Inactive Odd Issue

broni · 2011/05/30

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Supermaine · 2011/05/30

OTL Extras logfile created on: 5/30/2011 10:42:32 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Jermaine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 80.22% Memory free
5.70 Gb Paging File | 5.33 Gb Available in Paging File | 93.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.15 Gb Total Space | 43.97 Gb Free Space | 31.60% Space Free | Partition Type: NTFS
Drive D: | 142.94 Gb Total Space | 142.67 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: LOISLANE | User Name: Jermaine | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3562517957-1098623875-406478773-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB06EF7-61C8-4D2D-A750-1440232F7239}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{19D482F0-68B3-4A12-BA2E-9367D5909281}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1A8E92AC-B0AF-4A41-ACFB-CA6CF1C7E116}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DD90632-9F92-4D72-A668-4EA3BC1821BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24CAA816-4BD7-4D3B-A97C-7C69D945A185}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{367DAAD3-1B3F-474A-A55B-373937D7B013}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4692C789-C828-4321-8793-DD197205C0B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5FD2BB51-D956-441A-92B6-BB5E21E86665}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A406BBD8-DD90-441D-B1FE-DE6C0FD4AEFD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B6862E98-9542-4A21-BED0-E4F28DF6B985}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D79C5EB9-8794-408A-B85D-DADBF9DE2ACA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0F1055E-6999-43A2-87F5-06BF93E588FB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{072EC921-D92C-4933-B924-C9838A441A98}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{10C0EEFA-1216-401D-B580-095802BB4A43}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2256EDFA-2B0C-4411-BA48-714495A51C6D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{251AFD4F-A506-45C0-9CB4-85B6B743679E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{27599BCC-45B2-4BCD-B02B-D52F4B5715B3}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{3C996F5F-2994-490B-A2DF-DB4CFC3E5FA9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3EC62B10-193D-445D-AFD8-CCC01EF71C83}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{49742BC4-A3CC-408F-A626-F6DBBB95FE3B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4DD80E5B-F97A-4570-A2DF-F9852C60C059}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5E83A1B2-0380-45D8-B6A4-8CE998513DBA}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{6409CB04-13C4-4358-B434-8FF5956CEE0D}" = protocol=17 | dir=in | app=c:\users\jermaine\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{659BECC4-A9BB-4FF1-AF39-118E3E2607B2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7D07127C-6E08-4080-A37C-E6BCCBD40345}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8E3602CD-3CED-40CB-9CE3-826A11C7831F}" = protocol=6 | dir=in | app=c:\users\jermaine\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{95CA98DF-615B-42AC-A4A6-1E55EFC6FE3E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A35A5E06-5EA8-4FA2-AB82-3F99591BBF11}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A469654B-F418-4750-BB0D-EFF9A0D2FF14}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B4212FE3-4291-437C-B6D7-799346505AFB}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{DFC984FF-AFA2-48B1-8DE2-B8021E89C29B}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{E183FBCF-E24B-487D-97D9-D6A92C780A2C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FD08A3CB-34A5-40D5-8753-508C2DEE14B9}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{079EBBD8-A11D-4CFA-830E-8F292E465244}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{15459507-629A-4EEF-85B8-A46D36F0A092}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{194B8C81-F6CE-4234-B3B3-B48E65E88683}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{2AB7C163-289E-4039-8E86-ADCD3ADB84C0}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe |
"TCP Query User{347D03E5-1E28-4CC1-8BBF-BEC87A168887}C:\program files\ea sports\madden nfl 08\updater.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\madden nfl 08\updater.exe |
"TCP Query User{76B1CCF7-F78D-463E-8BFE-7DC8F1578231}C:\users\jermaine\desktop\ssdemo\secret service demo setup\bin\ss.exe" = protocol=6 | dir=in | app=c:\users\jermaine\desktop\ssdemo\secret service demo setup\bin\ss.exe |
"TCP Query User{7BC7EF36-34A0-4688-86DA-BCC547C826E3}C:\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\games\left 4 dead 2\left4dead2.exe |
"TCP Query User{7DA16D0D-E24B-4C0C-B688-06FA22F90B8D}C:\program files\legacy\law and order 2\lawandorder2.exe" = protocol=6 | dir=in | app=c:\program files\legacy\law and order 2\lawandorder2.exe |
"TCP Query User{9220A85C-320C-42CB-BF87-0ED50E21F255}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F5B75AE1-3D8A-4523-9F96-5C407C599A2A}C:\users\jermaine\desktop\nba 2k11\nba2k11.exe" = protocol=6 | dir=in | app=c:\users\jermaine\desktop\nba 2k11\nba2k11.exe |
"UDP Query User{33FF6FC0-CD3F-4DD1-B95B-F39785CC1247}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe |
"UDP Query User{4828D800-8EC3-418F-8A06-AC9CAFEA4C7B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{6ABAD60A-824C-4008-9DCE-31186B9FC994}C:\users\jermaine\desktop\nba 2k11\nba2k11.exe" = protocol=17 | dir=in | app=c:\users\jermaine\desktop\nba 2k11\nba2k11.exe |
"UDP Query User{6D60D3E3-1881-47B3-A5B3-04D77C20514D}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{6DA0F6D7-2988-4C82-8D9E-A1220E9C2613}C:\users\jermaine\desktop\ssdemo\secret service demo setup\bin\ss.exe" = protocol=17 | dir=in | app=c:\users\jermaine\desktop\ssdemo\secret service demo setup\bin\ss.exe |
"UDP Query User{6F22B191-7CC3-414C-8567-42B479924652}C:\program files\legacy\law and order 2\lawandorder2.exe" = protocol=17 | dir=in | app=c:\program files\legacy\law and order 2\lawandorder2.exe |
"UDP Query User{AB7F548D-11AB-4D50-BBF8-2A1B34668BF1}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{B9E017C5-1014-4534-8DEF-6A22B0315D08}C:\program files\ea sports\madden nfl 08\updater.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\madden nfl 08\updater.exe |
"UDP Query User{C897A7BF-A730-4654-A447-010E01E7040F}C:\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\games\left 4 dead 2\left4dead2.exe |
"UDP Query User{D3949743-196D-4CAB-B69A-62337B101E8B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = AMCap
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Simsâ„¢ 3
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F429ED71-4A8B-457A-85E4-F6398CE73E58}" = AV Input Selection
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"AIM_7" = AIM 7
"AMCap" = AMCap
"Ask & Record Toolbar4.00" = Ask & Record Toolbar 4.00
"Ask Toolbar_is1" = Ask Toolbar
"avast" = avast! Free Antivirus
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"CCleaner" = CCleaner
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"Color Efex Pro 3.0 Wacom Edition 3" = Color Efex Pro 3.0 Wacom Edition 3
"DivX Setup.divx.com" = DivX Setup
"Freecorder4.1" = Freecorder
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"Photo****et" = Photo****et
"QuickTime" = QuickTime
"Recuva" = Recuva
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3562517957-1098623875-406478773-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/28/2010 6:19:54 PM | Computer Name = LoisLane | Source = avast! | ID = 33554522
Description =

