WARNING! YOUR'RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE!

View previous topic View next topic Go down

WARNING! YOUR'RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE!

Post by tuckba99 on Mon Feb 28, 2011 9:46 pm

I get a message on my wallpaper which start "WARNING! YOUR'RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE!".

It then loads a Security Tool and runs a scan of the PC. It stops me from opening any programs and basically brings the machine to a halt!

It is running Windows Vista.

Can you help me remove the spyware please?!

tuckba99
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2011-02-27
OS OS : Vista
Points Points : 21088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WARNING! YOUR'RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE!

Post by Belahzur on Tue Mar 01, 2011 1:41 am

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WARNING! YOUR'RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE!

Post by tuckba99 on Tue Mar 01, 2011 7:02 pm

OTL logfile created on: 28/02/2011 21:11:38 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Emily\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 9.09 Gb Free Space | 12.84% Space Free | Partition Type: NTFS
Drive D: | 70.47 Gb Total Space | 68.93 Gb Free Space | 97.82% Space Free | Partition Type: NTFS

Computer Name: EMILY-PC | User Name: Emily | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/28 21:11:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Emily\Desktop\OTL.com
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe


========== Modules (SafeList) ==========

MOD - [2011/02/28 21:11:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Emily\Desktop\OTL.com
MOD - [2010/08/31 15:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/26 12:55:48 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Stopped] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/07/22 15:18:48 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/22 15:17:27 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/03 02:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/03 00:46:52 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/02 17:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 04:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/22 22:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 20:57:54 | 000,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/22 15:21:29 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/22 15:16:24 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/08 12:55:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2007/04/24 08:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 08:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 08:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2006/12/27 01:57:12 | 000,817,968 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2006/12/20 05:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/12/07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 07:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 01:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/10/25 06:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 06:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 06:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/18 23:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/08/05 00:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/08/30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9E CB FF 03 F8 B3 81 4E B3 FB 38 56 25 C3 DC 7E [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/03/31 17:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emily\AppData\Roaming\mozilla\Extensions
[2010/03/31 17:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emily\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/02/04 17:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emily\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/08/26 15:35:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\Mouse32A.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder] File not found
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [捁牥吠畯r] File not found
O4 - HKCU..\RunOnce: [oLbGiGc08520] C:\ProgramData\oLbGiGc08520\oLbGiGc08520.exe ()
O4 - Startup: C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} [You must be registered and logged in to see this link.] (Symantec Configuration Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Emily\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Emily\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/28 21:11:25 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Emily\Desktop\OTL.com
[2011/02/26 12:55:47 | 000,000,000 | ---D | C] -- C:\Users\Emily\AppData\Roaming\Spyware Terminator
[2011/02/26 12:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011/02/26 12:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator
[2011/02/26 12:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011/02/26 11:00:19 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/02/26 11:00:19 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/02/26 11:00:18 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/02/26 11:00:18 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/02/26 11:00:15 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/02/26 11:00:15 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/02/26 11:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/02/26 11:00:09 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/02/26 11:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/02/26 11:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/02/26 11:00:00 | 000,000,000 | ---D | C] -- C:\Users\Emily\AppData\Roaming\PC Tools
[2011/02/26 11:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/02/25 13:53:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/25 13:53:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/02/25 13:53:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/02/25 13:53:41 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/02/25 13:53:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/25 13:53:41 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011/02/25 13:53:40 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/02/25 13:53:40 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/02/25 13:53:40 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/25 13:53:40 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/02/25 13:53:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/25 13:53:39 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/02/25 13:53:39 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/25 13:53:38 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/02/25 13:53:38 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/02/25 13:53:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/02/25 13:53:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/02/25 13:53:38 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/02/25 13:53:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/25 13:53:38 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/02/25 13:53:38 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/25 13:53:38 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/25 13:53:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/25 13:53:37 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/25 13:53:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/02/25 13:53:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/25 13:53:36 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/25 13:53:36 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/02/25 13:53:36 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/25 13:53:35 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/02/25 13:53:34 | 000,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/25 13:53:33 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/25 13:53:33 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/02/25 13:53:31 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/02/25 13:53:31 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/25 13:53:31 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/02/25 13:53:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/25 13:53:31 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/02/25 13:53:31 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/02/25 13:53:31 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/02/25 13:53:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/25 13:53:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/25 13:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\oLbGiGc08520
[2011/02/24 10:01:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/24 09:58:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/24 09:58:23 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/24 09:58:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/24 09:58:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/24 09:58:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/24 09:58:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/24 09:58:17 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/24 09:58:17 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/24 09:58:17 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/24 09:58:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/24 09:58:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/24 09:58:09 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/24 09:58:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/24 09:58:09 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/24 09:58:09 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/24 09:58:09 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/16 17:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZillaTube
[2011/02/16 17:20:58 | 000,000,000 | ---D | C] -- C:\ZillaTube
[2011/02/09 19:04:09 | 002,038,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 19:04:04 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 19:04:02 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 19:03:27 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 19:03:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/06 20:00:40 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/02/06 20:00:37 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/02/06 19:58:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/02/06 19:57:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/02/06 19:57:10 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/02/06 19:57:09 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/02/06 19:57:09 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/02/06 19:56:40 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2007/08/29 16:38:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/01/18 10:43:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2 C:\Users\Emily\Documents\*.tmp files -> C:\Users\Emily\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Emily\AppData\Roaming\*.tmp files -> C:\Users\Emily\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/28 21:11:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Emily\Desktop\OTL.com
[2011/02/28 21:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/28 21:03:11 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/28 21:00:55 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/28 21:00:45 | 000,013,025 | ---- | M] () -- C:\Users\Emily\AppData\Roaming\nvModes.001
[2011/02/28 21:00:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 21:00:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 12:56:25 | 000,000,947 | ---- | M] () -- C:\Users\Emily\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk
[2011/02/26 12:56:25 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2011/02/26 12:55:48 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011/02/26 11:00:13 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/02/26 10:54:10 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/26 10:54:09 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/26 10:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/26 10:29:50 | 071,765,268 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/02/26 10:21:45 | 000,008,160 | ---- | M] () -- C:\Users\Emily\AppData\Local\d3d9caps.dat
[2011/02/25 21:45:37 | 000,013,025 | ---- | M] () -- C:\Users\Emily\AppData\Roaming\nvModes.dat
[2011/02/25 16:07:45 | 000,000,947 | ---- | M] () -- C:\Users\Emily\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/25 13:03:46 | 000,064,000 | ---- | M] () -- C:\Users\Emily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/16 17:25:22 | 012,661,455 | ---- | M] () -- C:\Users\Emily\Desktop\videoFileNo172309.flv
[2011/02/16 17:22:13 | 000,000,008 | -HS- | M] () -- C:\Users\Emily\AppData\Roaming\date
[2011/02/16 17:22:12 | 000,000,002 | -HS- | M] () -- C:\Users\Emily\AppData\Roaming\evf6
[2011/02/12 17:33:04 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/10 10:32:38 | 000,269,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\Emily\Documents\*.tmp files -> C:\Users\Emily\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Emily\AppData\Roaming\*.tmp files -> C:\Users\Emily\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/26 12:56:25 | 000,000,947 | ---- | C] () -- C:\Users\Emily\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk
[2011/02/26 12:56:25 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2011/02/26 12:55:48 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011/02/26 11:00:13 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/02/25 13:53:36 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/02/24 09:58:10 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 09:58:10 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 09:58:10 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/16 17:23:09 | 012,661,455 | ---- | C] () -- C:\Users\Emily\Desktop\videoFileNo172309.flv
[2011/02/16 17:22:13 | 000,000,008 | -HS- | C] () -- C:\Users\Emily\AppData\Roaming\date
[2011/02/16 17:22:12 | 000,000,002 | -HS- | C] () -- C:\Users\Emily\AppData\Roaming\evf6
[2010/08/30 10:55:43 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/30 10:55:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/26 14:59:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/26 14:59:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/26 14:59:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/26 14:59:21 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/26 14:59:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/06 12:13:29 | 000,001,135 | -HS- | C] () -- C:\ProgramData\1085484272
[2010/04/06 11:58:35 | 000,000,817 | ---- | C] () -- C:\ProgramData\283344032
[2010/04/06 11:58:01 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl559070818
[2010/04/02 10:52:55 | 000,000,058 | ---- | C] () -- C:\Users\Emily\AppData\Roaming\40637ba7
[2009/10/26 18:45:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/25 17:56:33 | 000,000,186 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/02 18:47:53 | 000,147,996 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/10/02 18:47:52 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2008/05/11 19:03:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008/02/25 20:44:24 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/11/26 19:46:41 | 000,008,160 | ---- | C] () -- C:\Users\Emily\AppData\Local\d3d9caps.dat
[2007/09/19 16:01:05 | 000,064,000 | ---- | C] () -- C:\Users\Emily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/30 08:04:47 | 000,013,025 | ---- | C] () -- C:\Users\Emily\AppData\Roaming\nvModes.dat
[2007/08/30 08:04:47 | 000,013,025 | ---- | C] () -- C:\Users\Emily\AppData\Roaming\nvModes.001
[2007/08/29 16:38:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/08/29 16:33:11 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/04/29 04:19:21 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/04/29 02:42:48 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/01/18 10:57:38 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2007/01/18 10:51:03 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/01/18 10:51:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/01/18 10:50:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/01/18 10:46:13 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/01/18 10:43:05 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/01/18 10:32:43 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/01/18 10:26:06 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/01/18 08:52:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/01/18 08:51:09 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2007/01/03 02:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/01/03 02:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/01/03 02:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/01/03 02:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll
[2007/01/03 02:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/01/03 02:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/01/03 02:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 23:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 13:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,269,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:F1C0B203
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:1C94526F
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EAB5D262
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D582AB62
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:ED873558
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5F1019FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:64648EF8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FE7605F1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:78D09D71
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:BF09BC9E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A56D6987
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D5C6F9C4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:331B76C7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D68CEF0B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:EC2762B9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:13AA281B
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E1AB2E7C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1A347EE4
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:A561576B
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:EC2381A4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:8886182C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:279FF250
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A9E9471A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8807C278
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:938EC881
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A7601C61
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:88698068
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:62672BC8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:404390E0
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7881FECE
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:57DC3B52

< End of report >

OTL Extras logfile created on: 28/02/2011 21:11:38 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Emily\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 9.09 Gb Free Space | 12.84% Space Free | Partition Type: NTFS
Drive D: | 70.47 Gb Total Space | 68.93 Gb Free Space | 97.82% Space Free | Partition Type: NTFS

Computer Name: EMILY-PC | User Name: Emily | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{56E47FCE-DCA0-469E-809A-07A75072D1FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA54882F-F63E-4D1A-84F9-049B988FEA92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C43DDA-A258-4D90-82CA-91C463E98D9C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{17AD8554-0BA2-46C2-824B-0D51FF57F619}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{1DDEF22B-8A07-45F9-A434-DA53FE74CC70}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{36176F89-8B06-4863-97FA-DF0E8CCAB772}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{4CD2C2CB-FAB4-4DE5-8F9C-8C450E7508EE}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{51AE9B46-6F6B-4268-BF78-E61B7C8F0A92}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{59539CD9-997C-4271-B46D-8629B8FC6672}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C863EC3-D0D0-4D3C-A75C-50CA03BB6DFF}" = protocol=17 | dir=in | app=c:\limewire\limewire.exe |
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe |
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{82DF61CA-A99C-4095-8722-E70308D36206}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe |
"{935EC6F2-CD92-480C-9450-92E55F1349C2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9397193B-BE5C-43BB-BCBD-8A359D4C0AC3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A04B4269-5393-4013-B674-8CDFBE56CC90}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A2E24057-714F-4BF3-82BD-F37D88A4A334}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A732EC6E-F280-4358-8C61-59A4903C83B6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe |
"{DBDBEE0B-CDBD-40C7-9864-BF68A59C82F3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EB9CD6E3-E22E-42C8-A5E4-AA514DE92A0D}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{F4272395-74F8-4B87-A5CB-A1B90F08A6BF}" = protocol=6 | dir=in | app=c:\limewire\limewire.exe |
"TCP Query User{BDAFDE4D-EA04-434A-81E9-8C3034FE2C53}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{FE8A763E-3D8D-459F-95B6-5B4EDFCDBB9A}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21BCE515-D5A3-11D4-8E33-0010B53EC668}" = Ulead Photo Express 4.0 My Custom Edition
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B10949AD-0C3C-47e8-ADF7-441C1BB9F621}" = C4380
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDA128C9-66F5-46c9-A503-AA7098AF384F}" = C4380_Help
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C3308F5E-FAA9-4fc5-8975-800C36ECCEAC}" = C4380_doccd
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"AVG9Uninstall" = AVG Free 9.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"iWare iWare Mouse" = iWare iWare Mouse 3.2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PCL-W310" = PCL-W310
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"Spyware Terminator_is1" = Spyware Terminator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize_is1" = TreeSize 1.75
"VideoLive Mail" = VideoLive Mail 4.0
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


tuckba99
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2011-02-27
OS OS : Vista
Points Points : 21088
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WARNING! YOUR'RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE!

Post by Belahzur on Wed Mar 02, 2011 2:08 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O4 - HKCU..\RunOnce: [oLbGiGc08520] C:\ProgramData\oLbGiGc08520\oLbGiGc08520.exe ()
    [2010/04/06 12:13:29 | 000,001,135 | -HS- | C] () -- C:\ProgramData\1085484272
    [2010/04/06 11:58:35 | 000,000,817 | ---- | C] () -- C:\ProgramData\283344032
    [2010/04/06 11:58:01 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl559070818
    [2010/04/02 10:52:55 | 000,000,058 | ---- | C] () -- C:\Users\Emily\AppData\Roaming\40637ba7


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum