Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Pretty sure I got hold of some malware  (Read 8624 times)

0 Members and 1 Guest are viewing this topic.

fnrsgrl

    Topic Starter


    Greenhorn

    Pretty sure I got hold of some malware
    « on: July 20, 2010, 04:17:30 AM »
    I keep getting error messages that say that Windows Explorer is shutting down.  This happens when I am moving or opening files and programs.  Sometimes it seems to be random; other times a specific file or program will cause the error repeatedly.  When I am on the internet, Internet Explorer will randomly shut down.  Sometimes it restarts itself, other times it gives me a message telling me that it shut down to protect my computer.  I can download, but am completely unable to install new programs--I get an error message telling me to clear my internet cache and download again (which I have already done--twice).  I have Avira antivirus, and have run several scans, which came back clean.  It hasn't been updated in about three weeks because the updates won't work.  I have tried everything I can think of.  System restore fails, even in safe mode.  I could not find anything suspicious in add/remove programs and I have cleaned my hard drive using CCleaner.  I am unable to follow the steps that are suggested because I can't install new programs.  Just for information's sake, I am running Windows Vista, and this has been happening for about a day or two now.  Any help you can provide would be greatly appreciated, as I really do not want to have to wipe my hard drive!  ???
    Logged

    Sneakyone

    • Malware Removal Specialist


      • Beginner

      Thanked: 5
      Re: Pretty sure I got hold of some malware
      « Reply #1 on: July 20, 2010, 03:56:14 PM »
      Hi, :)

      Please download OTL  to your Desktop. (If you already have it downloaded, then just follow the instructions below).
      • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
      • Under the Custom Scan box paste this in
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\*.sys
      %systemroot%\system32\drivers\*.dll
      %systemroot%\system32\drivers\*.ini
      %systemroot%\system32\drivers\*.exe
      %SYSTEMDRIVE%\*.*
      %PROGRAMFILES%\*.
      %appdata%\*.*
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      disk.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      mv61xx.sys
      usbstor.sys
      /md5stop
      CREATERESTOREPOINT
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

      • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
        • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
        • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
      Note: in the event that OTL fails to run, please use alternate download links to try again:

      http://oldtimer.geekstogo.com/OTL.com
      http://oldtimer.geekstogo.com/OTL.scr
      Logged

      fnrsgrl

        Topic Starter


        Greenhorn

        Re: Pretty sure I got hold of some malware
        « Reply #2 on: July 20, 2010, 05:41:22 PM »
        ok, here are the logs

        OTL logfile created on: 7/20/2010 6:00:10 PM - Run 1
        OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\owner\Desktop
        64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
        Internet Explorer (Version = 8.0.6001.18928)
        Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
         
        4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
        8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
        Paging file location(s): ?:\pagefile.sys [binary data]
         
        %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
        Drive C: | 286.54 Gb Total Space | 79.67 Gb Free Space | 27.80% Space Free | Partition Type: NTFS
        Drive D: | 289.63 Gb Total Space | 278.85 Gb Free Space | 96.28% Space Free | Partition Type: NTFS
        Drive E: | 612.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
        Drive F: | 139.82 Gb Total Space | 19.48 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
        G: Drive not present or media not loaded
        H: Drive not present or media not loaded
        Drive I: | 139.77 Gb Total Space | 16.41 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
         
        Computer Name: POOKLET
        Current User Name: owner
        Logged in as Administrator.
         
        Current Boot Mode: Normal
        Scan Mode: Current user
        Include 64bit Scans
        Company Name Whitelist: Off
        Skip Microsoft Files: Off
        File Age = 30 Days
        Output = Standard
         
        ========== Processes (SafeList) ==========
         
        PRC - [2010/07/20 17:58:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
        PRC - [2010/07/07 15:50:42 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
        PRC - [2010/04/19 09:21:37 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
        PRC - [2010/03/02 09:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
        PRC - [2010/02/24 08:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
        PRC - [2009/11/13 16:37:30 | 002,022,072 | ---- | M] (NesterSoft Inc.) -- C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
        PRC - [2009/04/10 11:58:53 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        PRC - [2008/12/09 06:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
        PRC - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
        PRC - [2008/05/20 19:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
        PRC - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
        PRC - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
        PRC - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
         
         
        ========== Modules (SafeList) ==========
         
        MOD - [2010/07/20 17:58:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
        MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
         
         
        ========== Win32 Services (SafeList) ==========
         
        SRV:64bit: - [2008/08/19 16:27:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
        SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
        SRV:64bit: - [2007/12/10 22:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
        SRV - [2010/07/07 15:50:42 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
        SRV - [2010/04/19 09:21:37 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
        SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
        SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
        SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
        SRV - [2010/02/24 08:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
        SRV - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
        SRV - [2008/05/20 19:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
        SRV - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
        SRV - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
        SRV - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
         