Error - 5/6/2010 11:35:05 PM | Computer Name = LoisLane | Source = avast! | ID = 33554522
Description =

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Supermaine · 2011/05/30

OTL logfile created on: 5/30/2011 10:42:32 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Jermaine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 80.22% Memory free
5.70 Gb Paging File | 5.33 Gb Available in Paging File | 93.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.15 Gb Total Space | 43.97 Gb Free Space | 31.60% Space Free | Partition Type: NTFS
Drive D: | 142.94 Gb Total Space | 142.67 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: LOISLANE | User Name: Jermaine | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 22:41:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jermaine\Desktop\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/30 22:41:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jermaine\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (nvsvc)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/15 12:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/07/15 12:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/04/25 16:30:26 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/05 02:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/10 23:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - [2011/05/30 19:30:33 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Normandy.sys -- (Normandy)
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/02 14:09:56 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/20 18:14:32 | 000,013,224 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 15:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/01/30 17:29:50 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/09/29 12:12:04 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/04/21 20:49:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/02/13 18:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2008/01/29 01:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 08:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/01/07 04:54:50 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/10/12 16:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/03/12 03:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 20:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3562517957-1098623875-406478773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3562517957-1098623875-406478773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3562517957-1098623875-406478773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3562517957-1098623875-406478773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3562517957-1098623875-406478773-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial "
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.7
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.3.101
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties "

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/30 21:11:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/22 23:38:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/22 23:38:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/30 16:22:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/22 20:22:57 | 000,000,000 | ---D | M]

[2009/06/12 17:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jermaine\AppData\Roaming\mozilla\Extensions
[2011/04/30 22:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jermaine\AppData\Roaming\mozilla\Firefox\Profiles\ow3uqcqr.default\extensions
[2011/03/22 20:23:40 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Jermaine\AppData\Roaming\mozilla\Firefox\Profiles\ow3uqcqr.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/04/27 13:07:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jermaine\AppData\Roaming\mozilla\Firefox\Profiles\ow3uqcqr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/30 22:40:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jermaine\AppData\Roaming\mozilla\Firefox\Profiles\ow3uqcqr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/06/19 06:26:21 | 000,000,000 | ---D | M] ( "Ask Toolbar for Firefox ") -- C:\Users\Jermaine\AppData\Roaming\mozilla\Firefox\Profiles\ow3uqcqr.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/01/07 16:55:13 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Jermaine\AppData\Roaming\mozilla\Firefox\Profiles\ow3uqcqr.default\extensions\activegs@freetoolsassociation.com
[2011/03/22 20:23:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jermaine\AppData\Roaming\mozilla\Firefox\Profiles\ow3uqcqr.default\extensions\engine@conduit.com
[2010/03/10 11:42:52 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Jermaine\AppData\Roaming\mozilla\Firefox\Profiles\ow3uqcqr.default\extensions\illimitux@illimitux.net
[2011/03/12 15:01:06 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jermaine\AppData\Roaming\mozilla\Firefox\Profiles\ow3uqcqr.default\extensions\personas@christopher.beard
[2010/03/13 08:12:28 | 000,002,267 | ---- | M] () -- C:\Users\Jermaine\AppData\Roaming\Mozilla\Firefox\Profiles\ow3uqcqr.default\searchplugins\aim-search.xml
[2010/01/02 14:09:59 | 000,002,059 | ---- | M] () -- C:\Users\Jermaine\AppData\Roaming\Mozilla\Firefox\Profiles\ow3uqcqr.default\searchplugins\daemon-search.xml
[2011/05/30 16:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 12:34:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/15 12:10:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 01:01:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/04 08:20:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 01:42:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/07/31 19:06:54 | 000,089,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\Extras.dll
[2009/07/31 18:47:11 | 000,112,128 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\Movies.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/30 15:53:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3562517957-1098623875-406478773-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] File not found
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3562517957-1098623875-406478773-1000..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-3562517957-1098623875-406478773-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3562517957-1098623875-406478773-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3562517957-1098623875-406478773-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jermaine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jermaine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.CSCD - C:\Windows\System32\camcodec.dll (RenderSoft Software)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 22:41:10 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Jermaine\Desktop\OTL.exe
[2011/05/30 22:25:54 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/05/30 21:25:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/30 21:25:58 | 000,000,000 | ---D | C] -- C:\Users\Jermaine\AppData\Local\temp
[2011/05/30 21:25:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/30 21:14:16 | 004,108,494 | R--- | C] (Swearware) -- C:\Users\Jermaine\Desktop\ComboFix.exe
[2011/05/30 19:04:43 | 000,586,240 | ---- | C] (AVAST Software) -- C:\Users\Jermaine\Desktop\aswMBR.exe
[2011/05/30 16:38:10 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Jermaine\Desktop\dds.scr
[2011/05/30 15:13:46 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/05/30 07:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/05/28 22:27:40 | 000,000,000 | ---D | C] -- C:\Users\Jermaine\AppData\Local\{B960F906-AC71-434C-84B7-9E934F83483B}
[2011/05/19 20:01:31 | 000,000,000 | ---D | C] -- C:\Users\Jermaine\Desktop\New Folder (3)
[2011/05/19 19:49:17 | 000,000,000 | ---D | C] -- C:\Users\Jermaine\Desktop\New Folder (2)
[2011/05/13 23:27:40 | 000,000,000 | ---D | C] -- C:\Users\Jermaine\AppData\Local\{48505BA4-355F-4706-9B4B-6FD419EA5375}
[2011/05/11 21:51:47 | 000,000,000 | ---D | C] -- C:\Users\Jermaine\AppData\Local\{8C0C168D-2948-4B49-951B-B50179027974}
[2011/05/11 18:29:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/05/09 22:21:52 | 000,000,000 | R--D | C] -- C:\Users\Jermaine\Downloads
[2011/05/03 12:29:51 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/01 16:49:36 | 000,000,000 | ---D | C] -- C:\Users\Jermaine\Desktop\New Folder
[2011/05/01 15:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011/05/01 15:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2008/07/22 04:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\Jermaine\AppData\Local\*.tmp files -> C:\Users\Jermaine\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/30 22:41:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jermaine\Desktop\OTL.exe
[2011/05/30 22:28:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/30 22:25:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/30 22:24:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/30 22:24:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 22:24:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 21:36:34 | 001,007,108 | ---- | M] () -- C:\Users\Jermaine\Desktop\rkill.com
[2011/05/30 21:15:43 | 004,108,494 | R--- | M] (Swearware) -- C:\Users\Jermaine\Desktop\ComboFix.exe
[2011/05/30 19:30:33 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/05/30 19:08:16 | 373,309,337 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/30 19:04:43 | 000,586,240 | ---- | M] (AVAST Software) -- C:\Users\Jermaine\Desktop\aswMBR.exe
[2011/05/30 16:38:10 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Jermaine\Desktop\dds.scr
[2011/05/30 16:37:44 | 000,080,384 | ---- | M] () -- C:\Users\Jermaine\Desktop\MBRCheck.exe
[2011/05/30 16:37:09 | 000,302,592 | ---- | M] () -- C:\Users\Jermaine\Desktop\s8fbm9yq.exe
[2011/05/30 16:22:57 | 000,000,834 | ---- | M] () -- C:\Users\Jermaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/30 16:22:57 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/30 15:53:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/30 15:40:24 | 000,001,356 | ---- | M] () -- C:\Users\Jermaine\AppData\Local\d3d9caps.dat
[2011/05/30 15:23:23 | 000,008,950 | ---- | M] () -- C:\Windows\System32\QuickTime.qtp
[2011/05/30 15:17:20 | 000,006,228 | ---- | M] () -- C:\Windows\System32\QuickTimeFavorites.qtr
[2011/05/30 07:09:45 | 000,000,000 | ---- | M] () -- C:\Users\Jermaine\AppData\Local\{B4A00D96-5D2A-4DB4-AC72-F944D3118858}
[2011/05/28 23:03:38 | 000,101,732 | ---- | M] () -- C:\Users\Jermaine\Desktop\booty2.jpg
[2011/05/28 15:35:50 | 000,017,040 | ---- | M] () -- C:\Users\Jermaine\Desktop\dori.jpg
[2011/05/28 14:53:30 | 000,391,220 | ---- | M] () -- C:\Users\Jermaine\Desktop\karate.jpg
[2011/05/27 03:06:11 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562517957-1098623875-406478773-1000UA.job
[2011/05/27 02:53:43 | 000,080,772 | ---- | M] () -- C:\Users\Jermaine\Desktop\strong face.jpg
[2011/05/27 02:27:12 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/27 02:05:01 | 000,128,792 | ---- | M] () -- C:\Users\Jermaine\Desktop\swish.jpg
[2011/05/27 01:23:33 | 000,113,833 | ---- | M] () -- C:\Users\Jermaine\Desktop\haters gonna hate.jpg
[2011/05/27 00:06:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562517957-1098623875-406478773-1000Core.job
[2011/05/26 21:59:11 | 000,062,581 | ---- | M] () -- C:\Users\Jermaine\Desktop\hehe.jpg
[2011/05/26 03:32:56 | 000,159,446 | ---- | M] () -- C:\Users\Jermaine\Desktop\dunk.jpg
[2011/05/26 00:17:16 | 000,094,372 | ---- | M] () -- C:\Users\Jermaine\Desktop\pimp.jpg
[2011/05/25 17:18:09 | 000,098,767 | ---- | M] () -- C:\Users\Jermaine\Desktop\game changer.jpg
[2011/05/25 05:29:29 | 000,189,909 | ---- | M] () -- C:\Users\Jermaine\Desktop\flying.jpg
[2011/05/23 03:10:15 | 000,131,140 | ---- | M] () -- C:\Users\Jermaine\Desktop\color.jpg
[2011/05/23 02:31:18 | 000,114,144 | ---- | M] () -- C:\Users\Jermaine\Desktop\cabinets.jpg
[2011/05/22 23:38:21 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/05/22 23:38:21 | 000,001,401 | ---- | M] () -- C:\Users\Jermaine\Desktop\DivX Movies.lnk
[2011/05/22 23:37:22 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/05/22 18:45:41 | 000,059,049 | ---- | M] () -- C:\Users\Jermaine\Desktop\4puq74.png
[2011/05/21 20:54:51 | 000,096,768 | ---- | M] () -- C:\Users\Jermaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/21 20:45:26 | 000,120,265 | ---- | M] () -- C:\Users\Jermaine\Desktop\1.jpg
[2011/05/21 19:41:16 | 000,132,654 | ---- | M] () -- C:\Users\Jermaine\Desktop\IMGP0965.JPG
[2011/05/21 19:40:44 | 000,141,515 | ---- | M] () -- C:\Users\Jermaine\Desktop\IMGP0964.JPG
[2011/05/21 19:40:15 | 000,137,056 | ---- | M] () -- C:\Users\Jermaine\Desktop\IMGP0968.JPG
[2011/05/21 19:39:46 | 000,133,929 | ---- | M] () -- C:\Users\Jermaine\Desktop\IMGP0967.JPG
[2011/05/21 19:37:31 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/21 19:37:31 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/21 16:48:10 | 000,061,939 | ---- | M] () -- C:\Users\Jermaine\Desktop\hehe3.jpg
[2011/05/20 19:47:40 | 000,131,661 | ---- | M] () -- C:\Users\Jermaine\Desktop\glow2.jpg
[2011/05/19 22:25:02 | 000,064,403 | ---- | M] () -- C:\Users\Jermaine\Desktop\hehe2.jpg
[2011/05/19 21:02:30 | 000,132,437 | ---- | M] () -- C:\Users\Jermaine\Desktop\glow.jpg
[2011/05/14 22:02:47 | 000,120,381 | ---- | M] () -- C:\Users\Jermaine\Desktop\Picture00071.jpg
[2011/05/14 17:18:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/10 14:20:40 | 000,017,489 | ---- | M] () -- C:\Users\Jermaine\Desktop\lol.rtf
