0

Hi there, just hoping someone can help me :)

Yesterday my computer was infected with a virus and by following some instructions I was able to remove most of the problems, but one still remains. Every so often IE opens up by itself and displays a page with text or adverts and everything I have tried has been to no avail.

I have run several virus scans: AVG version 9 , windows defender, and malwarebytes. Malwarebytes was working fine yesterday and manged to get rid of one of the problems, but now when it scans it always crashes after about 3 minutes - even on quick scan.

I have disabled internet explorer and have Mozilla as my default but IE keeps popping up.

Please help!

2
Contributors
6
Replies
7
Views
7 Years
Discussion Span
Last Post by piesie
0

Hi and welcome to the Daniweb forums :).

==========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
0

Thank you for helping me! Here's the first report

OTL logfile created on: 16/04/2010 16:57:13 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Amy\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 6.51 Gb Free Space | 9.46% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 60.03 Gb Free Space | 87.55% Space Free | Partition Type: NTFS
Drive E: | 6.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMY-PC
Current User Name: Amy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/16 16:52:24 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/16 16:51:55 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/16 16:50:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Downloads\OTL.exe
PRC - [2010/04/15 12:39:20 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/15 12:39:19 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/15 12:39:17 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/15 12:38:42 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/04/15 12:38:39 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/04/15 12:38:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/12 14:31:49 | 000,095,232 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/02/26 12:57:14 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2009/02/18 22:26:52 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/01/09 20:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 19:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/11/28 18:54:58 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/11/10 21:51:43 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/25 14:38:58 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Amy\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008/09/16 15:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/06/02 19:06:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/03/05 14:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 14:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/02/27 18:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/02/27 18:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/01/22 19:14:24 | 000,200,704 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2008/01/21 03:24:49 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008/01/10 02:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/04 11:21:36 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/12/20 19:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/12/20 19:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/20 02:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/28 02:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/10 06:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/10/02 00:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 21:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/19 22:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/09/10 23:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 20:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/09/03 11:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/13 00:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/13 00:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2010/04/16 16:50:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Downloads\OTL.exe
MOD - [2010/04/15 12:39:55 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/15 12:38:42 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/04/15 12:38:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/02/18 22:26:52 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008/12/10 04:03:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 15:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/05 14:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/02/27 18:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/12/20 19:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/20 02:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/28 02:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/02 00:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 21:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/19 22:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/09/10 23:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/07/13 00:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {D5421908-89DB-451F-8D57-39A8A00C67A5}:1.9.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/15 12:38:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 04:21:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 04:21:04 | 000,000,000 | ---D | M]

[2009/09/23 10:24:58 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Mozilla\Extensions
[2010/04/16 01:39:26 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\3ujtfsls.default\extensions
[2009/09/24 00:10:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\3ujtfsls.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/23 10:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/24 20:10:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Cole2k Media Toolbar Helper) - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - C:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Cole2k Media Toolbar) - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - C:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Cole2k Media Toolbar) - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - C:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll ()
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Digital Protection] C:\Users\Amy\AppData\Local\Temp\Digital Protection\digprot.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Xdomabupic] C:\Users\Amy\AppData\Local\uzowaqifihu.DLL File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100121171643 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.62.0.cab (SysInfo Class)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b06481ab-39b7-11de-b7b5-ef1e1fc07f78}\Shell\AutoRun\command - "" = F:\CarryItEasy.exe -- File not found
O33 - MountPoints2\{b06481ab-39b7-11de-b7b5-ef1e1fc07f78}\Shell\configure\command - "" = F:\CarryItEasy.exe -- File not found
O33 - MountPoints2\{b06481ab-39b7-11de-b7b5-ef1e1fc07f78}\Shell\install\command - "" = F:\CarryItEasy.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/16 00:06:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/15 12:42:01 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/15 12:39:53 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/04/15 12:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/04/15 01:24:32 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Malwarebytes
[2010/04/15 01:24:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/15 01:24:21 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/15 01:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/15 01:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/15 00:18:26 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\{D5421908-89DB-451F-8D57-39A8A00C67A5}
[2010/04/15 00:16:48 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\avG
[2010/04/15 00:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\avG
[2010/04/07 23:57:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\20-20 Technologies