         
        ========== Driver Services (SafeList) ==========
         
        DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
        DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
        DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
        DRV:64bit: - [2010/03/30 20:58:04 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
        DRV:64bit: - [2010/03/02 11:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
        DRV:64bit: - [2010/02/16 12:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
        DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
        DRV:64bit: - [2009/07/25 11:38:29 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
        DRV:64bit: - [2009/07/25 11:38:29 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
        DRV:64bit: - [2008/08/04 23:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
        DRV:64bit: - [2008/07/29 19:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
        DRV:64bit: - [2008/07/29 19:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
        DRV:64bit: - [2008/07/29 19:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
        DRV:64bit: - [2008/07/29 06:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrxusb.sys -- (athrusb)
        DRV:64bit: - [2008/03/05 01:22:34 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
        DRV:64bit: - [2008/01/30 19:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
        DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
        DRV:64bit: - [2007/05/31 11:39:32 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
        DRV:64bit: - [2007/01/18 14:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
        DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
        DRV - [2008/08/19 16:23:00 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
         
         
        ========== Standard Registry (SafeList) ==========
         
         
        ========== Internet Explorer ==========
         
        IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0409&m=aspire_x1700
        IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0409&m=aspire_x1700
        IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0409&m=aspire_x1700
        IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
        IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0409&m=aspire_x1700
         
        IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=0409&m=aspire_x1700
        IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
        IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
        IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
        IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
        IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
         
        FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/06/15 09:24:58 | 000,000,000 | ---D | M]
        FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/21 15:20:50 | 000,000,000 | ---D | M]
        FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/22 22:10:14 | 000,000,000 | ---D | M]
         
        [2010/06/07 04:27:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
        [2010/07/19 23:20:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\0dy5c5j8.default\extensions
        [2010/06/07 06:16:32 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\cm83o6ap.default\extensions
        [2010/06/07 06:16:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\cm83o6ap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
        [2010/01/21 15:20:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
         
        O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
        O1 - Hosts: 127.0.0.1       localhost
        O1 - Hosts: ::1             localhost
        O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
        O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
        O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
        O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
        O2 - BHO: (ShoppingReport) - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files (x86)\ShoppingReport\Bin\2.6.71\ShoppingReport.dll File not found
        O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
        O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
        O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
        O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll File not found
        O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
        O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
        O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
        O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
        O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
        O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
        O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
        O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
        O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
        O4 - HKLM..\Run: []  File not found
        O4 - HKLM..\Run: [1157840481] C:\Program Files (x86)\eGames\Twistingo\Register\eGamesRegistration.exe (DataLode, Inc.)
        O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
        O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
        O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
        O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
        O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
        O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
        O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
        O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
        O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
        O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
        O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
        O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
        O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
        O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll File not found
        O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files (x86)\ShoppingReport\Bin\2.6.71\ShoppingReport.dll File not found
        O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files (x86)\ShoppingReport\Bin\2.6.71\ShoppingReport.dll File not found
        O13 - gopher Prefix: missing
        O13 - gopher Prefix: missing
        O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
        O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
        O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos1.walmart.com/WalmartActivia.cab (Snapfish Activia)
        O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
        O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
        O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
        O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
        O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
        O16 - DPF: ActiveGS.cab http://activegs.freetoolsassociation.com/ActiveGS.cab (Reg Error: Key error.)
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
        O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
        O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
        O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
        O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
        O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
        O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
        O32 - HKLM CDRom: AutoRun - 1
        O32 - AutoRun File - [2008/10/11 18:47:17 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
        O32 - AutoRun File - [2008/10/22 09:19:21 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
        O32 - AutoRun File - [2008/10/11 18:47:17 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
        O32 - AutoRun File - [2008/10/11 18:47:12 | 000,000,166 | R--- | M] () - E:\autorun.inf -- [ UDF ]
        O33 - MountPoints2\{7b189048-25f5-11de-9b10-806e6f6e6963}\Shell - "" = AutoRun
        O33 - MountPoints2\{7b189048-25f5-11de-9b10-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/10/11 18:47:17 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
        O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
        O35:64bit: - HKLM\..comfile [open] -- "%1" %*
        O35:64bit: - HKLM\..exefile [open] -- "%1" %*
        O35 - HKLM\..comfile [open] -- "%1" %*
        O35 - HKLM\..exefile [open] -- "%1" %*
        O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
        O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
        O37 - HKLM\...com [@ = comfile] -- "%1" %*
        O37 - HKLM\...exe [@ = exefile] -- "%1" %*
         
