1.

Solve : Pretty sure I got hold of some malware?

Answer»

I keep getting error messages that say that Windows Explorer is shutting down. This happens when I am moving or opening FILES and programs. Sometimes it seems to be random; other times a specific file or program will cause the error repeatedly. When I am on the internet, Internet Explorer will randomly shut down. Sometimes it restarts itself, other times it gives me a message telling me that it shut down to protect my computer. I can download, but am completely unable to install new programs--I get an error message telling me to clear my internet cache and download again (which I have already done--twice). I have Avira antivirus, and have run several scans, which came back clean. It hasn't been updated in about three weeks because the updates won't work. I have tried everything I can think of. System restore fails, even in safe mode. I could not find anything suspicious in add/remove programs and I have cleaned my hard drive using CCleaner. I am unable to follow the steps that are suggested because I can't install new programs. Just for information's sake, I am running Windows Vista, and this has been happening for about a day or two now. Any help you can provide would be greatly appreciated, as I really do not want to have to wipe my hard drive! Hi,

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

  • Double click on the icon to run it. Make sure all other windows are closed and to LET it run uninterrupted.
  • Under the Custom Scan box paste this in
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scrok, here are the logs

OTL logfile created on: 7/20/2010 6:00:10 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.54 Gb Total Space | 79.67 Gb Free Space | 27.80% Space Free | Partition Type: NTFS
Drive D: | 289.63 Gb Total Space | 278.85 Gb Free Space | 96.28% Space Free | Partition Type: NTFS
Drive E: | 612.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 139.82 Gb Total Space | 19.48 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 139.77 Gb Total Space | 16.41 Gb Free Space | 11.74% Space Free | Partition Type: NTFS

Computer Name: POOKLET
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/20 17:58:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2010/07/07 15:50:42 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2010/04/19 09:21:37 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 09:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 08:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/11/13 16:37:30 | 002,022,072 | ---- | M] (NesterSoft Inc.) -- C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
PRC - [2009/04/10 11:58:53 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/09 06:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/20 19:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/07/20 17:58:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/08/19 16:27:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 22:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/07/07 15:50:42 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/04/19 09:21:37 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 08:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/05/20 19:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/03/30 20:58:04 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/02 11:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/16 12:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/25 11:38:29 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/07/25 11:38:29 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2008/08/04 23:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/07/29 19:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008/07/29 19:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008/07/29 19:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV:64bit: - [2008/07/29 06:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrxusb.sys -- (athrusb)
DRV:64bit: - [2008/03/05 01:22:34 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/30 19:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2007/05/31 11:39:32 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/01/18 14:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/08/19 16:23:00 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0409&m=aspire_x1700
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0409&m=aspire_x1700
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0409&m=aspire_x1700
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0409&m=aspire_x1700

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0409&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/06/15 09:24:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/21 15:20:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/22 22:10:14 | 000,000,000 | ---D | M]

[2010/06/07 04:27:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2010/07/19 23:20:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\0dy5c5j8.default\extensions
[2010/06/07 06:16:32 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\cm83o6ap.default\extensions
[2010/06/07 06:16:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\cm83o6ap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/21 15:20:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShoppingReport) - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files (x86)\ShoppingReport\Bin\2.6.71\ShoppingReport.dll File not found
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [1157840481] C:\Program Files (x86)\eGames\Twistingo\Register\eGamesRegistration.exe (DataLode, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll File not found
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files (x86)\ShoppingReport\Bin\2.6.71\ShoppingReport.dll File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files (x86)\ShoppingReport\Bin\2.6.71\ShoppingReport.dll File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos1.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: ActiveGS.cab http://activegs.freetoolsassociation.com/ActiveGS.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/11 18:47:17 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008/10/22 09:19:21 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008/10/11 18:47:17 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/11 18:47:12 | 000,000,166 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7b189048-25f5-11de-9b10-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7b189048-25f5-11de-9b10-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/10/11 18:47:17 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpReg: Acer Empowering Technology Monitor - hkey= - key= - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
MsConfig:64bit - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
MsConfig:64bit - StartUpReg: EmpoweringTechnology - hkey= - key= - C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
MsConfig:64bit - StartUpReg: NvCplDaemon - hkey= - key= - C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/20 17:58:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2010/07/19 23:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/07/19 22:28:52 | 000,043,520 | ---- | C] (NirSoft) -- C:\Users\owner\Desktop\shexview.exe
[2010/07/19 18:32:47 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Sims 3
[2010/07/19 16:44:36 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Simmy
[2010/07/15 04:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/15 04:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/15 04:26:46 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Cooliris
[2010/07/10 02:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iWin Games
[2010/07/09 02:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Astar Games
[2010/07/08 20:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Gogii
[2010/07/08 20:50:56 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Floodgate
[2010/07/04 04:19:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\KitchenBrigade
[2010/07/03 23:06:23 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2010/07/03 23:06:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Picaboo X
[2010/07/03 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/06/29 14:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared(158)
[2010/06/29 14:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio(356)
[2010/06/25 04:01:35 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\cerasus.media
[2010/06/24 23:00:18 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Pet Vet 3D Down Under
[2010/06/24 22:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Islands
[2010/06/24 22:28:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Islands
[2010/06/24 09:00:52 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 09:00:52 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/24 09:00:52 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 09:00:52 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/24 09:00:52 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 09:00:52 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/24 09:00:52 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/24 09:00:52 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/24 03:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2010/06/23 20:54:22 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/06/23 20:54:22 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/23 20:54:22 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/23 20:54:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/06/23 05:55:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010/06/23 05:41:42 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\YoudaGames
[2010/06/22 23:07:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iwin
[2009/03/13 20:28:09 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/07/20 18:00:12 | 003,407,872 | -HS- | M] () -- C:\Users\owner\ntuser.dat
[2010/07/20 17:59:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/20 17:58:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2010/07/20 17:15:10 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/20 17:15:10 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/20 12:59:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/20 12:29:10 | 003,645,694 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db
[2010/07/19 23:22:01 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/19 23:22:01 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/19 23:22:01 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/19 23:15:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/07/19 23:15:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/19 23:15:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/19 23:15:02 | 4294,172,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/19 23:08:38 | 000,000,865 | ---- | M] () -- C:\Users\owner\Desktop\CCleaner.lnk
[2010/07/19 22:34:11 | 000,000,667 | ---- | M] () -- C:\Users\owner\Desktop\shexview.cfg
[2010/07/19 22:28:39 | 000,055,898 | ---- | M] () -- C:\Users\owner\Desktop\shexview.zip
[2010/07/19 21:03:03 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TMContainer00000000000000000001.regtrans-ms
[2010/07/19 21:03:03 | 000,065,536 | -HS- | M] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TM.blf
[2010/07/19 20:26:00 | 054,835,272 | ---- | M] () -- C:\Users\owner\Desktop\setup_av_free.exe
[2010/07/19 17:55:27 | 000,003,108 | ---- | M] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2010/07/19 17:52:22 | 000,017,408 | ---- | M] () -- C:\Users\owner\Documents\scrapstuff.wps
[2010/07/19 17:51:35 | 000,018,432 | ---- | M] () -- C:\Users\owner\Documents\scrap master.wps
[2010/07/19 17:50:27 | 000,017,920 | ---- | M] () -- C:\Users\owner\Documents\Scrap List.wps
[2010/07/19 02:49:53 | 000,041,472 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 05:29:06 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Coconut Queen.lnk
[2010/07/15 04:26:47 | 000,000,868 | ---- | M] () -- C:\Users\owner\Desktop\Launch Cooliris.lnk
[2010/07/05 00:21:43 | 000,018,432 | ---- | M] () -- C:\Users\owner\Documents\home decor stuff.wps
[2010/06/30 15:38:06 | 000,119,768 | ---- | M] () -- C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/30 15:35:08 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TMContainer00000000000000000002.regtrans-ms
[2010/06/30 15:33:51 | 003,407,872 | -HS- | M] () -- C:\Users\owner\ntuser.dat_previous
[2010/06/30 15:33:50 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{a1e78f04-72da-11df-8bf6-9fce7987da27}.TMContainer00000000000000000001.regtrans-ms
[2010/06/30 15:33:50 | 000,065,536 | -HS- | M] () -- C:\Users\owner\ntuser.dat{a1e78f04-72da-11df-8bf6-9fce7987da27}.TM.blf
[2010/06/28 14:31:56 | 000,017,408 | ---- | M] () -- C:\Users\owner\Documents\calendar stuff.wps
[2010/06/22 19:39:53 | 000,017,408 | ---- | M] () -- C:\Users\owner\Documents\stuff.wps

