Jump to content

Recommended Posts

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by louisa at 7:37:23.63 on 19/05/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1012.166 [GMT 1:00]

.

AV: Virgin Media Security Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}

SP: Virgin Media Security Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Virgin Media Security Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Virgin Media\Security\Fws.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files\Virgin Media\Security\rps.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Acer\Registration\GregHSRW.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe

C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wuauclt.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\servicing\TrustedInstaller.exe

\\IAN-PC\Users\Public\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735

uSearch Page = hxxp://www.Google.com/

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735

uInternet Settings,ProxyOverride = *.local

BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe

mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"

mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [LManager] c:\program files\launch manager\LManager.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [PLFSetI] c:\windows\PLFSetI.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [serviceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAxADQAOAAzADEAMAA5ADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQQArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQA"&"prod=90"&"ver=9.0.894

StartupFolder: c:\users\louisa\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\louisa\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-5-18 25608]

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]

R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]

R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-8-21 727584]

R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-6-4 1150496]

R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-8-6 311592]

R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2011-5-18 122376]

R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2011-5-18 30216]

R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSShim.sys [2011-5-18 21208]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-8-21 119256]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-21 167424]

.

=============== Created Last 30 ================

.

2011-05-19 01:52:37 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7c4b65e2-8f9e-4696-9f48-05a614af3824}\mpengine.dll

2011-05-18 18:47:54 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys

2011-05-18 18:46:50 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2011-05-18 18:45:57 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys

2011-05-18 18:45:42 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys

2011-05-18 18:45:16 -------- d-----w- c:\program files\Raxco

2011-05-18 18:13:01 -------- d-----w- c:\program files\Virgin Media

2011-05-18 17:31:52 -------- d-----w- c:\users\louisa\appdata\roaming\Malwarebytes

2011-05-18 17:31:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-18 17:31:45 -------- d-----w- c:\progra~2\Malwarebytes

2011-05-18 17:31:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-18 17:31:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-18 17:14:05 -------- d--h--w- c:\users\louisa\appdata\roaming\Virgin Media

2011-05-18 17:13:28 -------- d-----w- c:\progra~2\Radialpoint

2011-05-18 17:13:25 -------- d-----w- c:\progra~2\Virgin Media

2011-05-12 18:24:36 -------- d--h--w- c:\users\louisa\appdata\local\Windows Live

2011-05-11 19:53:36 -------- d-----w- C:\fcdd2fff355f9310b7cb0b9fbd

2011-05-11 19:32:31 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-11 19:32:30 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

.

==================== Find3M ====================

.

2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll

2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-02-26 05:33:07 2614784 ----a-w- c:\windows\explorer.exe

2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec

2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 7:40:48.38 ===============

stuff.rar

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

Thank you for helping me.

I did as you suggested and it restored the desktop except for the windows 7 starter screen. The start menu folders were also restored but they are "empty" eg the Ofice folder does not contain the links to Word -Excel etc

Link to post
Share on other sites

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Link to post
Share on other sites

OTL logfile created on: 20/05/2011 20:49:48 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\louisa\Desktop

Starter Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,012.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 20.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.95 Gb Total Space | 24.67 Gb Free Space | 18.01% Space Free | Partition Type: NTFS

Computer Name: LOUISA-PC | User Name: louisa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\louisa\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files\Virgin Media\Security\Fws.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)

PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe (Radialpoint Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Users\louisa\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

PRC - C:\Program Files\Virgin Media\Security\RPS.exe (Virgin Media)

PRC - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)

PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

PRC - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated)

PRC - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Windows\PLFSetI.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\louisa\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Acer\Acer ePower Management\SysHook.dll (Acer Incorporated)

========== Win32 Services (SafeList) ==========

SRV - (scan) -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll (S.C. BitDefender S.R.L)

SRV - (Radialpoint Security Services) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Radialpoint SafeCare Inc.)

SRV - (RP_FWS) -- C:\Program Files\Virgin Media\Security\Fws.exe (Radialpoint SafeCare Inc.)

SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)

SRV - (RadialpointIDSAgent) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (Greg_Service) -- C:\Program Files\Acer\Registration\GregHSRW.exe (Acer Incorporated)

========== Driver Services (SafeList) ==========

DRV - (RPSKT) Security Services Driver (x86) -- C:\Windows\System32\drivers\rp_skt32.sys (Radialpoint Inc.)

DRV - (Trufos) -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys (BitDefender S.R.L.)

DRV - (Profos) -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys (BitDefender S.R.L.)

DRV - (RadialpointIDSFilter) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys (AVG Technologies )

DRV - (RadialpointIDSEH) -- C:\Windows\system32\drivers\AVGIDSEH.sys (AVG Technologies )

DRV - (RadialpointIDSShim) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (AVG Technologies )

DRV - (RadialpointIDSDriver) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys (AVG Technologies )

DRV - (bdfsfltr) -- C:\Windows\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)

DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.)

DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)

DRV - (int15.sys) -- C:\Windows\System32\OEM\factory\int15.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Users\louisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\louisa\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{a789d15c-4ecf-11df-a04f-00269e539a9c}\Shell - "" = AutoRun

O33 - MountPoints2\{a789d15c-4ecf-11df-a04f-00269e539a9c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe

O33 - MountPoints2\{c22996c6-a0cf-11df-80ca-00269e539a9c}\Shell - "" = AutoRun

O33 - MountPoints2\{c22996c6-a0cf-11df-80ca-00269e539a9c}\Shell\AutoRun\command - "" = D:\Startme.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe

O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 20:46:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\louisa\Desktop\OTL.exe

[2011/05/19 12:52:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/05/19 12:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/05/19 12:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/05/19 05:28:05 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe

[2011/05/18 19:55:44 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Mozilla

[2011/05/18 19:47:54 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSEH.sys

[2011/05/18 19:46:50 | 000,285,704 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfsfltr.sys

[2011/05/18 19:45:57 | 000,053,192 | ---- | C] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys

[2011/05/18 19:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco

[2011/05/18 19:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco

[2011/05/18 19:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media Security

[2011/05/18 19:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media

[2011/05/18 19:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media

[2011/05/18 18:31:52 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Malwarebytes

[2011/05/18 18:31:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/05/18 18:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/18 18:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/05/18 18:31:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/05/18 18:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/18 18:14:05 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Virgin Media

[2011/05/18 18:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint

[2011/05/18 18:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Virgin Media

[2011/05/12 19:24:36 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Local\Windows Live

[2011/05/11 20:53:36 | 000,000,000 | ---D | C] -- C:\fcdd2fff355f9310b7cb0b9fbd

[2011/05/11 20:32:31 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/05/11 20:32:30 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011/04/26 22:51:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

[2011/04/26 22:51:13 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll

[2011/04/26 22:51:12 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys

[2011/04/26 22:51:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe

[2011/04/26 22:51:05 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/04/26 22:51:03 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2009/08/21 02:35:15 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

[1 C:\Users\louisa\Desktop\*.tmp files -> C:\Users\louisa\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/20 20:46:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\louisa\Desktop\OTL.exe

[2011/05/20 20:39:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/20 20:39:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/20 18:27:26 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/20 18:27:26 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/20 18:23:45 | 001,000,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/20 18:23:45 | 000,295,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/20 18:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/20 18:18:36 | 795,832,320 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/19 17:08:03 | 000,001,471 | ---- | M] () -- C:\Users\louisa\Desktop\iexplore - Shortcut.lnk

[2011/05/19 07:28:17 | 000,000,000 | ---- | M] () -- C:\Users\louisa\defogger_reenable

[2011/05/18 19:45:57 | 000,053,192 | ---- | M] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys

[2011/05/18 19:44:54 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk

[2011/05/18 18:31:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/16 01:15:22 | 000,000,144 | ---- | M] () -- C:\ProgramData\~29744888r

[2011/05/16 01:15:22 | 000,000,120 | ---- | M] () -- C:\ProgramData\~29744888

[2011/05/16 01:12:03 | 000,000,336 | ---- | M] () -- C:\ProgramData\29744888

[2011/04/28 18:46:06 | 000,000,091 | ---- | M] () -- C:\Windows\CIV.INI

[1 C:\Users\louisa\Desktop\*.tmp files -> C:\Users\louisa\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/20 19:56:16 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2011/05/19 17:08:03 | 000,001,471 | ---- | C] () -- C:\Users\louisa\Desktop\iexplore - Shortcut.lnk

[2011/05/19 14:51:10 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk

[2011/05/19 14:51:09 | 000,002,597 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk

[2011/05/19 14:51:09 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/05/19 14:51:09 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/05/19 14:51:09 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/05/19 14:51:09 | 000,001,269 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk

[2011/05/19 14:51:09 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/05/19 14:51:09 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk

[2011/05/19 14:51:08 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Acer GameZone Console.lnk

[2011/05/19 14:51:08 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Acer Accessory Store.lnk

[2011/05/19 07:28:17 | 000,000,000 | ---- | C] () -- C:\Users\louisa\defogger_reenable

[2011/05/18 19:44:54 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk

[2011/05/18 18:31:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/16 01:15:22 | 000,000,144 | ---- | C] () -- C:\ProgramData\~29744888r

[2011/05/16 01:15:21 | 000,000,120 | ---- | C] () -- C:\ProgramData\~29744888

[2011/05/16 01:12:03 | 000,000,336 | ---- | C] () -- C:\ProgramData\29744888

[2011/02/16 23:19:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010/08/06 20:42:12 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/05/19 17:15:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll

[2010/05/19 17:15:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll

[2010/04/21 20:41:38 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll

[2010/04/21 20:41:38 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll

[2010/04/21 20:41:38 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll

[2010/04/21 20:36:47 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll

[2010/04/21 20:36:47 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll

[2010/01/23 14:20:40 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/12/21 16:29:18 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI

[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys

[2009/10/08 03:59:36 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2009/10/08 03:59:36 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2009/10/08 03:59:36 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe

[2009/10/08 03:59:36 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini

[2009/08/21 02:33:08 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat

[2009/08/21 02:33:08 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat

[2009/08/21 02:33:08 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat

[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2009/08/21 02:33:08 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 05:33:53 | 000,412,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 001,000,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,295,224 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/26 22:53:18 | 000,000,000 | -HSD | M] -- C:\Users\louisa\AppData\Roaming\.#

[2011/03/02 09:45:54 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\BitTorrent

[2011/05/20 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\Dropbox

[2009/12/21 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\GameConsole

[2011/05/18 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\Virgin Media

[2011/04/17 07:50:45 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 20/05/2011 20:49:48 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\louisa\Desktop

Starter Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,012.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 20.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.95 Gb Total Space | 24.67 Gb Free Space | 18.01% Space Free | Partition Type: NTFS

Computer Name: LOUISA-PC | User Name: louisa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5AD839E7-BFA7-4796-B2CA-B1D824ECCDF7}" = Virgin Media Security

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{714048C6-7703-4059-A8EC-17B31AAB73A2}" = RPS RpsCore

"{7673108D-9DED-4454-9712-FB2771D94446}" = RPS PerfectDiskStub

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Link to post
Share on other sites

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    [2011/05/16 01:15:22 | 000,000,144 | ---- | M] () -- C:\ProgramData\~29744888r
    [2011/05/16 01:15:22 | 000,000,120 | ---- | M] () -- C:\ProgramData\~29744888
    [2011/05/16 01:12:03 | 000,000,336 | ---- | M] () -- C:\ProgramData\29744888


    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [EmptyFlash]
    [RESETHOSTS]
    [purity]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Link to post
Share on other sites

OTL logfile created on: 20/05/2011 20:49:48 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\louisa\Desktop

Starter Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,012.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 20.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.95 Gb Total Space | 24.67 Gb Free Space | 18.01% Space Free | Partition Type: NTFS

Computer Name: LOUISA-PC | User Name: louisa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\louisa\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files\Virgin Media\Security\Fws.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)

PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe (Radialpoint Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Users\louisa\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

PRC - C:\Program Files\Virgin Media\Security\RPS.exe (Virgin Media)

PRC - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)

PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

PRC - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated)

PRC - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Windows\PLFSetI.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\louisa\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Acer\Acer ePower Management\SysHook.dll (Acer Incorporated)

========== Win32 Services (SafeList) ==========

SRV - (scan) -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll (S.C. BitDefender S.R.L)

SRV - (Radialpoint Security Services) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Radialpoint SafeCare Inc.)

SRV - (RP_FWS) -- C:\Program Files\Virgin Media\Security\Fws.exe (Radialpoint SafeCare Inc.)

SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)

SRV - (RadialpointIDSAgent) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (Greg_Service) -- C:\Program Files\Acer\Registration\GregHSRW.exe (Acer Incorporated)

========== Driver Services (SafeList) ==========

DRV - (RPSKT) Security Services Driver (x86) -- C:\Windows\System32\drivers\rp_skt32.sys (Radialpoint Inc.)

DRV - (Trufos) -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys (BitDefender S.R.L.)

DRV - (Profos) -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys (BitDefender S.R.L.)

DRV - (RadialpointIDSFilter) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys (AVG Technologies )

DRV - (RadialpointIDSEH) -- C:\Windows\system32\drivers\AVGIDSEH.sys (AVG Technologies )

DRV - (RadialpointIDSShim) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (AVG Technologies )

DRV - (RadialpointIDSDriver) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys (AVG Technologies )

DRV - (bdfsfltr) -- C:\Windows\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)

DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.)

DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)

DRV - (int15.sys) -- C:\Windows\System32\OEM\factory\int15.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Users\louisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\louisa\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{a789d15c-4ecf-11df-a04f-00269e539a9c}\Shell - "" = AutoRun

O33 - MountPoints2\{a789d15c-4ecf-11df-a04f-00269e539a9c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe

O33 - MountPoints2\{c22996c6-a0cf-11df-80ca-00269e539a9c}\Shell - "" = AutoRun

O33 - MountPoints2\{c22996c6-a0cf-11df-80ca-00269e539a9c}\Shell\AutoRun\command - "" = D:\Startme.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe

O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 20:46:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\louisa\Desktop\OTL.exe

[2011/05/19 12:52:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/05/19 12:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/05/19 12:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/05/19 05:28:05 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe

[2011/05/18 19:55:44 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Mozilla

[2011/05/18 19:47:54 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSEH.sys

[2011/05/18 19:46:50 | 000,285,704 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfsfltr.sys

[2011/05/18 19:45:57 | 000,053,192 | ---- | C] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys

[2011/05/18 19:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco

[2011/05/18 19:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco

[2011/05/18 19:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media Security

[2011/05/18 19:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media

[2011/05/18 19:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media

[2011/05/18 18:31:52 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Malwarebytes

[2011/05/18 18:31:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/05/18 18:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/18 18:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/05/18 18:31:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/05/18 18:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/18 18:14:05 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Virgin Media

[2011/05/18 18:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint

[2011/05/18 18:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Virgin Media

[2011/05/12 19:24:36 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Local\Windows Live

[2011/05/11 20:53:36 | 000,000,000 | ---D | C] -- C:\fcdd2fff355f9310b7cb0b9fbd

[2011/05/11 20:32:31 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/05/11 20:32:30 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011/04/26 22:51:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

[2011/04/26 22:51:13 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll

[2011/04/26 22:51:12 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys

[2011/04/26 22:51:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe

[2011/04/26 22:51:05 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/04/26 22:51:03 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2009/08/21 02:35:15 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

[1 C:\Users\louisa\Desktop\*.tmp files -> C:\Users\louisa\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/20 20:46:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\louisa\Desktop\OTL.exe

[2011/05/20 20:39:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/20 20:39:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/20 18:27:26 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/20 18:27:26 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/20 18:23:45 | 001,000,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/20 18:23:45 | 000,295,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/20 18:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/20 18:18:36 | 795,832,320 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/19 17:08:03 | 000,001,471 | ---- | M] () -- C:\Users\louisa\Desktop\iexplore - Shortcut.lnk

[2011/05/19 07:28:17 | 000,000,000 | ---- | M] () -- C:\Users\louisa\defogger_reenable

[2011/05/18 19:45:57 | 000,053,192 | ---- | M] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys

[2011/05/18 19:44:54 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk

[2011/05/18 18:31:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/16 01:15:22 | 000,000,144 | ---- | M] () -- C:\ProgramData\~29744888r

[2011/05/16 01:15:22 | 000,000,120 | ---- | M] () -- C:\ProgramData\~29744888

[2011/05/16 01:12:03 | 000,000,336 | ---- | M] () -- C:\ProgramData\29744888

[2011/04/28 18:46:06 | 000,000,091 | ---- | M] () -- C:\Windows\CIV.INI

[1 C:\Users\louisa\Desktop\*.tmp files -> C:\Users\louisa\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/20 19:56:16 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2011/05/19 17:08:03 | 000,001,471 | ---- | C] () -- C:\Users\louisa\Desktop\iexplore - Shortcut.lnk

[2011/05/19 14:51:10 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk

[2011/05/19 14:51:09 | 000,002,597 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk

[2011/05/19 14:51:09 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/05/19 14:51:09 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/05/19 14:51:09 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/05/19 14:51:09 | 000,001,269 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk

[2011/05/19 14:51:09 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/05/19 14:51:09 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk

[2011/05/19 14:51:08 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Acer GameZone Console.lnk

[2011/05/19 14:51:08 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Acer Accessory Store.lnk

[2011/05/19 07:28:17 | 000,000,000 | ---- | C] () -- C:\Users\louisa\defogger_reenable

[2011/05/18 19:44:54 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk

[2011/05/18 18:31:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/16 01:15:22 | 000,000,144 | ---- | C] () -- C:\ProgramData\~29744888r

[2011/05/16 01:15:21 | 000,000,120 | ---- | C] () -- C:\ProgramData\~29744888

[2011/05/16 01:12:03 | 000,000,336 | ---- | C] () -- C:\ProgramData\29744888

[2011/02/16 23:19:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010/08/06 20:42:12 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/05/19 17:15:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll

[2010/05/19 17:15:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll

[2010/04/21 20:41:38 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll

[2010/04/21 20:41:38 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll

[2010/04/21 20:41:38 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll

[2010/04/21 20:36:47 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll

[2010/04/21 20:36:47 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll

[2010/01/23 14:20:40 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/12/21 16:29:18 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI

[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys

[2009/10/08 03:59:36 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2009/10/08 03:59:36 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2009/10/08 03:59:36 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe

[2009/10/08 03:59:36 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini

[2009/08/21 02:33:08 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat

[2009/08/21 02:33:08 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat

[2009/08/21 02:33:08 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat

[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2009/08/21 02:33:08 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 05:33:53 | 000,412,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 001,000,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,295,224 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/26 22:53:18 | 000,000,000 | -HSD | M] -- C:\Users\louisa\AppData\Roaming\.#

[2011/03/02 09:45:54 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\BitTorrent

[2011/05/20 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\Dropbox

[2009/12/21 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\GameConsole

[2011/05/18 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\Virgin Media

[2011/04/17 07:50:45 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Click: Start > All Programs> Accessories

Open Notepad, click on Format and uncheck Word Wrap.

That doesn't show anything being removed.

Try it again and let me know how it's running after running it.

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    [2011/05/16 01:15:22 | 000,000,144 | ---- | M] () -- C:\ProgramData\~29744888r
    [2011/05/16 01:15:22 | 000,000,120 | ---- | M] () -- C:\ProgramData\~29744888
    [2011/05/16 01:12:03 | 000,000,336 | ---- | M] () -- C:\ProgramData\29744888


    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    C:\ProgramData\~29744888r
    C:\ProgramData\~29744888
    C:\ProgramData\29744888

    :Commands
    [EmptyFlash]
    [RESETHOSTS]
    [purity]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Link to post
Share on other sites

========== OTL ==========

C:\ProgramData\~29744888r moved successfully.

C:\ProgramData\~29744888 moved successfully.

C:\ProgramData\29744888 moved successfully.

========== FILES ==========

< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >

0 File(s) copied

C:\Users\louisa\Desktop\cmd.bat deleted successfully.

C:\Users\louisa\Desktop\cmd.txt deleted successfully.

< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >

0 File(s) copied

C:\Users\louisa\Desktop\cmd.bat deleted successfully.

C:\Users\louisa\Desktop\cmd.txt deleted successfully.

< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >

C:\Users\louisa\AppData\Local\Temp\smtmp\3\CCleaner.lnk

C:\Users\louisa\AppData\Local\Temp\smtmp\3\desktop.ini

C:\Users\louisa\AppData\Local\Temp\smtmp\3\Internet Explorer.lnk

C:\Users\louisa\AppData\Local\Temp\smtmp\3\Microsoft Office Word.lnk

C:\Users\louisa\AppData\Local\Temp\smtmp\3\Windows Explorer.lnk

C:\Users\louisa\AppData\Local\Temp\smtmp\3\Windows Media Player.lnk

6 File(s) copied

C:\Users\louisa\Desktop\cmd.bat deleted successfully.

C:\Users\louisa\Desktop\cmd.txt deleted successfully.

< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >

0 File(s) copied

C:\Users\louisa\Desktop\cmd.bat deleted successfully.

C:\Users\louisa\Desktop\cmd.txt deleted successfully.

File\Folder C:\ProgramData\~29744888r not found.

File\Folder C:\ProgramData\~29744888 not found.

File\Folder C:\ProgramData\29744888 not found.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: louisa

->Flash cache emptied: 2616234 bytes

User: Public

Total Flash Files Cleaned = 2.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05202011_214207

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.