         
        MsConfig:64bit - StartUpReg: Acer Empowering Technology Monitor - hkey= - key= - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
        MsConfig:64bit - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
        MsConfig:64bit - StartUpReg: EmpoweringTechnology - hkey= - key= - C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
        MsConfig:64bit - StartUpReg: NvCplDaemon - hkey= - key= - C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
        MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
        MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
         
        SafeBootMin:64bit: AppMgmt - Service
        SafeBootMin:64bit: Base - Driver Group
        SafeBootMin:64bit: Boot Bus Extender - Driver Group
        SafeBootMin:64bit: Boot file system - Driver Group
        SafeBootMin:64bit: File system - Driver Group
        SafeBootMin:64bit: Filter - Driver Group
        SafeBootMin:64bit: HelpSvc - Service
        SafeBootMin:64bit: PCI Configuration - Driver Group
        SafeBootMin:64bit: PNP Filter - Driver Group
        SafeBootMin:64bit: Primary disk - Driver Group
        SafeBootMin:64bit: sacsvr - Service
        SafeBootMin:64bit: SCSI Class - Driver Group
        SafeBootMin:64bit: System Bus Extender - Driver Group
        SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
        SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
        SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
        SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
        SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
        SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
        SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
        SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
        SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
        SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
        SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
        SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
        SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
        SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
        SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
        SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
        SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
        SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
        SafeBootMin: AppMgmt - Service
        SafeBootMin: Base - Driver Group
        SafeBootMin: Boot Bus Extender - Driver Group
        SafeBootMin: Boot file system - Driver Group
        SafeBootMin: File system - Driver Group
        SafeBootMin: Filter - Driver Group
        SafeBootMin: HelpSvc - Service
        SafeBootMin: PCI Configuration - Driver Group
        SafeBootMin: PNP Filter - Driver Group
        SafeBootMin: Primary disk - Driver Group
        SafeBootMin: sacsvr - Service
        SafeBootMin: SCSI Class - Driver Group
        SafeBootMin: System Bus Extender - Driver Group
        SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
        SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
        SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
        SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
        SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
        SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
        SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
        SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
        SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
        SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
        SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
        SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
        SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
        SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
        SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
        SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
        SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
         
        SafeBootNet:64bit: AppMgmt - Service
        SafeBootNet:64bit: Base - Driver Group
        SafeBootNet:64bit: Boot Bus Extender - Driver Group
        SafeBootNet:64bit: Boot file system - Driver Group
        SafeBootNet:64bit: File system - Driver Group
        SafeBootNet:64bit: Filter - Driver Group
        SafeBootNet:64bit: HelpSvc - Service
        SafeBootNet:64bit: Messenger - Service
        SafeBootNet:64bit: NDIS Wrapper - Driver Group
        SafeBootNet:64bit: NetBIOSGroup - Driver Group
        SafeBootNet:64bit: NetDDEGroup - Driver Group
        SafeBootNet:64bit: Network - Driver Group
        SafeBootNet:64bit: NetworkProvider - Driver Group
        SafeBootNet:64bit: PCI Configuration - Driver Group
        SafeBootNet:64bit: PNP Filter - Driver Group
        SafeBootNet:64bit: PNP_TDI - Driver Group
        SafeBootNet:64bit: Primary disk - Driver Group
        SafeBootNet:64bit: rdsessmgr - Service
        SafeBootNet:64bit: sacsvr - Service
        SafeBootNet:64bit: SCSI Class - Driver Group
        SafeBootNet:64bit: Streams Drivers - Driver Group
        SafeBootNet:64bit: System Bus Extender - Driver Group
        SafeBootNet:64bit: TDI - Driver Group
        SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
        SafeBootNet:64bit: WudfPf - Driver
        SafeBootNet:64bit: WudfUsbccidDriver - Driver
        SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
        SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
        SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
        SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
        SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
        SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
        SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
        SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
        SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
        SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
        SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
        SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
        SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
        SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
        SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
        SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
        SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
        SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
        SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
        SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
        SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
        SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
        SafeBootNet: AppMgmt - Service
        SafeBootNet: Base - Driver Group
        SafeBootNet: Boot Bus Extender - Driver Group
        SafeBootNet: Boot file system - Driver Group
        SafeBootNet: File system - Driver Group
        SafeBootNet: Filter - Driver Group
        SafeBootNet: HelpSvc - Service
        SafeBootNet: Messenger - Service
        SafeBootNet: NDIS Wrapper - Driver Group
        SafeBootNet: NetBIOSGroup - Driver Group
        SafeBootNet: NetDDEGroup - Driver Group
        SafeBootNet: Network - Driver Group
        SafeBootNet: NetworkProvider - Driver Group
        SafeBootNet: PCI Configuration - Driver Group
        SafeBootNet: PNP Filter - Driver Group
        SafeBootNet: PNP_TDI - Driver Group
        SafeBootNet: Primary disk - Driver Group
        SafeBootNet: rdsessmgr - Service
        SafeBootNet: sacsvr - Service
        SafeBootNet: SCSI Class - Driver Group
        SafeBootNet: Streams Drivers - Driver Group
        SafeBootNet: System Bus Extender - Driver Group
        SafeBootNet: TDI - Driver Group
        SafeBootNet: WudfPf - Driver
        SafeBootNet: WudfUsbccidDriver - Driver
        SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
        SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
        SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
        SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
        SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
        SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
        SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
        SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
        SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
        SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
        SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
        SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
        SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
        SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
        SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
        SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
        SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
        SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
        SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
        SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
        SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
        SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
         
        ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
        ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
        ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
        ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
        ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
        ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
        ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
        ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
        ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
        ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
        ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
        ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
        ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
        ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
        ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
        ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
        ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
        ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
        ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
        ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
        ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
        ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
        ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
        ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
        ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
        ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
        ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
        ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
        ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
        ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
        ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
        ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
        ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
        ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
        ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
        ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
        ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
        ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
        ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
        ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
        ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
        ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
        ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
        ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
        ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
        ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
        ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
        ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
        ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
        ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
        ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
        ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
        ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
        ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
        ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
        ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
         
        Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
        Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
        Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
        Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
        Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
        Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
        Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
        Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
         
        CREATERESTOREPOINT
        Restore point Set: OTL Restore Point
         
        ========== Files/Folders - Created Within 30 Days ==========
         
        [2010/07/20 17:58:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
        [2010/07/19 23:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
        [2010/07/19 22:28:52 | 000,043,520 | ---- | C] (NirSoft) -- C:\Users\owner\Desktop\shexview.exe
        [2010/07/19 18:32:47 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Sims 3
        [2010/07/19 16:44:36 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Simmy
        [2010/07/15 04:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
        [2010/07/15 04:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
        [2010/07/15 04:26:46 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Cooliris
        [2010/07/10 02:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iWin Games
        [2010/07/09 02:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Astar Games
        [2010/07/08 20:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Gogii
        [2010/07/08 20:50:56 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Floodgate
        [2010/07/04 04:19:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\KitchenBrigade
        [2010/07/03 23:06:23 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
        [2010/07/03 23:06:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Picaboo X
        [2010/07/03 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
        [2010/06/29 14:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared(158)
        [2010/06/29 14:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio(356)
        [2010/06/25 04:01:35 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\cerasus.media
        [2010/06/24 23:00:18 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Pet Vet 3D Down Under
        [2010/06/24 22:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Islands
        [2010/06/24 22:28:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Islands
        [2010/06/24 09:00:52 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
        [2010/06/24 09:00:52 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
        [2010/06/24 09:00:52 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
        [2010/06/24 09:00:52 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
        [2010/06/24 09:00:52 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
        [2010/06/24 09:00:52 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
        [2010/06/24 09:00:52 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
        [2010/06/24 09:00:52 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
        [2010/06/24 03:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
        [2010/06/23 20:54:22 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
        [2010/06/23 20:54:22 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
        [2010/06/23 20:54:22 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
        [2010/06/23 20:54:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
        [2010/06/23 05:55:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Go-Go Gourmet Chef of the Year
        [2010/06/23 05:41:42 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\YoudaGames
        [2010/06/22 23:07:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iwin
        [2009/03/13 20:28:09 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
         