========== Files Created - No Company Name ==========

[2010/07/19 23:08:38 | 000,000,865 | ---- | C] () -- C:\Users\owner\Desktop\CCleaner.lnk
[2010/07/19 22:34:11 | 000,000,667 | ---- | C] () -- C:\Users\owner\Desktop\shexview.cfg
[2010/07/19 22:28:52 | 000,018,238 | ---- | C] () -- C:\Users\owner\Desktop\shexview.chm
[2010/07/19 22:28:38 | 000,055,898 | ---- | C] () -- C:\Users\owner\Desktop\shexview.zip
[2010/07/19 16:47:19 | 054,835,272 | ---- | C] () -- C:\Users\owner\Desktop\setup_av_free.exe
[2010/07/18 05:29:06 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Coconut Queen.lnk
[2010/07/15 04:26:47 | 000,000,868 | ---- | C] () -- C:\Users\owner\Desktop\Launch Cooliris.lnk
[2010/07/05 00:21:43 | 000,018,432 | ---- | C] () -- C:\Users\owner\Documents\home decor stuff.wps
[2010/07/04 03:10:04 | 000,018,432 | ---- | C] () -- C:\Users\owner\Documents\scrap master.wps
[2010/07/04 03:05:12 | 000,017,920 | ---- | C] () -- C:\Users\owner\Documents\Scrap List.wps
[2010/07/03 06:05:30 | 000,017,408 | ---- | C] () -- C:\Users\owner\Documents\scrapstuff.wps
[2010/06/30 15:35:08 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TMContainer00000000000000000002.regtrans-ms
[2010/06/30 15:35:08 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TMContainer00000000000000000001.regtrans-ms
[2010/06/30 15:35:08 | 000,065,536 | -HS- | C] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TM.blf
[2010/06/22 19:39:53 | 000,017,408 | ---- | C] () -- C:\Users\owner\Documents\stuff.wps
[2010/01/05 23:33:17 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2009/07/15 21:23:50 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/15 21:23:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/04/10 12:08:23 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009/04/10 12:08:22 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009/03/13 21:05:40 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2009/03/13 21:05:40 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx14_ic.ini
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/04/11 01:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/03/13 20:28:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/03/03 15:41:02 | 000,096,264 | ---- | M] (Microsoft Corporation) -- C:\GameuxInstallHelper.dll
[2010/07/19 23:15:02 | 4294,172,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/19 23:13:45 | 000,000,090 | ---- | M] () -- C:\MDisc.log
[2010/07/19 23:13:47 | 000,000,090 | ---- | M] () -- C:\MDR.log
[2010/07/19 23:15:01 | 312,811,519 | -HS- | M] () -- C:\pagefile.sys
[2009/03/13 20:33:11 | 000,000,787 | ---- | M] () -- C:\RHDSetup.log
[2010/04/25 23:53:49 | 000,005,729 | ---- | M] () -- C:\scramble.log