========== Files - Modified Within 14 Days ==========

[2010/04/16 17:00:08 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\lbrglk.sys
[2010/04/16 16:59:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2C9C6E44-B766-4C36-81FE-545834B51D30}.job
[2010/04/16 16:59:29 | 003,407,872 | -HS- | M] () -- C:\Users\Amy\ntuser.dat
[2010/04/16 16:52:21 | 058,962,029 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/16 16:48:27 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/16 16:46:46 | 000,000,902 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/04/16 16:46:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/16 16:46:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/16 16:46:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/16 16:46:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/16 16:45:55 | 2136,981,504 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/16 05:29:26 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b3e9bf9d-464b-11df-ac0f-ab3279d4f2c5}.TMContainer00000000000000000001.regtrans-ms
[2010/04/16 05:29:26 | 000,065,536 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b3e9bf9d-464b-11df-ac0f-ab3279d4f2c5}.TM.blf
[2010/04/16 05:28:40 | 002,024,798 | -H-- | M] () -- C:\Users\Amy\AppData\Local\IconCache.db
[2010/04/15 12:41:33 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/15 12:41:31 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/15 12:41:31 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/15 12:39:56 | 000,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/04/15 12:39:55 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/15 12:39:54 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/04/15 12:39:53 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/15 02:21:39 | 000,010,734 | -HS- | M] () -- C:\Users\Amy\AppData\Local\TcP0eIPn2W
[2010/04/15 02:21:39 | 000,010,734 | -HS- | M] () -- C:\ProgramData\TcP0eIPn2W
[2010/04/15 02:18:36 | 000,000,120 | ---- | M] () -- C:\Users\Amy\AppData\Local\Ezavucocaliroq.dat
[2010/04/15 01:24:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/15 00:29:42 | 000,000,524 | ---- | M] () -- C:\ProgramData\fiosejgfse.dll
[2010/04/15 00:18:26 | 000,000,000 | ---- | M] () -- C:\Users\Amy\AppData\Local\Rwicexopak.bin
[2010/04/12 19:21:05 | 000,002,110 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\wklnhst.dat
[2010/04/12 16:57:52 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{b3e9bf9d-464b-11df-ac0f-ab3279d4f2c5}.TMContainer00000000000000000002.regtrans-ms
[2010/04/08 21:54:27 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{d7ab5af6-4350-11df-8f70-dc19c02846c4}.TMContainer00000000000000000002.regtrans-ms
[2010/04/08 21:54:27 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{d7ab5af6-4350-11df-8f70-dc19c02846c4}.TMContainer00000000000000000001.regtrans-ms
[2010/04/08 21:54:27 | 000,065,536 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{d7ab5af6-4350-11df-8f70-dc19c02846c4}.TM.blf
[2010/04/06 02:06:26 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{2f19da71-4118-11df-b1c7-b35efc55d8f9}.TMContainer00000000000000000002.regtrans-ms
[2010/04/06 02:06:26 | 000,524,288 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{2f19da71-4118-11df-b1c7-b35efc55d8f9}.TMContainer00000000000000000001.regtrans-ms
[2010/04/06 02:06:26 | 000,065,536 | -HS- | M] () -- C:\Users\Amy\ntuser.dat{2f19da71-4118-11df-b1c7-b35efc55d8f9}.TM.blf

========== Files Created - No Company Name ==========

[2010/04/15 12:39:56 | 000,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/04/15 01:24:25 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/15 00:28:46 | 000,000,524 | ---- | C] () -- C:\ProgramData\fiosejgfse.dll
[2010/04/15 00:18:26 | 000,000,120 | ---- | C] () -- C:\Users\Amy\AppData\Local\Ezavucocaliroq.dat
[2010/04/15 00:18:26 | 000,000,000 | ---- | C] () -- C:\Users\Amy\AppData\Local\Rwicexopak.bin
[2010/04/15 00:17:25 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\lbrglk.sys
[2010/04/15 00:16:43 | 000,010,734 | -HS- | C] () -- C:\Users\Amy\AppData\Local\TcP0eIPn2W
[2010/04/15 00:16:43 | 000,010,734 | -HS- | C] () -- C:\ProgramData\TcP0eIPn2W
[2010/04/12 16:57:52 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b3e9bf9d-464b-11df-ac0f-ab3279d4f2c5}.TMContainer00000000000000000002.regtrans-ms
[2010/04/12 16:57:52 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b3e9bf9d-464b-11df-ac0f-ab3279d4f2c5}.TMContainer00000000000000000001.regtrans-ms
[2010/04/12 16:57:52 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b3e9bf9d-464b-11df-ac0f-ab3279d4f2c5}.TM.blf
[2010/04/08 21:54:27 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{d7ab5af6-4350-11df-8f70-dc19c02846c4}.TMContainer00000000000000000002.regtrans-ms
[2010/04/08 21:54:27 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{d7ab5af6-4350-11df-8f70-dc19c02846c4}.TMContainer00000000000000000001.regtrans-ms
[2010/04/08 21:54:27 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{d7ab5af6-4350-11df-8f70-dc19c02846c4}.TM.blf
[2010/04/06 02:06:26 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{2f19da71-4118-11df-b1c7-b35efc55d8f9}.TMContainer00000000000000000002.regtrans-ms
[2010/04/06 02:06:26 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{2f19da71-4118-11df-b1c7-b35efc55d8f9}.TMContainer00000000000000000001.regtrans-ms
[2010/04/06 02:06:26 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{2f19da71-4118-11df-b1c7-b35efc55d8f9}.TM.blf
[2010/03/29 10:28:33 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{616b553e-3b15-11df-9271-f2281a78b5c8}.TMContainer00000000000000000002.regtrans-ms
[2010/03/29 10:28:33 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{616b553e-3b15-11df-9271-f2281a78b5c8}.TMContainer00000000000000000001.regtrans-ms
[2010/03/29 10:28:33 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{616b553e-3b15-11df-9271-f2281a78b5c8}.TM.blf
[2010/03/26 00:09:55 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{7159acbc-3863-11df-b601-d25199508bc9}.TMContainer00000000000000000002.regtrans-ms
[2010/03/26 00:09:55 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{7159acbc-3863-11df-b601-d25199508bc9}.TMContainer00000000000000000001.regtrans-ms
[2010/03/26 00:09:55 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{7159acbc-3863-11df-b601-d25199508bc9}.TM.blf
[2010/02/14 05:03:13 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b8c6b441-191d-11df-8498-93c995df58f6}.TMContainer00000000000000000002.regtrans-ms
[2010/02/14 05:03:13 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b8c6b441-191d-11df-8498-93c995df58f6}.TMContainer00000000000000000001.regtrans-ms
[2010/02/14 05:03:13 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\ntuser.dat{b8c6b441-191d-11df-8498-93c995df58f6}.TM.blf
[2009/10/29 15:25:46 | 000,000,359 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/10/01 12:53:54 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{0105d971-ae81-11de-88a4-85cfe67dc6c9}.TMContainer00000000000000000002.regtrans-ms
[2009/10/01 12:53:54 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{0105d971-ae81-11de-88a4-85cfe67dc6c9}.TMContainer00000000000000000001.regtrans-ms
[2009/10/01 12:53:54 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{0105d971-ae81-11de-88a4-85cfe67dc6c9}.TM.blf
[2009/09/24 16:18:36 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{76be548f-a91d-11de-a2cf-92fa92396cc8}.TMContainer00000000000000000002.regtrans-ms
[2009/09/24 16:18:36 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{76be548f-a91d-11de-a2cf-92fa92396cc8}.TMContainer00000000000000000001.regtrans-ms
[2009/09/24 16:18:36 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{76be548f-a91d-11de-a2cf-92fa92396cc8}.TM.blf
[2009/09/16 06:02:16 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{00b350e5-a27e-11de-ac8f-ac450bcd6ef8}.TMContainer00000000000000000002.regtrans-ms
[2009/09/16 06:02:16 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{00b350e5-a27e-11de-ac8f-ac450bcd6ef8}.TMContainer00000000000000000001.regtrans-ms
[2009/09/16 06:02:16 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{00b350e5-a27e-11de-ac8f-ac450bcd6ef8}.TM.blf
[2009/07/11 17:28:01 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{b786f204-6e37-11de-b2a8-f4011d5365bb}.TMContainer00000000000000000002.regtrans-ms
[2009/07/11 17:28:01 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{b786f204-6e37-11de-b2a8-f4011d5365bb}.TMContainer00000000000000000001.regtrans-ms
[2009/07/11 17:28:01 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{b786f204-6e37-11de-b2a8-f4011d5365bb}.TM.blf
[2009/06/05 09:53:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/05/27 23:26:23 | 000,000,680 | ---- | C] () -- C:\Users\Amy\AppData\Local\d3d9caps.dat
[2009/04/28 02:06:14 | 000,002,110 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\wklnhst.dat
[2009/02/24 18:56:25 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{5ac7748c-029c-11de-827e-fe69d532b3bc}.TMContainer00000000000000000002.regtrans-ms
[2009/02/24 18:56:25 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{5ac7748c-029c-11de-827e-fe69d532b3bc}.TMContainer00000000000000000001.regtrans-ms
[2009/02/24 18:56:25 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{5ac7748c-029c-11de-827e-fe69d532b3bc}.TM.blf
[2009/01/12 19:16:36 | 000,426,960 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/01/12 19:13:46 | 000,331,461 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/01/11 18:36:30 | 004,372,954 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/01/10 16:58:58 | 000,145,609 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/01/09 21:03:20 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/01/05 18:53:18 | 000,791,742 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/01/05 18:53:02 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/12/12 17:57:38 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2008/12/09 19:57:26 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2008/12/09 19:57:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2008/12/09 19:57:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008/12/09 19:56:42 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2008/12/09 19:56:34 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2008/12/09 19:56:22 | 000,485,888 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2008/12/08 13:53:40 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/12/08 13:53:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/10 21:53:54 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/10/28 14:46:54 | 000,017,408 | ---- | C] () -- C:\Users\Amy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/25 14:37:25 | 000,000,020 | -HS- | C] () -- C:\Users\Amy\ntuser.ini
[2008/10/25 14:37:24 | 003,407,872 | -HS- | C] () -- C:\Users\Amy\ntuser.dat
[2008/10/25 14:37:24 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008/10/25 14:37:24 | 000,524,288 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008/10/25 14:37:24 | 000,262,144 | -H-- | C] () -- C:\Users\Amy\ntuser.dat.LOG1
[2008/10/25 14:37:24 | 000,065,536 | -HS- | C] () -- C:\Users\Amy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008/10/25 14:37:24 | 000,029,696 | -H-- | C] () -- C:\Users\Amy\ntuser.dat.LOG2
[2008/10/07 10:13:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2008/08/12 23:55:14 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/08/12 23:55:09 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/03/18 15:50:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/17 19:42:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/03/17 19:36:06 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/17 19:13:52 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/17 18:44:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/03/17 18:44:13 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/03/17 18:44:12 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/03/17 18:44:12 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/07/10 18:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:36:51 | 000,062,336 | ---- | C] () -- C:\Windows\System32\drivers\BrSerWdm.sys
[2006/11/02 09:58:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\unimdmat.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/02/27 18:50:00 | 000,197,120 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/03/31 12:18:23 | 000,000,000 | -HSD | M] -- C:\Users\Amy\AppData\Roaming\.#
[2008/03/17 20:07:57 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Acer GameZone Console
[2009/10/12 14:31:56 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2008/11/26 17:49:26 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Big Fish Games
[2009/05/10 23:21:11 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Crayon Physics Deluxe
[2008/10/26 02:21:09 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\FloodLightGames
[2009/03/30 07:49:23 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Fuzzy Games
[2009/06/19 09:46:47 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\gtk-2.0
[2009/03/31 10:32:01 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\iWin
[2009/12/16 21:48:32 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Lionhead Studios
[2009/04/01 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\OpenOffice.org
[2009/04/01 10:59:39 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\PlayFirst
[2008/11/28 00:27:12 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Righteous Kill
[2009/05/01 05:50:17 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Template
[2010/04/16 05:29:49 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/16 16:59:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2C9C6E44-B766-4C36-81FE-545834B51D30}.job

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/08/16 16:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/07/13 00:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/07/13 00:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007/07/13 00:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007/07/13 00:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/08/12 04:39:08 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C5DF7C58
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A08FFD4D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3FAE5A2A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6FCD73D7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EB3AF287
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0BF96601
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B156F3F2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:59D05D9A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:00C31200
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:50823280
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:2B99FE60
< End of report >

0

And here's the second

OTL Extras logfile created on: 16/04/2010 16:57:13 - Run 1
OTL by OldTimer - Version 3.2.1.1     Folder = C:\Users\Amy\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy


2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 6.51 Gb Free Space | 9.46% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 60.03 Gb Free Space | 87.55% Space Free | Partition Type: NTFS
Drive E: | 6.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded


Computer Name: AMY-PC
Current User Name: Amy
Logged in as Administrator.


Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan


========== Extra Registry (SafeList) ==========



========== File Associations ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


========== Shell Spawning ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


========== Security Center Settings ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1


========== Authorized Applications List ==========



========== Vista Active Open Ports Exception List ==========


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31DD7FCB-A3E7-4728-B99C-B7CAD9B44F8E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{36A7E2A4-29E1-4590-BA41-B12F31D6C498}" = rport=137 | protocol=17 | dir=out | app=system |
"{4635A3FB-4588-43F0-AE41-B223320235B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{5643F15E-61AC-49AF-AAFC-55DA33F2F9FE}" = lport=137 | protocol=17 | dir=in | app=system |
"{7345A2DC-98AF-4C89-A726-4A5BC11A6BB8}" = lport=445 | protocol=6 | dir=in | app=system |
"{7467D1BE-CDD1-4D88-AB30-E4BE0AF26140}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79110A70-4D2B-4C3D-9D07-7D01017419A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{83389DA3-87FA-4F78-9EC6-C6A5D265C4DC}" = lport=139 | protocol=6 | dir=in | app=system |
"{8A79A69B-F566-49E6-8E1F-F2B48C2C947E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A93B0332-D7CF-44F2-A32D-775C0573FB5E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AACA43B2-94EF-4FC5-B8C3-23E5C7FDDE8A}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{D90B3442-3AEE-4861-AA91-215817624174}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DDDFA575-937F-4D79-BBEE-0980E7099E6A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E0E96EF6-2056-400F-936F-075F421F4596}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E1C9B5CE-6031-4932-9A48-51C761F3DDD2}" = lport=138 | protocol=17 | dir=in | app=system |


========== Vista Active Application Exception List ==========


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008AC80B-1C52-497B-9C29-8933174C4BE0}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{02D944A5-3103-4B89-BC1D-38222B21F34A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{04554643-26E8-4730-A135-3A65343BEFFD}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0AD318E1-5BA1-40D7-AA6D-D3D182F65CAB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{110D1180-AE82-4EB1-B589-B4E8EA8E060C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1272BA32-3C0F-460A-AA16-1957A57D8ED7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{26AEA02C-8251-4190-A336-75D84E1FD922}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{360E7737-52E4-4AA9-B3D9-F5BAA69975C8}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{3D70CD11-27D2-41BF-BAB4-651077BDAF56}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{3FD155A6-6BE0-43C1-A426-BAD352B1E84C}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{479A093D-4787-42F9-B89B-836AEDB05030}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{5236F901-D1A9-48BC-86BC-3409A494C58B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{60F16F4A-A7F9-4D8D-8974-CFFE311C491A}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{67BF3C05-47E9-4372-B5F4-0A97F363816F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{72FA2BDF-8D9C-4038-8378-DFDBE5113B37}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{7456CAD2-96AD-4AC7-B520-45E28A9A639B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7621C4A4-C62C-4F9B-A273-AC28BD235A64}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7876007E-0B4C-49EB-B252-4E536983872F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{850D205E-0675-4712-9896-803620E5F6DF}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{8703013A-08B1-4F4C-AA01-789FD54F6CC8}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{89C3B23C-568F-4216-8424-97092AD0E6F0}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{8F2D3C68-B8CE-4B51-BF2F-865724967570}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9B141A0A-9A60-4FE2-A1D5-1AABAC84F9C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9C63C1D8-CBDF-496B-B20F-2847DD7A3EAB}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{9CB6A3C8-68FA-401E-9171-C8A8DFD062F8}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9ED2A14B-8A0D-4DBF-8D0E-047B46BC2959}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{A238014B-BF30-41D3-AE4D-0F500B557941}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{B3F8D176-094D-458C-85A1-46CAEFDF2C6C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BA6AAB00-4729-4B6C-B1F5-188259A7C06B}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{BAFFB387-7C62-4147-A6FA-BDA9439A8AAD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BF31E9EE-52C1-488B-B6BE-4D8DA80F16D5}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{C2D3229C-B862-48AA-8608-32B55DDB138A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C504A22F-E7D0-463F-8CAF-31F6951FA2D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5B1CD09-35CC-4D9D-910F-30A2B4256F5B}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C609586A-C60D-49B2-B0D8-A8B737228CCB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CBFE190C-49F7-422F-A38B-74B2ED847D42}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{D90269D1-EB0E-4595-9998-D9A38D236E5E}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{DC76E94D-5AB2-4ADC-A50D-E10D92A9C85E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0D35D9D-6FE4-4C53-8493-28F1ECD8792C}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{E185DDE9-A3C2-4D6B-A7B0-1C5F29226651}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{EB94AF11-2758-4570-9E0B-A0E72123F90E}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F9225CD1-0710-40A7-9ECB-BE8FBF82698A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{3E63F1F9-CE42-468E-A0CF-DC80340DA503}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{73BE71A2-03C3-486D-B788-4FC3C73E806F}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{2CB04BC0-6480-4B52-A69A-CB7E0EB94B16}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{76A992CE-9270-4799-8465-CF0687A76DE4}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |


========== HKEY_LOCAL_MACHINE Uninstall List ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18C9716F-C906-441F-BA66-CABAA5CB2DCE}" = Adobe XMP Panels CS4
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112868583}" = Chocolatier
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113217220}" = Brainiversity
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114918200}" = Build-a-Lot 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1154047}" = Righteous Kill
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115469933}" = Scrapbook Paige
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116726920}" = Fab Fashion
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5DFE94-C17D-4514-B772-1F700142F6D4}" = Sibelius Scorch (ActiveX Only)
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AD25A8FE-964F-48DB-B5C5-AD4DDB3895AD}" = System Requirements Lab
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{DE787736-66F0-4BD9-884B-E4BCA3661646}" = Adobe ExtendScript Toolkit CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"AVG9Uninstall" = AVG 9.0
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BFGC" = Big Fish Games Client
"BFG-Kudos" = Kudos
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.0 (beta)
"Chocolatier 2" = Chocolatier 2 (remove only)
"Chocolatier Decadence by Design" = Chocolatier Decadence by Design (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.3.0
"Cole2k Media Toolbar" = Cole2k Media Toolbar
"EADM" = EA Download Manager
"GamesBar" = GamesBar 2.0.1.12
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hospital" = Theme Hospital
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"iWinArcade" = iWin Games (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"RealPlayer 6.0" = RealPlayer
"Sims2DB 1.2_is1" = Sims2DB Version 1.2
"SystemRequirementsLab" = System Requirements Lab
"The Great Chocolate Chas" = The Great Chocolate Chas (remove only)
"TVWiz" = Intel(R) TV Wizard
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar


========== Last 10 Event Log Errors ==========


[ Application Events ]
Error - 14/04/2010 22:01:25 | Computer Name = Amy-PC | Source = SPP | ID = 16387
Description =


Error - 14/04/2010 22:01:25 | Computer Name = Amy-PC | Source = System Restore | ID = 8193
Description =


Error - 14/04/2010 22:02:05 | Computer Name = Amy-PC | Source = SPP | ID = 16387
Description =


Error - 14/04/2010 22:02:05 | Computer Name = Amy-PC | Source = System Restore | ID = 8193
Description =


Error - 14/04/2010 22:02:44 | Computer Name = Amy-PC | Source = SPP | ID = 16387
Description =


Error - 14/04/2010 22:02:44 | Computer Name = Amy-PC | Source = System Restore | ID = 8193
Description =


Error - 14/04/2010 22:31:01 | Computer Name = Amy-PC | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.45.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel.  Process
ID: 1390  Start Time: 01cadc3ecfdd7857  Termination Time: 60000


Error - 14/04/2010 23:14:22 | Computer Name = Amy-PC | Source = VSS | ID = 8194
Description =


Error - 14/04/2010 23:14:51 | Computer Name = Amy-PC | Source = SPP | ID = 16387
Description =


Error - 14/04/2010 23:14:51 | Computer Name = Amy-PC | Source = System Restore | ID = 8193
Description =


[ System Events ]
Error - 15/04/2010 23:56:46 | Computer Name = Amy-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page  file on the boot partition and that is large enough to contain all physical
memory.


Error - 15/04/2010 23:56:57 | Computer Name = Amy-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page  file on the boot partition and that is large enough to contain all physical
memory.


Error - 15/04/2010 23:57:06 | Computer Name = Amy-PC | Source = HTTP | ID = 15016
Description =


Error - 16/04/2010 00:06:09 | Computer Name = Amy-PC | Source = WinDefend | ID = 1008
Description = %%827 has encountered an error when taking action on spyware or other
potentially unwanted software.    For more information please see the following:  http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.gen!U&threatid=143471


Scan
ID: {2A48060D-EF3D-4F39-9C19-4E50E23A50E8}      Scan Type: %%802     User: Amy-PC\Amy     Name:
Trojan:Win32/Alureon.gen!U     ID: 143471     Severity ID: 5     Category ID: 8     Path:      Action: %%812


Error
Code: 0x80508022     Error description: To finish removing spyware and other potentially
unwanted software, restart the computer.


Error - 16/04/2010 00:07:12 | Computer Name = Amy-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page  file on the boot partition and that is large enough to contain all physical
memory.


Error - 16/04/2010 00:07:23 | Computer Name = Amy-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page  file on the boot partition and that is large enough to contain all physical
memory.


Error - 16/04/2010 00:07:33 | Computer Name = Amy-PC | Source = HTTP | ID = 15016
Description =


Error - 16/04/2010 11:45:35 | Computer Name = Amy-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page  file on the boot partition and that is large enough to contain all physical
memory.


Error - 16/04/2010 11:45:55 | Computer Name = Amy-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page  file on the boot partition and that is large enough to contain all physical
memory.


Error - 16/04/2010 11:46:06 | Computer Name = Amy-PC | Source = HTTP | ID = 15016
Description =



< End of report >

Edited by pritaeas: Fixed formatting

0

I see you have MBA-M installed. Can you please update it, then run it and post the log produced.

==

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

C:\ProgramData\fiosejgfse.dll

0

Here's the results from virus total

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.16 -
AhnLab-V3 5.0.0.2 2010.04.16 -
AntiVir 7.10.6.115 2010.04.16 -
Antiy-AVL 2.0.3.7 2010.04.16 -
Authentium 5.2.0.5 2010.04.16 -
Avast 4.8.1351.0 2010.04.16 -
Avast5 5.0.332.0 2010.04.16 -
AVG 9.0.0.787 2010.04.16 -
BitDefender 7.2 2010.04.17 -
CAT-QuickHeal 10.00 2010.04.16 -
ClamAV 0.96.0.3-git 2010.04.16 -
Comodo 4618 2010.04.16 -
DrWeb 5.0.2.03300 2010.04.16 -
eSafe 7.0.17.0 2010.04.15 -
eTrust-Vet 35.2.7430 2010.04.16 -
F-Prot 4.5.1.85 2010.04.16 -
F-Secure 9.0.15370.0 2010.04.16 -
Fortinet 4.0.14.0 2010.04.16 -
GData 19 2010.04.16 -
Ikarus T3.1.1.80.0 2010.04.16 -
Jiangmin 13.0.900 2010.04.16 -
Kaspersky 7.0.0.125 2010.04.16 -
McAfee 5.400.0.1158 2010.04.17 -
McAfee-GW-Edition 6.8.5 2010.04.16 -
Microsoft 1.5605 2010.04.16 -
NOD32 5035 2010.04.16 -
Norman 6.04.11 2010.04.16 -
nProtect 2010-04-16.01 2010.04.16 -
Panda 10.0.2.7 2010.04.16 -
PCTools 7.0.3.5 2010.04.16 -
Prevx 3.0 2010.04.17 -
Rising 22.43.04.04 2010.04.16 -
Sophos 4.52.0 2010.04.16 -
Sunbelt 6185 2010.04.17 -
Symantec 20091.2.0.41 2010.04.17 -
TheHacker 6.5.2.0.263 2010.04.16 -
TrendMicro 9.120.0.1004 2010.04.15 -
VBA32 3.12.12.4 2010.04.15 -
ViRobot 2010.4.16.2280 2010.04.16 -
VirusBuster 5.0.27.0 2010.04.16 -
Additional information
File size: 524 bytes
MD5...: 442111c5858fdc953d372af31a2d5dab
SHA1..: c6a3718da76608dc5f7238346af9810577039e45
SHA256: 4b646c1b89d78ec78074f86a8e2626e4a9366349f774c54a41aaf85975a1a7b5
ssdeep: 6:CygUEZ+lX1ElpmtsnDsszMoGbtWOEX4jht2e8Pglmq9r/k7rTgts/3J:xgQ1El
px1rGRWmjhL8Pgl/r9tSJ
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Unknown!

MBAM is still running - hopefully updating it means it won't crash.

0

Just tried to run MBAM and twice it has crashed. This time when it crashed it stopped responding on this file

C:\\windows\system32\config\software

I do have the report from a few days ago if that helps?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.