        ========== Files - Modified Within 30 Days ==========
         
        [2010/07/20 18:00:12 | 003,407,872 | -HS- | M] () -- C:\Users\owner\ntuser.dat
        [2010/07/20 17:59:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
        [2010/07/20 17:58:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
        [2010/07/20 17:15:10 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
        [2010/07/20 17:15:10 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
        [2010/07/20 12:59:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
        [2010/07/20 12:29:10 | 003,645,694 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db
        [2010/07/19 23:22:01 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
        [2010/07/19 23:22:01 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
        [2010/07/19 23:22:01 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
        [2010/07/19 23:15:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
        [2010/07/19 23:15:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
        [2010/07/19 23:15:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
        [2010/07/19 23:15:02 | 4294,172,672 | -HS- | M] () -- C:\hiberfil.sys
        [2010/07/19 23:08:38 | 000,000,865 | ---- | M] () -- C:\Users\owner\Desktop\CCleaner.lnk
        [2010/07/19 22:34:11 | 000,000,667 | ---- | M] () -- C:\Users\owner\Desktop\shexview.cfg
        [2010/07/19 22:28:39 | 000,055,898 | ---- | M] () -- C:\Users\owner\Desktop\shexview.zip
        [2010/07/19 21:03:03 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TMContainer00000000000000000001.regtrans-ms
        [2010/07/19 21:03:03 | 000,065,536 | -HS- | M] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TM.blf
        [2010/07/19 20:26:00 | 054,835,272 | ---- | M] () -- C:\Users\owner\Desktop\setup_av_free.exe
        [2010/07/19 17:55:27 | 000,003,108 | ---- | M] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
        [2010/07/19 17:52:22 | 000,017,408 | ---- | M] () -- C:\Users\owner\Documents\scrapstuff.wps
        [2010/07/19 17:51:35 | 000,018,432 | ---- | M] () -- C:\Users\owner\Documents\scrap master.wps
        [2010/07/19 17:50:27 | 000,017,920 | ---- | M] () -- C:\Users\owner\Documents\Scrap List.wps
        [2010/07/19 02:49:53 | 000,041,472 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        [2010/07/18 05:29:06 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Coconut Queen.lnk
        [2010/07/15 04:26:47 | 000,000,868 | ---- | M] () -- C:\Users\owner\Desktop\Launch Cooliris.lnk
        [2010/07/05 00:21:43 | 000,018,432 | ---- | M] () -- C:\Users\owner\Documents\home decor stuff.wps
        [2010/06/30 15:38:06 | 000,119,768 | ---- | M] () -- C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
        [2010/06/30 15:35:08 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TMContainer00000000000000000002.regtrans-ms
        [2010/06/30 15:33:51 | 003,407,872 | -HS- | M] () -- C:\Users\owner\ntuser.dat_previous
        [2010/06/30 15:33:50 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{a1e78f04-72da-11df-8bf6-9fce7987da27}.TMContainer00000000000000000001.regtrans-ms
        [2010/06/30 15:33:50 | 000,065,536 | -HS- | M] () -- C:\Users\owner\ntuser.dat{a1e78f04-72da-11df-8bf6-9fce7987da27}.TM.blf
        [2010/06/28 14:31:56 | 000,017,408 | ---- | M] () -- C:\Users\owner\Documents\calendar stuff.wps
        [2010/06/22 19:39:53 | 000,017,408 | ---- | M] () -- C:\Users\owner\Documents\stuff.wps
         
        ========== Files Created - No Company Name ==========
         
        [2010/07/19 23:08:38 | 000,000,865 | ---- | C] () -- C:\Users\owner\Desktop\CCleaner.lnk
        [2010/07/19 22:34:11 | 000,000,667 | ---- | C] () -- C:\Users\owner\Desktop\shexview.cfg
        [2010/07/19 22:28:52 | 000,018,238 | ---- | C] () -- C:\Users\owner\Desktop\shexview.chm
        [2010/07/19 22:28:38 | 000,055,898 | ---- | C] () -- C:\Users\owner\Desktop\shexview.zip
        [2010/07/19 16:47:19 | 054,835,272 | ---- | C] () -- C:\Users\owner\Desktop\setup_av_free.exe
        [2010/07/18 05:29:06 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Coconut Queen.lnk
        [2010/07/15 04:26:47 | 000,000,868 | ---- | C] () -- C:\Users\owner\Desktop\Launch Cooliris.lnk
        [2010/07/05 00:21:43 | 000,018,432 | ---- | C] () -- C:\Users\owner\Documents\home decor stuff.wps
        [2010/07/04 03:10:04 | 000,018,432 | ---- | C] () -- C:\Users\owner\Documents\scrap master.wps
        [2010/07/04 03:05:12 | 000,017,920 | ---- | C] () -- C:\Users\owner\Documents\Scrap List.wps
        [2010/07/03 06:05:30 | 000,017,408 | ---- | C] () -- C:\Users\owner\Documents\scrapstuff.wps
        [2010/06/30 15:35:08 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TMContainer00000000000000000002.regtrans-ms
        [2010/06/30 15:35:08 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TMContainer00000000000000000001.regtrans-ms
        [2010/06/30 15:35:08 | 000,065,536 | -HS- | C] () -- C:\Users\owner\ntuser.dat{28829569-7f9b-11df-8418-002197af7ab1}.TM.blf
        [2010/06/22 19:39:53 | 000,017,408 | ---- | C] () -- C:\Users\owner\Documents\stuff.wps
        [2010/01/05 23:33:17 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
        [2009/07/15 21:23:50 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
        [2009/07/15 21:23:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
        [2009/04/10 12:08:23 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
        [2009/04/10 12:08:22 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
        [2009/03/13 21:05:40 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
        [2009/03/13 21:05:40 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
        [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
        [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
        [2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx14_ic.ini
        [2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
        [2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
        [2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
        [2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
         
        ========== Custom Scans ==========
         
         
        < %systemroot%\*. /mp /s >
         
        < %systemroot%\system32\*.dll /lockedfiles >
         
        < %systemroot%\system32\*.exe /lockedfiles >
         
        < %systemroot%\Tasks\*.job /lockedfiles >
         
        < %systemroot%\system32\drivers\*.sys /lockedfiles >
         
        < %systemroot%\System32\config\*.sav >
         
        < %systemroot%\system32\*.sys >
         
        < %systemroot%\system32\drivers\*.dll >
         
        < %systemroot%\system32\drivers\*.ini >
         
        < %systemroot%\system32\drivers\*.exe >
         
        < %SYSTEMDRIVE%\*.* >
        [2009/04/11 01:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
        [2009/03/13 20:28:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
        [2010/03/03 15:41:02 | 000,096,264 | ---- | M] (Microsoft Corporation) -- C:\GameuxInstallHelper.dll
        [2010/07/19 23:15:02 | 4294,172,672 | -HS- | M] () -- C:\hiberfil.sys
        [2010/07/19 23:13:45 | 000,000,090 | ---- | M] () -- C:\MDisc.log
        [2010/07/19 23:13:47 | 000,000,090 | ---- | M] () -- C:\MDR.log
        [2010/07/19 23:15:01 | 312,811,519 | -HS- | M] () -- C:\pagefile.sys
        [2009/03/13 20:33:11 | 000,000,787 | ---- | M] () -- C:\RHDSetup.log
        [2010/04/25 23:53:49 | 000,005,729 | ---- | M] () -- C:\scramble.log
         
        < %PROGRAMFILES%\*. >
        [2009/04/10 11:59:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acer
        [2010/07/19 23:13:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acer Arcade Live
        [2010/07/19 23:17:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acer GameZone
        [2009/04/10 12:08:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acer Incorporated
        [2010/07/03 23:06:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
        [2010/01/30 19:36:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
        [2009/12/05 03:30:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
        [2009/08/28 12:18:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atari
        [2010/04/25 23:54:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atrinsic
        [2010/01/20 01:26:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira
        [2009/07/25 22:09:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BFG
        [2009/07/25 22:38:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brainiversity
        [2010/07/19 23:08:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
        [2010/01/26 04:11:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Chocolatier Decadence by Design
        [2010/07/19 23:23:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
        [2009/03/13 20:58:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
        [2010/07/19 23:23:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
        [2010/04/26 15:09:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\e-Sword
        [2010/05/19 00:32:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA GAMES
        [2010/01/29 01:54:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eGames
        [2010/01/06 17:33:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
        [2009/03/13 21:22:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eSobi
        [2010/05/29 22:51:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Ride Games
        [2009/11/23 02:23:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gadwin Systems
        [2010/01/26 03:29:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GameHouse
        [2010/03/06 22:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Games
        [2009/07/25 22:46:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Games A Go-Go
        [2010/02/03 15:39:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
        [2009/07/25 22:24:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hidden Expedition - Amazon
        [2009/07/25 22:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hidden Expedition - Everest
        [2009/07/25 22:21:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hidden Expedition Titanic
        [2009/11/28 11:17:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
        [2010/07/19 23:13:38 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
        [2010/06/12 09:17:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
        [2010/07/10 02:57:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iWin Games
        [2010/07/18 05:29:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iWin.com
        [2010/07/15 04:26:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
        [2009/12/30 02:56:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LDA Games
        [2010/01/29 18:32:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
        [2009/07/25 22:26:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lost Treasures of Alexandria
        [2009/08/06 21:53:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mad Scientist Productions
        [2010/01/03 03:05:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Maxis
        [2009/09/05 21:28:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
        [2009/03/13 20:47:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
        [2009/03/13 20:47:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
        [2010/02/17 17:10:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
        [2009/03/13 20:47:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
        [2009/08/06 21:52:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
        [2010/06/26 09:01:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
        [2010/06/15 13:29:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MostFun
        [2010/01/21 15:20:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
        [2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
        [2009/12/18 20:07:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
        [2009/07/15 20:49:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
        [2009/07/25 22:45:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MumboJumbo
        [2009/07/25 22:09:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mystery in London
        [2009/03/13 21:05:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NewTech Infosystems
        [2010/01/05 23:38:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
        [2009/10/13 19:03:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OverDrive Media Console
        [2010/07/03 23:06:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Picaboo X
        [2009/07/25 22:34:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayFirst
        [2009/07/25 22:40:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PopCap Games
        [2009/10/28 14:06:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ProPoster
        [2009/12/05 03:31:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
        [2009/12/30 02:59:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RealArcade
        [2009/03/13 20:32:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
        [2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
        [2009/10/30 14:40:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Research In Motion
        [2010/06/30 15:33:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
        [2010/06/29 14:34:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio(356)
        [2009/07/25 22:19:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Scholastic
        [2010/06/08 03:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Shockwave.com
        [2009/07/26 01:52:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sims2Pack Clean Installer
        [2009/12/27 04:10:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TimeLeft3
        [2009/12/25 15:56:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ubisoft
        [2006/11/02 10:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
        [2009/09/02 16:28:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
        [2010/03/12 17:12:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Wardrobe Wrangler
        [2009/07/25 22:39:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent
        [2009/07/15 21:56:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
        [2008/01/20 22:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
        [2008/01/20 22:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
        [2010/07/14 09:00:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
        [2009/10/28 08:06:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
        [2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
        [2009/07/15 21:56:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
        [2009/11/17 09:17:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
        [2009/07/15 21:56:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
        [2009/07/26 01:14:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
        [2010/04/15 18:18:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
         