< %PROGRAMFILES%\*. >
[2009/04/10 11:59:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acer
[2010/07/19 23:13:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acer Arcade Live
[2010/07/19 23:17:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acer GameZone
[2009/04/10 12:08:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acer Incorporated
[2010/07/03 23:06:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/01/30 19:36:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
[2009/12/05 03:30:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2009/08/28 12:18:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atari
[2010/04/25 23:54:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atrinsic
[2010/01/20 01:26:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira
[2009/07/25 22:09:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BFG
[2009/07/25 22:38:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brainiversity
[2010/07/19 23:08:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2010/01/26 04:11:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Chocolatier Decadence by Design
[2010/07/19 23:23:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2009/03/13 20:58:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/07/19 23:23:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2010/04/26 15:09:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\e-Sword
[2010/05/19 00:32:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA GAMES
[2010/01/29 01:54:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eGames
[2010/01/06 17:33:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2009/03/13 21:22:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eSobi
[2010/05/29 22:51:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Ride Games
[2009/11/23 02:23:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gadwin Systems
[2010/01/26 03:29:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GameHouse
[2010/03/06 22:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Games
[2009/07/25 22:46:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Games A Go-Go
[2010/02/03 15:39:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2009/07/25 22:24:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hidden Expedition - Amazon
[2009/07/25 22:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hidden Expedition - Everest
[2009/07/25 22:21:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hidden Expedition Titanic
[2009/11/28 11:17:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2010/07/19 23:13:38 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/06/12 09:17:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/07/10 02:57:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iWin Games
[2010/07/18 05:29:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iWin.com
[2010/07/15 04:26:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2009/12/30 02:56:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LDA Games
[2010/01/29 18:32:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
[2009/07/25 22:26:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lost Treasures of Alexandria
[2009/08/06 21:53:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mad Scientist PRODUCTIONS
[2010/01/03 03:05:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Maxis
[2009/09/05 21:28:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2009/03/13 20:47:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2009/03/13 20:47:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2010/02/17 17:10:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/03/13 20:47:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2009/08/06 21:52:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2010/06/26 09:01:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/15 13:29:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MostFun
[2010/01/21 15:20:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009/12/18 20:07:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2009/07/15 20:49:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2009/07/25 22:45:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MumboJumbo
[2009/07/25 22:09:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mystery in London
[2009/03/13 21:05:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NewTech Infosystems
[2010/01/05 23:38:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2009/10/13 19:03:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OverDrive Media Console
[2010/07/03 23:06:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Picaboo X
[2009/07/25 22:34:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayFirst
[2009/07/25 22:40:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PopCap Games
[2009/10/28 14:06:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ProPoster
[2009/12/05 03:31:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/12/30 02:59:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RealArcade
[2009/03/13 20:32:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2009/10/30 14:40:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Research In Motion
[2010/06/30 15:33:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2010/06/29 14:34:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio(356)
[2009/07/25 22:19:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Scholastic
[2010/06/08 03:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Shockwave.com
[2009/07/26 01:52:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sims2Pack Clean Installer
[2009/12/27 04:10:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TimeLeft3
[2009/12/25 15:56:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ubisoft
[2006/11/02 10:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/09/02 16:28:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/03/12 17:12:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Wardrobe Wrangler
[2009/07/25 22:39:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent
[2009/07/15 21:56:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2008/01/20 22:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008/01/20 22:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/07/14 09:00:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2009/10/28 08:06:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/15 21:56:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2009/11/17 09:17:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/15 21:56:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2009/07/26 01:14:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
[2010/04/15 18:18:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< %appdata%\*.* >
[2009/10/30 14:46:42 | 000,000,006 | -HS- | M] () -- C:\Users\owner\AppData\Roaming\desktop.ini
[2010/07/19 17:55:27 | 000,003,108 | ---- | M] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2007/08/07 23:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ACER\Preload\Autorun\DRV\ATI VGA PCI-E\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 02:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll


OTL Extras logfile created on: 7/20/2010 6:00:10 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.54 Gb Total Space | 79.67 Gb Free Space | 27.80% Space Free | Partition Type: NTFS
Drive D: | 289.63 Gb Total Space | 278.85 Gb Free Space | 96.28% Space Free | Partition Type: NTFS
Drive E: | 612.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 139.82 Gb Total Space | 19.48 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 139.77 Gb Total Space | 16.41 Gb Free Space | 11.74% Space Free | Partition Type: NTFS

Computer Name: POOKLET
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========
Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.When I tried to install, it said "The setup files are corrupted. Please obtain a new copy of the program." Some version of this appears whenever I try to install anything.Hi,

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...

o Now, go to Settings >> Change Settings
o Go to Actions tab >> under Objects section, change the settings to below
Infected objects - Cure
Incurable objects - Report
Suspicious objects - Report
o Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
Okay, it took me FOREVER to get this to work, but it finally finished a scan. It still refuses to make the report, but it says I have problems in 22 files.

In the launch files of everything in the Acer Games folder: Trojan.Downloader 1.5449
Plus, three files listed as probably DLOADER.TROJAN

These are all in my F drive. In order to get it to finish a scan, I had to delte thr files it found on my C drive, which were all of the same Acer Game files and a couple of Java ones. I didn't need the programs, so I just deleted the whole folders, and tried the scan again. Also, before deleting those files I suddenly couldn't access the internet, but now it's allowing me back on again.Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan[/i]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
While "Downloading Virus Signature Database", the program gives this message:
"Can not get update. Is proxy configured?"Hi.

Remove the Proxy setting in Internet explorer and/or in FireFox.

In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

Click the apply button and restart that computer in normal mode.The box you indicated was already not checked.Hi.

Could you please re-run ComboFix?Comment removed. Do not post in the malware forum unless you need help. ~Sneakyone
I am unable to download ComboFix. It says connection with the server was reset.


Discussion

No Comment Found

Related InterviewSolutions