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/09 23:32:33 | 000,112,575 | ---- | M] () -- C:\Users\Jermaine\Desktop\fhkhhk.jpg
[2011/05/08 03:18:56 | 000,000,907 | ---- | M] () -- C:\Users\Jermaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/07 20:16:46 | 017,767,654 | ---- | M] () -- C:\Users\Jermaine\Desktop\glass.psd
[2011/05/07 12:14:46 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/07 12:14:46 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/07 12:14:34 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/04 02:53:40 | 000,939,260 | ---- | M] () -- C:\Users\Jermaine\Desktop\boredddd.jpg
[2011/05/03 23:18:02 | 000,375,314 | ---- | M] () -- C:\Users\Jermaine\Desktop\0501111549.jpg
[2011/05/03 23:14:32 | 000,325,491 | ---- | M] () -- C:\Users\Jermaine\Desktop\0501111546.jpg
[2011/05/01 15:32:18 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/05/01 12:14:01 | 000,101,411 | ---- | M] () -- C:\Users\Jermaine\Desktop\kkkk1.jpg
[1 C:\Users\Jermaine\AppData\Local\*.tmp files -> C:\Users\Jermaine\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/30 19:30:22 | 000,133,632 | ---- | C] () -- C:\Users\Jermaine\Desktop\RKUnhookerLE.EXE
[2011/05/30 19:29:58 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/05/30 19:08:16 | 373,309,337 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/30 16:37:44 | 000,080,384 | ---- | C] () -- C:\Users\Jermaine\Desktop\MBRCheck.exe
[2011/05/30 16:37:09 | 000,302,592 | ---- | C] () -- C:\Users\Jermaine\Desktop\s8fbm9yq.exe
[2011/05/30 16:22:57 | 000,000,834 | ---- | C] () -- C:\Users\Jermaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/30 16:22:57 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/30 16:22:57 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/30 16:05:45 | 001,007,108 | ---- | C] () -- C:\Users\Jermaine\Desktop\rkill.com
[2011/05/30 07:01:09 | 000,000,000 | ---- | C] () -- C:\Users\Jermaine\AppData\Local\{B4A00D96-5D2A-4DB4-AC72-F944D3118858}
[2011/05/28 23:03:37 | 000,101,732 | ---- | C] () -- C:\Users\Jermaine\Desktop\booty2.jpg
[2011/05/28 15:35:50 | 000,017,040 | ---- | C] () -- C:\Users\Jermaine\Desktop\dori.jpg
[2011/05/28 14:53:28 | 000,391,220 | ---- | C] () -- C:\Users\Jermaine\Desktop\karate.jpg
[2011/05/27 02:53:42 | 000,080,772 | ---- | C] () -- C:\Users\Jermaine\Desktop\strong face.jpg
[2011/05/27 02:05:01 | 000,128,792 | ---- | C] () -- C:\Users\Jermaine\Desktop\swish.jpg
[2011/05/27 01:23:33 | 000,113,833 | ---- | C] () -- C:\Users\Jermaine\Desktop\haters gonna hate.jpg
[2011/05/26 03:32:55 | 000,159,446 | ---- | C] () -- C:\Users\Jermaine\Desktop\dunk.jpg
[2011/05/26 00:17:16 | 000,094,372 | ---- | C] () -- C:\Users\Jermaine\Desktop\pimp.jpg
[2011/05/25 17:18:08 | 000,098,767 | ---- | C] () -- C:\Users\Jermaine\Desktop\game changer.jpg
[2011/05/25 05:29:28 | 000,189,909 | ---- | C] () -- C:\Users\Jermaine\Desktop\flying.jpg
[2011/05/23 03:10:12 | 000,131,140 | ---- | C] () -- C:\Users\Jermaine\Desktop\color.jpg
[2011/05/23 02:31:16 | 000,114,144 | ---- | C] () -- C:\Users\Jermaine\Desktop\cabinets.jpg
[2011/05/22 23:37:22 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/05/22 18:45:37 | 000,059,049 | ---- | C] () -- C:\Users\Jermaine\Desktop\4puq74.png
[2011/05/21 20:45:24 | 000,120,265 | ---- | C] () -- C:\Users\Jermaine\Desktop\1.jpg
[2011/05/21 19:35:22 | 000,141,515 | ---- | C] () -- C:\Users\Jermaine\Desktop\IMGP0964.JPG
[2011/05/21 19:35:22 | 000,137,056 | ---- | C] () -- C:\Users\Jermaine\Desktop\IMGP0968.JPG
[2011/05/21 19:35:22 | 000,133,929 | ---- | C] () -- C:\Users\Jermaine\Desktop\IMGP0967.JPG
[2011/05/21 19:35:22 | 000,132,654 | ---- | C] () -- C:\Users\Jermaine\Desktop\IMGP0965.JPG
[2011/05/21 14:16:34 | 000,061,939 | ---- | C] () -- C:\Users\Jermaine\Desktop\hehe3.jpg
[2011/05/20 19:42:13 | 000,131,661 | ---- | C] () -- C:\Users\Jermaine\Desktop\glow2.jpg
[2011/05/19 22:25:00 | 000,064,403 | ---- | C] () -- C:\Users\Jermaine\Desktop\hehe2.jpg
[2011/05/19 22:22:20 | 000,062,581 | ---- | C] () -- C:\Users\Jermaine\Desktop\hehe.jpg
[2011/05/19 21:02:29 | 000,132,437 | ---- | C] () -- C:\Users\Jermaine\Desktop\glow.jpg
[2011/05/14 22:02:46 | 000,120,381 | ---- | C] () -- C:\Users\Jermaine\Desktop\Picture00071.jpg
[2011/05/07 12:14:34 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/04 02:53:38 | 000,939,260 | ---- | C] () -- C:\Users\Jermaine\Desktop\boredddd.jpg
[2011/05/03 23:14:30 | 000,325,491 | ---- | C] () -- C:\Users\Jermaine\Desktop\0501111546.jpg
[2011/05/01 16:25:15 | 000,375,314 | ---- | C] () -- C:\Users\Jermaine\Desktop\0501111549.jpg
[2011/05/01 15:32:18 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/05/01 12:14:01 | 000,101,411 | ---- | C] () -- C:\Users\Jermaine\Desktop\kkkk1.jpg
[2011/03/04 09:15:22 | 000,000,032 | ---- | C] () -- C:\Windows\vb_mconf.ini
[2011/01/01 06:23:21 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/01 06:23:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/09/25 00:47:56 | 000,695,578 | ---- | C] () -- C:\Windows\System32\unins000.exe
[2010/09/25 00:47:55 | 000,001,025 | ---- | C] () -- C:\Windows\System32\unins000.dat
[2010/09/21 15:30:59 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/08/02 13:56:15 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010/08/02 13:56:15 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010/07/27 23:42:06 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/07/27 23:24:39 | 000,037,205 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/27 23:24:38 | 000,037,205 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/27 23:04:32 | 000,001,356 | ---- | C] () -- C:\Users\Jermaine\AppData\Local\d3d9caps.dat
[2010/06/12 04:19:28 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/12 04:19:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/12 04:19:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/12 04:19:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/12 04:19:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/28 13:14:38 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/04/28 15:00:37 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2010/04/26 20:40:45 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2009/11/12 16:39:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/08/19 02:45:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/19 02:45:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/12 12:58:47 | 000,096,768 | ---- | C] () -- C:\Users\Jermaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/20 20:01:51 | 000,000,280 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/06/16 19:42:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/12 17:18:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/30 14:33:11 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/30 14:33:11 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/30 14:03:09 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/04/30 13:53:50 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/04/30 13:53:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/04/30 13:53:50 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2007/10/26 00:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,720,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/11 03:38:31 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006/10/11 03:38:31 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2006/08/24 13:32:22 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2004/01/08 11:30:22 | 000,011,170 | ---- | C] () -- C:\Windows\System32\PA207USD.DLL
[2002/10/10 19:16:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\IR41_QCX.dll
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/01/03 05:38:35 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\2K Sports
[2009/06/12 17:18:25 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\acccore
[2009/06/09 16:41:41 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\Acer
[2008/04/30 14:14:33 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\Acer GameZone Console
[2010/01/03 07:11:21 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\DAEMON Tools Lite
[2009/06/17 05:55:11 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\eSobi
[2009/06/17 05:25:49 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\FloodLightGames
[2009/06/09 16:41:36 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\Leadertech
[2010/03/09 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\Logia
[2009/06/20 20:16:31 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\PACE Anti-Piracy
[2010/09/07 18:18:27 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\SystemRequirementsLab
[2010/07/28 14:29:57 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\Ubisoft
[2010/04/14 03:54:06 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\Unity
[2011/05/20 08:29:49 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\uTorrent
[2010/05/21 13:55:15 | 000,000,000 | ---D | M] -- C:\Users\Jermaine\AppData\Roaming\WTouch
[2011/05/23 05:09:16 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/20 20:23:04 | 001,100,300 | ---- | M] () -- C:\AT4DX_InstallLog.txt
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/04/29 22:30:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/06/17 06:05:23 | 000,000,090 | ---- | M] () -- C:\CLMS.log
[2011/05/30 21:25:57 | 000,013,484 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/06/17 06:06:36 | 000,000,090 | ---- | M] () -- C:\Creator.log
[2011/01/05 23:43:47 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2010/12/05 21:06:57 | 000,035,480 | ---- | M] () -- C:\GF_Excpt.txt
[2010/05/06 16:04:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/25 13:25:24 | 000,001,119 | -H-- | M] () -- C:\IPH.PH
[2009/06/17 06:04:08 | 000,000,090 | ---- | M] () -- C:\MDisc.log
[2009/06/17 06:04:36 | 000,000,090 | ---- | M] () -- C:\MDR.log
[2010/05/06 16:04:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/30 22:27:27 | 3265,060,864 | -HS- | M] () -- C:\pagefile.sys
[2009/06/17 06:05:51 | 000,000,090 | ---- | M] () -- C:\PnR.log
[2009/06/17 06:06:17 | 000,000,090 | ---- | M] () -- C:\PSD.log
[2008/04/30 13:54:26 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2011/05/30 21:37:55 | 000,000,376 | ---- | M] () -- C:\rkill.log
[2010/07/26 11:57:34 | 001,265,421 | ---- | M] () -- C:\saida.txt
[2009/06/17 06:04:57 | 000,000,090 | ---- | M] () -- C:\SDMA.log