        < %appdata%\*.* >
        [2009/10/30 14:46:42 | 000,000,006 | -HS- | M] () -- C:\Users\owner\AppData\Roaming\desktop.ini
        [2010/07/19 17:55:27 | 000,003,108 | ---- | M] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
         
         
        < MD5 for: AGP440.SYS  >
        [2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
        [2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
         
        < MD5 for: AHCIX86S.SYS  >
        [2007/08/07 23:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ACER\Preload\Autorun\DRV\ATI VGA PCI-E\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
         
        < MD5 for: ATAPI.SYS  >
        [2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
        [2009/04/11 02:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
         
        < MD5 for: CNGAUDIT.DLL  >
        [2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
        [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
        [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
        [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll


        OTL Extras logfile created on: 7/20/2010 6:00:10 PM - Run 1
        OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\owner\Desktop
        64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
        Internet Explorer (Version = 8.0.6001.18928)
        Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
         
        4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
        8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
        Paging file location(s): ?:\pagefile.sys [binary data]
         
        %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
        Drive C: | 286.54 Gb Total Space | 79.67 Gb Free Space | 27.80% Space Free | Partition Type: NTFS
        Drive D: | 289.63 Gb Total Space | 278.85 Gb Free Space | 96.28% Space Free | Partition Type: NTFS
        Drive E: | 612.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
        Drive F: | 139.82 Gb Total Space | 19.48 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
        G: Drive not present or media not loaded
        H: Drive not present or media not loaded
        Drive I: | 139.77 Gb Total Space | 16.41 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
         
        Computer Name: POOKLET
        Current User Name: owner
        Logged in as Administrator.
         
        Current Boot Mode: Normal
        Scan Mode: Current user
        Include 64bit Scans
        Company Name Whitelist: Off
        Skip Microsoft Files: Off
        File Age = 30 Days
        Output = Standard
         
        ========== Extra Registry (SafeList) ==========
         
         
        ========== File Associations ==========
        Logged

        Sneakyone

        • Malware Removal Specialist


          • Beginner

          Thanked: 5
          Re: Pretty sure I got hold of some malware
          « Reply #3 on: July 20, 2010, 08:28:48 PM »
          Hi, :)

          Please download Malwarebytes Anti-Malware from Here.
           

          Double Click mbam-setup.exe to install the application.
          • Make sure  a checkmark is placed next to Update Malwarebytes Anti-Malware  and Launch Malwarebytes Anti-Malware, then click Finish.
          • If  an update is found, it will download and install the latest version.
          • Once  the program has loaded, select "Perform Quick Scan", then click Scan.
          • The  scan may take some time to finish,so please be patient.
          • When  the scan is complete, click OK, then Show Results to view the results.
          • Make  sure that everything is checked, and click Remove Selected.
          • When  disinfection is completed, a log will open in Notepad and you may be  prompted to Restart.(See Extra Note)
          • The log is automatically  saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
          • Copy&Paste  the entire report in your next reply.
          Extra Note:
          If MBAM encounters a file that is difficult to  remove,you will be presented with 1 of 2 prompts,click OK to either and  let MBAM proceed with the disinfection process. If asked to restart the  computer, please do so immediatly.
          Logged

          fnrsgrl

            Topic Starter


            Greenhorn

            Re: Pretty sure I got hold of some malware
            « Reply #4 on: July 20, 2010, 10:40:02 PM »
            When I tried to install, it said "The setup files are corrupted.  Please obtain a new copy of the program."  Some version of this appears whenever I try to install anything.
            Logged

            Sneakyone

            • Malware Removal Specialist


              • Beginner

              Thanked: 5
              Re: Pretty sure I got hold of some malware
              « Reply #5 on: July 21, 2010, 06:58:23 AM »
              Hi, :)

              Download Dr.Web CureIt to the desktop:
              ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
              • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
              • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
              • Once the short scan has finished, just let it cure whatever it finds...

                o Now, go to Settings >> Change Settings
                o Go to Actions tab >> under Objects section, change the settings to below
                Infected objects - Cure
                Incurable objects - Report
                Suspicious objects - Report
                o Don't change any other settings
              • Start the scan again. This time, choose Complete Scan
              • Click the green arrow button at the right, and the scan will start.
              • After the scan finished, click Select all
              • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
              • When the scan has finished, in the menu, click File and choose Save report list
              • Save the report to your Desktop. The report will be called DrWeb.csv
              • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
              Logged

              fnrsgrl

                Topic Starter


                Greenhorn

                Re: Pretty sure I got hold of some malware
                « Reply #6 on: July 25, 2010, 05:53:38 PM »
                Okay, it took me forever to get this to work, but it finally finished a scan.  It still refuses to make the report, but it says I have problems in 22 files.

                In the launch files of everything in the Acer Games folder:  Trojan.Downloader 1.5449
                Plus, three files listed as probably DLOADER.TROJAN

                These are all in my F drive.  In order to get it to finish a scan, I had to delte thr files it found on my C drive, which were all of the same Acer Game files and a couple of Java ones.  I didn't need the programs, so I just deleted the whole folders, and tried the scan again.  Also, before deleting those files I suddenly couldn't access the internet, but now it's allowing me back on again.
                Logged

                Sneakyone

                • Malware Removal Specialist


                  • Beginner

                  Thanked: 5
                  Re: Pretty sure I got hold of some malware
                  « Reply #7 on: July 25, 2010, 11:27:31 PM »
                  Hi, :)

                  Please run a free online scan with the ESET Online Scanner
                  Note: You will need to use Internet Explorer for this scan[/i]
                  • Tick the box next to YES, I accept the Terms of Use
                  • Click Start
                  • When asked, allow the ActiveX control to install
                  • Click Start
                  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
                  • Click Scan (This scan can take several hours, so please be patient)
                  • Once the scan is completed, you may close the window
                  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
                  • Copy and paste that log as a reply to this topic
                  Logged

                  fnrsgrl

                    Topic Starter


                    Greenhorn

                    Re: Pretty sure I got hold of some malware
                    « Reply #8 on: July 26, 2010, 12:22:41 AM »
                    While "Downloading Virus Signature Database", the program gives this message:
                    "Can not get update.  Is proxy configured?"
                    Logged

                    Sneakyone

                    • Malware Removal Specialist


                      • Beginner

                      Thanked: 5
                      Re: Pretty sure I got hold of some malware
                      « Reply #9 on: July 26, 2010, 01:47:04 PM »
                      Hi.

                      Remove the Proxy setting in Internet explorer and/or in FireFox.

                      In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

                      In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

                      Click the apply button and restart that computer in normal mode.
                      Logged

                      fnrsgrl

                        Topic Starter


                        Greenhorn

                        Re: Pretty sure I got hold of some malware
                        « Reply #10 on: July 29, 2010, 04:05:33 PM »
                        The box you indicated was already not checked.
                        Logged

                        Sneakyone

                        • Malware Removal Specialist


                          • Beginner

                          Thanked: 5
                          Re: Pretty sure I got hold of some malware
                          « Reply #11 on: July 29, 2010, 10:27:08 PM »
                          Hi.

                          Could you please re-run ComboFix?
                          Logged

                          hopebride

                          • Guest
                          Re: Pretty sure I got hold of some malware
                          « Reply #12 on: July 30, 2010, 12:03:51 AM »
                          Comment removed. Do not post in the malware forum unless you need help. ~Sneakyone
                          « Last Edit: July 30, 2010, 12:07:32 AM by Sneakyone »
                          Logged

                          fnrsgrl

                            Topic Starter


                            Greenhorn

                            Re: Pretty sure I got hold of some malware
                            « Reply #13 on: July 30, 2010, 03:57:28 AM »
                            I am unable to download ComboFix.  It says connection with the server was reset.
                            Logged
                            Pages: [1]   Go Up
                            « previous next »