 | 000,000,124 | -HS- | M] () -- C:\windows\0711449drv.spi
[2012/01/02 10:11:02 | 000,001,008 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61472742.lnk
[2012/01/02 09:48:27 | 000,001,008 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_84347022.lnk
[2012/01/02 06:32:07 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\84347022.sys
[2012/01/02 06:32:07 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\11959207.sys
[2012/01/01 20:14:46 | 000,001,411 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/01 20:08:41 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2011/12/31 11:05:08 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/31 11:01:20 | 000,000,150 | ---- | M] () -- C:\Users\Sarah\Desktop\rk-proxy.reg
[2011/12/31 10:57:47 | 000,028,682 | -HS- | M] () -- C:\Users\Sarah\AppData\Local\458v73p75ekmqk3f8msv2l
[2011/12/31 10:57:47 | 000,028,682 | -HS- | M] () -- C:\ProgramData\458v73p75ekmqk3f8msv2l
[2011/12/31 10:09:06 | 000,000,681 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/31 10:01:47 | 000,002,062 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/12/31 10:01:34 | 000,002,343 | ---- | M] () -- C:\Users\Sarah\Desktop\Spybot - Search & Destroy.lnk
[2011/12/31 10:01:32 | 000,002,099 | ---- | M] () -- C:\Users\Sarah\Desktop\Return to Mysterious Island 2.lnk
[2011/12/30 04:55:48 | 000,027,878 | -HS- | M] () -- C:\Users\Sarah\AppData\Local\sev68fq41yk1qbmnnfrx803860r6kgy265y01qxpow6
[2011/12/30 04:55:48 | 000,027,878 | -HS- | M] () -- C:\ProgramData\sev68fq41yk1qbmnnfrx803860r6kgy265y01qxpow6
[2011/12/27 16:34:26 | 000,028,058 | -HS- | M] () -- C:\Users\Sarah\AppData\Local\33tc3173v44sqee43uclq23c54s20c2j
[2011/12/27 16:34:26 | 000,028,058 | -HS- | M] () -- C:\ProgramData\33tc3173v44sqee43uclq23c54s20c2j
[2011/12/23 17:49:35 | 000,002,484 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2011/12/14 21:12:11 | 000,002,806 | ---- | M] () -- C:\Users\Sarah\.recently-used.xbel
========== Files Created - No Company Name ==========
[2012/01/10 16:40:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/10 16:40:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/10 16:40:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/10 16:40:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/10 16:40:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/10 15:48:52 | 000,000,512 | ---- | C] () -- C:\Users\Sarah\Desktop\MBR.dat
[2012/01/10 15:38:00 | 000,044,607 | ---- | C] () -- C:\Users\Sarah\Desktop\bootkit_remover.zip
[2012/01/02 13:44:38 | 000,007,168 | ---- | C] () -- C:\windows\System32\drivers\ute4nzu5.sys
[2012/01/02 13:18:38 | 000,001,008 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_11959207.lnk
[2012/01/02 10:27:59 | 000,000,124 | -HS- | C] () -- C:\windows\0711449drv.spi
[2012/01/02 10:11:02 | 000,001,008 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61472742.lnk
[2012/01/02 09:48:27 | 000,001,008 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_84347022.lnk
[2012/01/01 20:16:45 | 000,001,409 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/01/01 20:08:41 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/01/01 20:04:35 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/31 11:05:08 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/31 11:01:20 | 000,000,150 | ---- | C] () -- C:\Users\Sarah\Desktop\rk-proxy.reg
[2011/12/31 10:09:06 | 000,000,681 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/31 10:07:09 | 000,028,682 | -HS- | C] () -- C:\Users\Sarah\AppData\Local\458v73p75ekmqk3f8msv2l
[2011/12/31 10:07:09 | 000,028,682 | -HS- | C] () -- C:\ProgramData\458v73p75ekmqk3f8msv2l
[2011/12/29 18:43:33 | 000,027,878 | -HS- | C] () -- C:\Users\Sarah\AppData\Local\sev68fq41yk1qbmnnfrx803860r6kgy265y01qxpow6
[2011/12/29 18:43:33 | 000,027,878 | -HS- | C] () -- C:\ProgramData\sev68fq41yk1qbmnnfrx803860r6kgy265y01qxpow6
[2011/12/26 21:24:02 | 000,028,058 | -HS- | C] () -- C:\Users\Sarah\AppData\Local\33tc3173v44sqee43uclq23c54s20c2j
[2011/12/26 21:24:02 | 000,028,058 | -HS- | C] () -- C:\ProgramData\33tc3173v44sqee43uclq23c54s20c2j
[2011/12/26 13:13:07 | 000,002,099 | ---- | C] () -- C:\Users\Sarah\Desktop\Return to Mysterious Island 2.lnk
[2011/12/14 21:12:11 | 000,002,806 | ---- | C] () -- C:\Users\Sarah\.recently-used.xbel
[2011/11/17 20:20:18 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2011/03/26 16:53:45 | 000,001,165 | ---- | C] () -- C:\windows\SYSTEMCD.dat
[2011/03/26 16:53:45 | 000,000,620 | ---- | C] () -- C:\windows\LPCD.dat
[2011/03/26 16:53:45 | 000,000,438 | ---- | C] () -- C:\windows\RCD.dat
[2011/03/26 16:53:45 | 000,000,066 | ---- | C] () -- C:\windows\NAPP.dat
[2011/03/08 05:12:06 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/03/08 05:08:45 | 000,247,560 | ---- | C] () -- C:\windows\System32\drivers\RTConvEQ.dat
[2011/03/08 05:08:45 | 000,039,672 | ---- | C] () -- C:\windows\System32\drivers\RtPCEE3.DAT
[2011/03/08 05:08:45 | 000,029,494 | ---- | C] () -- C:\windows\System32\drivers\RtPCEE4.DAT
[2011/03/08 05:08:45 | 000,002,084 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011/03/08 05:08:45 | 000,001,448 | ---- | C] () -- C:\windows\System32\drivers\RtHdatEx.dat
[2011/03/08 05:08:45 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX3.dat
[2011/03/08 05:08:45 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX2.dat
[2011/03/08 05:08:45 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2011/03/08 05:08:45 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011/03/08 05:08:45 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ1.dat
[2011/03/08 05:08:45 | 000,000,024 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2011/03/08 04:21:39 | 000,003,113 | ---- | C] () -- C:\windows\System32\atipblag.dat
[2011/03/08 04:21:38 | 000,227,587 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2011/01/06 20:55:08 | 000,246,804 | ---- | C] () -- C:\windows\System32\drivers\AtherosBt.bin
[2009/07/13 22:57:37 | 000,067,584 | -H-- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:33:53 | 000,307,752 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,615,360 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,103,702 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
========== LOP Check ==========
[2011/12/31 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\78CD6
[2011/11/05 22:46:18 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Acer
[2011/11/06 22:07:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Barnes & Noble
[2011/11/16 12:00:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\bpppnGG5aQH6W7
[2011/11/16 09:58:46 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\BTXXXqjYCekIVzN
[2011/11/17 20:09:47 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\CG4aQH6sKE9ZYwI
[2011/11/06 22:08:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/11/17 20:09:46 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\crzONxA0ciDp
[2011/12/31 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\D6E65
[2011/11/17 12:38:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DA1ivD2on4m
[2011/12/06 16:21:54 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAZ 3D
[2011/11/16 20:28:34 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\delOBtzP0ciDoFp
[2011/11/16 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\gH5sQJ7dE8R9YjV
[2011/12/14 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\gtk-2.0
[2011/11/16 14:54:01 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\GxA0uvSib3n5Q6W
[2011/11/17 21:49:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\HUelIBty2F5ERXj
[2011/11/20 13:38:32 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\i0ucS2ibDpaHW7T
[2011/11/17 12:38:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ksQJdEK8g9YwUlB
[2011/11/04 21:29:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2011/11/05 22:49:13 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\PowerCinema
[2011/11/16 14:54:01 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\rKfRL9hTXjCkBzN
[2011/11/16 09:58:46 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\sddWWK77fR9
[2011/11/05 23:26:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SocialJogger
[2011/11/21 21:34:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SoftGrid Client
[2012/01/06 18:58:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TouchBrowser
[2011/11/21 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TP
[2011/11/16 09:58:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\twwjjUVVel
[2011/11/16 12:00:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\vRL9gTXqjCkVzNx
[2011/11/20 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\VTXqYCekIrOt
[2011/11/20 13:38:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\vVrlOBtxPySiDoF
[2011/11/17 21:49:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\yrzNyxASbpaJ8R9
[2011/11/16 09:58:30 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\zjCeekIBrzOyxAv
[2012/01/10 16:44:59 | 000,028,760 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========