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/20 11:07:01 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2006/10/19 13:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
[2006/10/19 13:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/08 03:18:56 | 000,000,286 | -HS- | M] () -- C:\Users\Jermaine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/05/30 19:04:43 | 000,586,240 | ---- | M] (AVAST Software) -- C:\Users\Jermaine\Desktop\aswMBR.exe
[2008/08/01 01:30:58 | 002,116,096 | ---- | M] (Paul Glagla) -- C:\Users\Jermaine\Desktop\CaptureFlux_60en.exe
[2011/05/30 21:15:43 | 004,108,494 | R--- | M] (Swearware) -- C:\Users\Jermaine\Desktop\ComboFix.exe
[2011/05/30 16:37:44 | 000,080,384 | ---- | M] () -- C:\Users\Jermaine\Desktop\MBRCheck.exe
[2011/05/30 22:41:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jermaine\Desktop\OTL.exe
[2010/05/01 22:47:30 | 000,133,632 | ---- | M] () -- C:\Users\Jermaine\Desktop\RKUnhookerLE.EXE
[2011/05/30 16:37:09 | 000,302,592 | ---- | M] () -- C:\Users\Jermaine\Desktop\s8fbm9yq.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/06/09 16:41:21 | 000,000,402 | -HS- | M] () -- C:\Users\Jermaine\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/07/27 23:27:24 | 000,037,205 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BDD9C638
@Alternate Data Stream - 1212 bytes -> C:\Users\Jermaine\AppData\Local\svZXJMkX:9NfUPBGSRLdgmR0NEjj3XD6bftr
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 1200 bytes -> C:\Program Files\Common Files\System:GngO2FVa9CNW6SlhIH
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 1112 bytes -> C:\ProgramData\Microsoft:kup8QuWpb8r19NndbbDRSg35AFl
@Alternate Data Stream - 1090 bytes -> C:\ProgramData\Microsoft:bcMEQhUf6K18Z0Mn6us5siXw1ojnj
@Alternate Data Stream - 1059 bytes -> C:\Users\Jermaine\AppData\Local\kZr1vxHtCGqPRaJ3zeBxP6gllwy2p27IXj3vXWw
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:49948B2C
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:21622A66

< End of report >

broni · 2011/05/30

Let's try one more thing...

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.vistax64.com/tutorials/141820-create-recovery-disc.html (Option Two)
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk. You may need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

Vista users. At first screen click on Repair your computer:

Windows 7 users. At first screen click on Install now:

Select your language and click next:

Click the button for "Use recovery tools ":

The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /fixmbr (<--- there is a "space" after "bootrec ")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

Supermaine · 2011/05/30

Okay so I put the blank CD-R in, and I was about to use the img burn program, but the program wouldn't even read it. So I restarted, and the computer wouldn't boot up with the CD in the drive. It stayed on the same screen about 10 minutes, then when I gave up and took out the CD, it almost instantly went off that screen. I am so confused.

broni · 2011/05/30

Try to burn the CD on another working computer.

Supermaine · 2011/05/31

I was able to burn it using a DVD. I followed the directions you gave me, and this is the log I believe you requested.

aswMBR version 0.9.5.317 Copyright(c) 2011 AVAST Software
Run date: 2011-05-31 06:50:34
-----------------------------
06:50:34.579 OS Version: Windows 6.0.6002 Service Pack 2
06:50:34.579 Number of processors: 2 586 0x6B02
06:50:34.579 ComputerName: LOISLANE UserName: Jermaine
06:50:35.188 Initialize success
06:51:10.366 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
06:51:10.366 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6
06:51:12.394 Disk 0 MBR read successfully
06:51:12.394 Disk 0 MBR scan
06:51:12.394 Disk 0 unknown MBR code
06:51:14.406 Disk 0 scanning sectors +625137345
06:51:14.422 Disk 0 scanning C:\Windows\system32\drivers
06:51:19.071 Service scanning
06:51:21.270 Disk 0 trace - called modules:
06:51:21.286 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
06:51:21.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8647dac8]
06:51:21.301 3 CLASSPNP.SYS[8ad9d8b3] -> nt!IofCallDriver -> [0x863c75f8]
06:51:21.301 5 acpi.sys[8072c6bc] -> nt!IofCallDriver -> \Device\0000005d[0x85fa4c90]
06:51:32.159 Scan finished successfully
06:51:39.491 Disk 0 MBR has been saved successfully to "C:\Users\Jermaine\Desktop\MBR.dat "
06:51:39.507 The log file has been saved successfully to "C:\Users\Jermaine\Desktop\aswMBR2.txt "

broni · 2011/05/31

Is this after running "bootrec /fixmbr" command?

Supermaine · 2011/05/31

Yes sir, it said it was successful. Then I hit reboot. Changed the boot first back to harddrive, and I tried to let it boot up in normal mode. But it froze on me again, so I restarted and booted back up into Safe Mode. Ran the MBR again and posted the log.

Supermaine · 2011/05/31

Wait I apologize, I ran the ASWMBR. Was I supposed to run MBRCHECK?

broni · 2011/05/31

No, that's fine. Both tools are very similar.

Let's try one more thing...

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

Supermaine · 2011/05/31

Yes, same problem.

broni · 2011/05/31

Well, at this point, since I don't see anything malicious on your computer, it must be something else.

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck!

Supermaine · 2011/05/31

Odd Issue

Alright. Well thank you for the help anyways.

broni · 2011/05/31

You're welcome.
I suspect, that power outage did some damage.

Log in or Sign up

Inactive Odd Issue

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Odd Issue

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Supermaine Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches